Assignment: Identifying Risks, Threats, and Vulnerabilities in an IT Infrastructure
Introduction:
Imagine a System Administrator learns of a server's vulnerability, and a service patch is available to solve it. Unfortunately, simply applying a patch to a server is not assurance enough that a risk has been mitigated. The system admin has the option of opening the application and verifying that the patch has raised the version number as expected. Still, the admin has no guarantee the vulnerability is closed, at least not until the vulnerability is directly tested. That's what vulnerability scanners are for.
Two vulnerability scanners available to the system administrator are Nmap and Nessus, which produce scan reports. These reports can identify the hosts, operating systems, services, applications, and open ports that are at risk in an organization.
In this lab, you will look at an Nmap report and a Nessus report. You will visit the cve mitre org web site, you will define vulnerability and exposure according to the site, and you will learn how to conduct searches of the Common Vulnerabilities and Exposures (CVE) listing.
Hands-On Steps:
I. On you local computer create a new word document which is your lab report.
II. Review the Nmap Scan Report that accompanies this lab. (Please find the attachements)
III. In your Lab Report file, using the Lab 5 Nmap Scan Report, answer the following
i. What are the date and timestamp of the Nmap host scan?
ii. What is the total number of loaded scripts for scanning?
iii. A synchronize packet (SYN) stealth scan discovers all open ports on the targeted host for the SYN stealth scan at 13:36?
iv. Identify hosts, operating systems, services, application, and open ports on devices from the Zenmap GUI (Nmap) scan report.
IV. Review the Nessus vulnerability Scan report that accompanies this lab. (check the Attachments)
V. In you Lab Report file, using the Nessus Vulnerability Scan Report, answer the following question:
i. How many hosts were scanned?
ii. What were the start and end times for each of the scans?
iii. How many total vulnerabilities were discovered for each host?
iv. How many of the vulnerabilities were critical, major, and minor software vulnerabilities?
VI. In the browser, navigate to https://cve.mitre.org.
VII. On the website, toward the top left of the screen, click the CVE list link.
VIII. Review the CVE List Main page.
IX. In your Lab Report file, define CVE.
X. On the CVE page, click the Search link.
XI. In the Search box, type Microsoft XP 2003 Service Pack 1 and click the Search button.
XII. In you Lab Report file, describe some of the results you discover.
XIII. After viewing the results, conduct another search and this time, type Cisco ASA 5505 Security + and click the Search button.
XIV. In your Lab Report file, describe some of the search results.
Format your assignment according to the following formatting requirements:
o The answer should be typed, using Times New Roman font (size 12), double spaced, with one-inch margins on all sides.
o The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
o Also include a reference page. The Citations and references must follow APA format. The reference page is not included in the required page length.
Attachment:- Lab-Nmap-Scan-Report.rar