ZenMap GUI and Nessus Essay Sample

1. What are the differences between ZenMap GUI and Nessus?

NMAP is run most of the clip on a host and port find. Nessus is normally installed on waiters and takes it to the following degree. It analyzes the ports and looks for possible security issues

2. Which scanning application is better for executing a web find Reconnaissance probing of an IP Network substructure? NMap

3. Which scanning application is better for executing a package exposure appraisal with suggested redress stairss? Nessus

4. How many entire books does the Intense Scan utilizing ZenMap GUI perform? Runs 36 Scripts

5. From the Zen Map GUI pdf study page 6. who ports and services are enabled on the Cisco Security Appliance Device? 22 / TCP Open SSH Cisco SSH 1. 25

6. What is the beginning IP reference of the Cisco Security Appliance Device? 172. 30. 0. 1

7. How many IP hosts were identified in the Nessus exposure Scan? Depends on the scan

Nine IP Addresses scanned. 49. 39 seconds. 256 IP Addresses ( 5 hosts ) scanned in 5433. 44 Seconds

8. While Nessus provides suggestions for redress stairss. what else does Nessus supply that can assist you measure the hazard impact of the identified package exposure? It provides a manner either through a spot or update that will let you to mend that exposure

9. Are unfastened ports needfully a hazard? Why or why non? An unfastened port is merely a hazard if it is non supposed to be unfastened. There are ever ports that will necessitate to be unfastened. but 1s that have no demand to be unfastened should be closed.

ALSO READ  Final Project Information Security Policy Essay Sample

10. When you identify a known package exposure. where can you travel to entree the hazard impact of the package exposure? It’s located in the server subdivision of the application. or a package icon

11. Stipulate what CVE-2009-3555 is and what the possible feats are. and assess the badness of the exposure. It is a list of what the possible feats are and the badness of the exposure. It attempts to supply common names for publically known jobs with the end of doing it easier for companies to portion exposures across different tools that they may hold in their organisation

12. Explain how the CVE hunt listing can be a tool for security practicians and a tool for possible hackers. Your exposure databases. services. and tools can now speak to each other. It is something that allows better communicating of exposures across your systems and even different sellers. You used to hold to take the “best vendor” and utilize their equipment entirely. The downside is that public treatment of exposures across your system is good information for a hacker to hold and with this tool he doesn’t even have to run the scan himself or chop a extremely unafraid resource

13. What must an IT organisation do to guarantee that package updates and security spots are implemented seasonably? Set aside a certain squad of members in your organisation whose responsibilities specifically deal with spot updates and system holes

14. What would you specify in a exposure direction policy for an organisation? It will give a precedence degree for different systems that will state us what systems should be monitored more frequently than others. It doesn’t have to be a system that houses sensitive information but they are normally on the top of the list. The highest precedence system could merely be the 1 that is most likely to be hacked. like a Web Server. and it might non incorporate sensitive information. but could be a gateway to other systems

ALSO READ  System Development Life Cycle Essay Sample

15. Which tool should be foremost used when executing an ethical hacking incursion trial and why? NMap. it is the first measure because it focused on the host and gives information to Nessus to run its scan