Upon finishing this lab. pupils will be able to finish the undermentioned undertakings: * Identify hazards. menaces. and exposures in an IP web substructure utilizing ZenMap GUI ( Nmap ) to execute an IP host. port. and services scan * Perform a exposure assessment scan on a targeted IP subnetwork utilizing NessusÂ® * Compare the consequences of the ZenMap GUI “Intense Scan” with a NessusÂ® exposure appraisal scan * Assess the findings of the exposure assessment scan and place critical exposures * Make recommendations for extenuating the identified hazards. menaces. and exposures as described on the CVE database listing
This lab demonstrates the first 3 stairss in the hacking procedure that is typically performed when carry oning ethical hacking or incursion testing. The first measure in the hacking procedure is to execute an IP host find and port/services scan ( Step 1: Reconnaissance & A ; Probing ) on a targeted IP subnetwork utilizing ZenMap GUI ( Nmap ) security scanning package. The 2nd measure in the hacking procedure is to execute a exposure appraisal scan ( Step 2: Scanning ) on the targeted IP subnetwork utilizing NessusÂ® exposure appraisal scanning package. Finally. the 3rd measure in the hacking procedure ( Step 3: Enumeration ) is to place information pertinent to the exposures found in order to work the exposure.
Lab Assessment Questions & A ; Answers
1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would utilize this type of application. 2. What is the relationship between hazards. menaces and exposures as it pertains to Information Systems Security throughout the seven spheres of a typical IT substructure? Answer: Risks = Vulnerabilities x Threats
3. Which application is used for Step # 2 in the hacking procedure to execute a exposure appraisal scan? 4. Before you conduct an ethical hacking procedure or incursion trial on a unrecorded production web. what must you make prior to executing the reconnaissance and probing and scanning processs? Answer:
* Perform an IP host find and port/services scan on the targeted IP subnet. * Perform a exposure assessment scan on the targeted IP subnet to detect what the weakest nexus in the system. 5. What is a CVE listing? Who hosts and who sponsors the CVE database naming web site? Answer: CVE is Common Vulnerabilities and Exposures.
6. Can ZenMap GUI detect what runing systems are present on IP waiters and workstations? What would that option look like in the bid line if running a scan on 172. 30. 0. 10? 7. If you have scanned a unrecorded host and detected that it is running Windows XP workstation OS. how would you utilize this information for executing a NessusÂ® exposure appraisal scan? 8. Once a exposure is identified by NessusÂ® . where can you look into for more information sing the identified exposure. feats. and the hazard extenuation solution? Answer: After exposure is identified by Nessus. you can snap on the Reports check to see inside informations of the exposure include overview. solution. hazard factor. and CVE naming information. 9. What is the major different between ZenMap GUI and NessusÂ® ? Answer: ZenMap GUI merely identifies hazards. menaces. and exposures. Nessus performs a exposure appraisal scan. and so demo you recommended solution and more inside informations about the exposure. 10. Why do you necessitate to run both ZenMap GUI and NessusÂ® to execute the first 3 stairss of the choping procedure? Answer: I think by executing both Zen Map and Nessus. we can compare the consequences and do the hacking procedure more accomplishable.