How to Identify Threats & Vulnerabilities in an IT Infrastructure Using ZeNmap Essay

1. Understand how risk from threats and packet vulnerabilities encounters the seven domains of a typical IT infrastructure 2Review a ZeNmap GUI (Nmap) network discovery and Nessus photograph judicial decision s backside report (hardcopy or softcopy) 3.Identify hosts, operating systems, services, industrys, and up to(p) ports on devices from the ZeNmap GUI (Nmap) scan report 4.Identify critical, major, and minor softw be vulnerabilities from the Nessus photograph assessment scan report 5.Prioritize the identified critical, major, and minor softwargon vulnerabilities 6.Verify the exploit authority of the identified software vulnerabilities by conducting a high-level risk strike by visiting the Common Vulnerabilities & Exposures (CVE) online listing of software vulnerabilities at http//cve.mitre.org/ week 3 Lab Assessment WorksheetIdentify Threats and Vulnerabilities in an IT InfrastructureOverview atomic number 53 of the most important first steps to risk management and implem enting a security strategy is to call all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities fix on these workstations and servers. Servers that meet mission critical applications require security operations and management procedures to discipline C-I-A throughout. Servers that ho drop customer privacy data or intellectual position require additional security controls to ensure the C-I-A of that data. This lab requires thestudents to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.Lab Assessment Questions & Answers1. What are the differences between ZeNmap GUI (Nmap) and Nessus? ZeNmap is the lifelike user interface for Nmap. Nmap when introduced was all command line interface, ZeNmap was created to make the software user friendly. Nmap doesnt tell you the vulnerabilities on a system that requires acquaintance of the co mputer network, the network baseline, to figure out where the vulnerabilities exist. Nessus is like Nmap in that it can do network discovery, but unlike Nmap, it is designed to scan systems to delimit their vulnerabilities. Nessus has the ability to create policies which are composed of scanning specifications.2. Which scanning application is better for performing a network discovery reconnaissance examine of an IP network infrastructure? The best application for this process would be Nmap3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be the best application for this process.4. time Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk sham of the identified software vulnerability? Nessus allows users to identify vulnerabilities, and attack those vulnerabilities to establish the impact of an attack. Nessus starts with a port scan and attempts to exploit ports that are open.5. Are open ports necessarily a risk? Why or why not? Open ports are not necessarily a risk, it depends upon the application that is victimisation the port. If no service is using the port, then the packets will be jilted by the system.6. When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability? Software vulnerabilities are documented and tracked by US CERT, U.S. Computer Emergency deftness and Team, in a public rise to powerible list called Common Vulnerabilities and Exposures list, CVE.7. If Nessus provides a pointer in the vulnerability assessment scan report to determine up CVE-2009-3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are, and assess the abrasiveness of the vulnerability. Does not renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS session s, and possibly other types of sessions defend by TLS or SSL. The CIA ranges are none, partial, and partial with a CVVS score of 5.8.8. Explain how the CVE search listing can be a dickhead for security practitioners and a tool for hackers. I a public access list of known vulnerabilities that a security professional can use to check against the systems being analyzed. Hackers can use the list of know vulnerabilities in OSs and software, to exploit the vulnerability to gain files, or culture from systems.9. What must an IT organization do to ensure that software updates and security patches are implemented timely? Allow testing of the patch or update on a non-production system, have an update policy for the implementation of updates and patches.10. What would you fixate in a vulnerability management policy for an organization? An executive summary stating the findings of the vulnerability assessment from a penetration test. Audit goals and objectives, audit methodologies, recomm endations and prioritization of vulnerabilities.