CND Lab Manual Network Security Threats, Vulnerabilities, and Attacks Module 02Toon KEY Vette Infoemation P Ter Your Koowledge wer Bsecsive (1 Workbook Review: ‘Module 02 -Network Socunty Threats, Vulnerabilities, and Attacks Conducting Vulnerability Research Vialnerability research plays an important role in current threat environment. Lab Scenario ‘The vulnesability sesearch findings can serve to better protect information by knowing the flaws that could put sensitive information at risk of exposure, As a network administeator, you should be able to conduet vulnerability research to ‘know possible vulnerabilities on network devices and applications fom vasious vendors. Lab Objectives This lab demonstrates how to conduct vulnerability research on network devices and applications. Lab Environment To casey out this lab, you need: A virtual machine running Windows Server 2012 © A.web browser with the Intemet Conzection In this lab we are using Chrome browser * Scseenshots might difter if you ace using any other browses Lab Duration ‘Time: 10 Minntes Overview of the Lab NYD is the US. govemment repository of standards based vulnerability ‘management data represented using the Secusty Content Automation Protocol (SCAP). This data enables automation of vulnerability management, secusity ‘measucement, and compliance. NVD includes databases of secusity checklists, secutity related software flaws, misconfigurations, product names, and impact mets ‘END Lab Maal Page 39 ‘Gaited Nero Defender Coprsit © by EE Counell ‘AU Rights Revd Repeehcton Skt Pete‘Module 02 - Network Socunty Threats, Vulnerabilities and Attacks Lab Tasks =. Browse National Vulnerability Database (NVD) website hmps://nvelnist-gov and click Vulnerability Search Engine Gtask 1 Conducting Vulnerability Research using a a NvD z Figose Ll: Browsing NVD website Canvases 2. Type the name of device against which you want to check the tte rey vulnerabilities and click Search. In this lab we are searching, Sheek ‘vulnerability for eiseo asa firewall Figuce 1.3: Vuluecabilites Explosed END Lab Mannal Page 33 ‘Gaited Nerwok Defender Copii © by EE Counel ‘A Rights Reevd Repeshcoon Stl Pred—— Figure 1.4: Checking CVE Vulnerabilities seabbaiy ote cane 5. Click on US-CERT Alerts to know current security issues, vulnesabiliies, and exploits ve BEDS-24 1.0 hn oe dnl othe HUD weer a of 6/25/2016, cae ett tte change, Dene tre ale clea a a a Drtarabiy ns vss v3 anormaton ee ee eee eee aan a so imeem + larity Sch nin (CVE fae an C2 mics) ten test emt tea nay contin gaan HCCC and MAL) EERE Groom on romeo MO SD) ‘END Lab Mannal Page 34 ‘Gaited Nerwok Defender Copii © by EE Counel (ALRigbts Reserved Repredcaon Stat Pred‘Module 02 - Network Socunty Threats, Vulnerabilities and Attacks 6. Browse hutp:/ /www.seensityfocus.com . Research current secusity ‘vulnesabilities of various technologies. Figure 1.6: Browsing Secusityfocus website for vulnecabilty zeresrch BorasK 3 7, Browse Zero Day website http://www.zdnet.com to know the latest in — software/hasdware secusity reseasch, vulnerabilities, threats and Conducting computer attacks. Zero Day C= e= Over 100 suspicious, Figure 1.7: Browsing Zero day website for vulaecabilitycesescch END Lab Mannal Page 35 ‘Gaited Nerwok Defender Copii © by EE Counel ‘A Rights Reevd Repeshcoon Stl Pred‘Module 02 -Network Socunty Threats, Vulnerabilities, and Attacks Lab Analysis “Analyze and document the results of the lab exercise. Give your opinion on your target's secusty posure and exposure through free public information, PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS ABOUT THIS LAB. ‘END Lab Mannal Page 36 ‘Gaited Nero Defender Coprsit © by EE Counell “AL Right Reered Repedcton Stacy Prebated.