Lab-5 and Discussion
bhi
Week-4.docxDiscussion:
Describe techniques used to identify threats.
Need Response 1:
Need Response 2:
LAB-5:
1. On your local computer, create a new document. You will use this document as your Lab Report.
2. Review the Nmap Scan Report that accompanies this lab.
3. In your Lab Report file, using the Lab 5 Nmap Scan Report, answer the following questions:
· What are the date and timestamp of the Nmap host scan?
· What is the total number of loaded scripts for scanning?
· A synchronize packet (SYN) stealth scan discovers all open ports on the targeted host. How many ports are open on the targeted host for the SYN stealth scan at 13:36?
· Identify hosts, operating systems, services, applications, and open ports on devices from the Zenmap GUI (Nmap) scan report.
Why Nmap Became Popular
Nmap started more than 15 years ago as a simple, command-line tool. Its one purpose—to send crafted packets to a targeted Internet Protocol (IP) address to determine what ports are listening for connections. Knowing what specific ports are listening, the Nmap operator can infer what services are running.
For example, if Transmission Control Protocol (TCP) port 80 is open and listening, it’s a safe assumption the target machine is a web server, running the Hypertext Transfer Protocol (HTTP) service on port 80. Other popular ports such as 21, 25, 137, and 161 mean the services File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Network Basic Input/Output System (NetBIOS), and Simple Network Management Protocol (SNMP) are listening, respectively. This made Nmap very popular with administrators who could then monitor and verify their systems’ services.
Nmap also became very popular as an easy tool for reconnaissance. With malicious intent, a person armed with knowing what services were running could research what vulnerabilities to exploit. The fast scanning Nmap made locating the recently discovered exploits called zero-day exploits very efficient.
Over the past 15 years, the features available in Nmap have multiplied several times. The ability to craft packets down to specific flags and options can make troubleshooting—and disrupting—networked devices almost limitless. The people and companies tasked with protecting against hackers must play a game of cat and mouse against the growing set of options in tools such as Nmap. Innovation and open source allows this game to be played indefinitely.
4. Review the Nessus Vulnerability Scan Report that accompanies this lab.
5. In your Lab Report file, using the Nessus Vulnerability Scan Report, answer the following questions:
· How many hosts were scanned?
· What were the start and end times for each of the scans?
· How many total vulnerabilities were discovered for each host?
· How many of the vulnerabilities were critical, major, and minor software vulnerabilities?
Note: Nessus is a powerful vulnerability scanner, with a fast-growing list of available plug-ins. As a vulnerability scanner, the tool scans the networked devices for potential weaknesses and exploitable services. As you see from the lab sample, reporting can be detailed and customized. While still free for personal, home use, Nessus is also available for commercial use with an annual subscription fee.
Nessus can be installed and run fairly easily, but here are a few tips that will produce much more benefit. First, update the plug-ins on install. By default, Nessus will update plug-ins once a day. Another tip is to use Nessus as a compliance tool. While it is by nature a vulnerability tool, one Nessus feature is to load a configuration file (called an audit file by Nessus) and then scan with Nessus to verify compliance against your end devices.
6. In the browser, navigate to http://cve.mitre.org .
7. On the website, toward the top left of the screen, click the CVE List link.
8. Review the CVE List Main Page.
9. In your Lab Report file, define CVE.
10. On the CVE page, click the Search link.
11. In the Search box, type Microsoft® XP 2003 Service Pack 1 and click the Search button.
12. In your Lab Report file, describe some of the results you discover.
13. After viewing the results, conduct another search and this time, type Cisco ASA 5505 Security + and click the Search button.
14. In your Lab Report file, describe some of the search results.
