homework 2

profilesarahmazin
lesson_3.pdf

Perform a Softw

are Vulnerability Scan and A

ssessm ent w

ith N essus

®

LAb #4 – ASSESSMENT WORKSHEET

Perform a Software Vulnerability Scan and Assessment with Nessus®

Course Name and Number:

Student Name:

Instructor Name:

Lab Due Date:

Overview In this lab, you performed vulnerability assessments using Nessus, which is an application built specifically for network discovery of devices and the operating systems and software running on them. Nessus performs remote scans and audits of Unix, Windows, and network infrastructures and can perform a network discovery of devices, operating systems, applications, databases, and services running on those devices. Nessus detects any noncompliant hosts running applications such as peer-to-peer, spyware, or malware (worms, Trojans, etc.) are detected and identified, and is capable of scanning all ports on every device and issuing remediation strategy suggestions as required.

Lab Assessment Questions & Answers

1. What is the purpose of defining a policy definition as a first step in performing a Nessus® vulnerability scan?

4

Assessment Worksheet 51

38504_LB04_Pass1.indd 51 25/02/13 2:39 PM

2. What five things can you configure as part of a vulnerability scan?

3. Explain how a security scanning application such as Nessus® can be used by both the information systems security practitioner and hacker.

4. How many tests does the Nessus® Lab #4 Nessus Scan perform?

5. Describe what each of these tests displays within the scan report details.

6. Briefly describe the process for identifying solutions to vulnerabilities uncovered by the Nessus® scan.

52 Lab #4 | Perform a Software Vulnerability Scan and Assessment with Nessus®

38504_LB04_Pass1.indd 52 25/02/13 2:39 PM

Perform a Softw

are Vulnerability Scan and A

ssessm ent w

ith N essus

®

7. How many total IP hosts (not counting Cisco device interfaces) did you find on the server farm VLAN using the Nessus® Lab #4 Nessus Scan?

8. Fill in the following network documentation chart on the next page for Lab #4 – Perform a Software Vulnerability Scan and Assessment with Nessus®.

4

Assessment Worksheet 53

38504_LB04_Pass1.indd 53 25/02/13 2:39 PM

Perform a Software Vulnerability Scan and Assessment with Nessus®

server farm HosT deviCe Type of server o/s & version

idenTified vUlneraBiliTy

sUggesTed remediaTion

LAb #4 – ASSESSMENT SPREADSHEET

54 Lab #4 | Perform a Software Vulnerability Scan and Assessment with Nessus®

38504_LB04_Pass1.indd 54 25/02/13 2:39 PM

  1. Course Name and Number:
  2. Student Name:
  3. Instructor Name:
  4. Lab Due Date:
  5. scan 1:
  6. scan 2:
  7. scan 3:
  8. scan 4:
  9. 2 What five things can you configure as part of a vulnerability scan 1:
  10. 2 What five things can you configure as part of a vulnerability scan 2:
  11. 2 What five things can you configure as part of a vulnerability scan 3:
  12. 2 What five things can you configure as part of a vulnerability scan 4:
  13. 2 What five things can you configure as part of a vulnerability scan 5:
  14. 2 What five things can you configure as part of a vulnerability scan 6:
  15. security practitioner and hacker 1:
  16. security practitioner and hacker 2:
  17. security practitioner and hacker 3:
  18. security practitioner and hacker 4:
  19. 4 How many tests does the Nessus Lab 4 Nessus Scan perform 1:
  20. 4 How many tests does the Nessus Lab 4 Nessus Scan perform 2:
  21. 4 How many tests does the Nessus Lab 4 Nessus Scan perform 3:
  22. 4 How many tests does the Nessus Lab 4 Nessus Scan perform 4:
  23. 5 Describe what each of these tests displays within the scan report details 1:
  24. 5 Describe what each of these tests displays within the scan report details 2:
  25. 5 Describe what each of these tests displays within the scan report details 3:
  26. 5 Describe what each of these tests displays within the scan report details 4:
  27. 6 Briefly describe the process for identifying solutions to vulnerabilities uncovered by the Nessus scan 1:
  28. 6 Briefly describe the process for identifying solutions to vulnerabilities uncovered by the Nessus scan 2:
  29. 6 Briefly describe the process for identifying solutions to vulnerabilities uncovered by the Nessus scan 3:
  30. 6 Briefly describe the process for identifying solutions to vulnerabilities uncovered by the Nessus scan 4:
  31. using the Nessus Lab 4 Nessus Scan 1:
  32. using the Nessus Lab 4 Nessus Scan 2:
  33. using the Nessus Lab 4 Nessus Scan 3:
  34. using the Nessus Lab 4 Nessus Scan 4:
  35. HosT deviCe:
  36. sUggesTed remediaTionRow1:
  37. sUggesTed remediaTionRow2:
  38. sUggesTed remediaTionRow3:
  39. sUggesTed remediaTionRow4:
  40. sUggesTed remediaTionRow5: