Professional Documents
Culture Documents
Learning Objectives
Topology
Lab Steps
Set-up
Set up your exercise environment according to the specifications below, and annotate
Figure 1 accordingly. The setup for this exercise is identical to that of Lab 10-1
The Common Network is defined by 10.27.0.0/16, with the following host
specifications:
A Server at 10.27.x.1
A Printer at 10.27.0.8
Test your network configuration by pinging the Sever VM from both your Linux VM
and your Windows VM..
Network Reconnaissance
Recall from Lab 6 Part 1 the use of nmap to sweep networks for reachable hosts.
(#19) Record the hosts that are "up". There should be at least ten student machines as
well as two or three others.
(#20) If you do a quick Operating System detection scan (using the -O switch), can
you tell which is which?
Server VM
Mystery Machine
Your Windows VM
openvas.sh
This will take a few minutes to execute. When it does, accept the browser certificate.
State that you understand the risks, and add exception.
OpenVAS will open in a browser window and appear as depicted in Figure 2 below.
Figure 2 - OpenVAS
OpenVAS is a GUI-based application and is relatively easy to use once you learn a
few basic functions. Before you begin feel free to explore the various functions
available within OpenVAS; i.e., Scan Management, Asset Management, etc.
Learn how to conduct a simple scan by following the steps below to scan your Server
VM:
Create a new task using this target with a defaults scan configuration
Scan Management
This will likely take several minutes, especially since you are not the only one
scanning the network.
When the scan has completed select all three categories of threat: High, Medium and
Low
Move this report to your Desktop and rename it with a meaningful name.
Now create the targets and tasks necessary to scan the remainder of the machines
identified during the reconnaissance phase.
While you are waiting for your scans to return results, try to determine if you are
being scanned.
For example, if you observe the network traffic by running tcpdump you will note that
there are a lot of packets traversing the network. This is not that helpful.
Experiment with tcpdump filters until you think you have captured evidence of your
host being scanned, or have confirmed that you are not being scanned.
Hint: it will help if you can figure out how to filter out your own scanning activity.
When you have completed all OpenVAS scanning review the results for each host.
(#23) Summarize the results by threat category for each host and reproduce the table
below in your report.
Explore the high threat vulnerability findings for each host scanned.
(#24) For any three of these high threat vulnerabilities, summarize in your own words
the service that is vulnerable, why it is vulnerable, what exploit might the
vulnerability allow and what mitigation is required to reduce or eliminate the
vulnerability.