Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using ZenMap GUI (Nmap) to perform an IP host, port, and services scan * Perform a vulnerability assessment scan on a targeted IP subnetwork using Nessus® * Compare the results of the ZenMap GUI “Intense Scan” with a Nessus® vulnerability assessment scan * Assess the findings of the vulnerability assessment scan and identify critical vulnerabilities * Make recommendations for mitigating the identified risks, threats, and vulnerabilities as described on the CVE database listing
This lab demonstrates the first 3 steps in the hacking process that is typically performed when conducting ethical hacking or penetration testing. The first step in the hacking process is to perform an IP host discovery and port/services scan (Step 1: Reconnaissance & Probing) on a targeted IP subnetwork using ZenMap GUI (Nmap) security scanning software. The second step in the hacking process is to perform a vulnerability assessment scan (Step 2: Scanning) on the targeted IP subnetwork using Nessus® vulnerability assessment scanning software. Finally, the third step in the hacking process (Step 3: Enumeration) is to identify information pertinent to the vulnerabilities found in order to exploit the vulnerability.
Lab Assessment Questions & Answers
1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. 2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? Answer: Risks = Vulnerabilities x Threats
3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan? 4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? Answer:
* Perform an IP host discovery and port/services scan on the targeted IP subnet. * Perform a vulnerability assessment scan on the targeted IP subnet to discover what the weakest link in the system. 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? Answer: CVE is Common Vulnerabilities and Exposures.
6. Can ZenMap GUI detect what operating systems are present on IP servers and workstations? What would that option look like in the command line if running a scan on 172.30.0.10? 7. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus® vulnerability assessment scan? 8. Once a vulnerability is identified by Nessus®, where can you check for more information regarding the identified vulnerability, exploits, and the risk mitigation solution? Answer: After vulnerability is identified by Nessus, you can click on the Reports tab to see details of the vulnerability include overview, solution, risk factor, and CVE listing information. 9. What is the major different between ZenMap GUI and Nessus®? Answer: ZenMap GUI just identifies risks, threats, and vulnerabilities. Nessus performs a vulnerability assessment scan, and then show you recommended solution and more details about the vulnerability. 10. Why do you need to run both ZenMap GUI and Nessus® to perform the first 3 steps of the hacking process? Answer: I think by performing both Zen Map and Nessus, we can compare the results and make the hacking process more achievable.