Lab #5: Assessment Worksheet

Identify Threats and Vulnerabilities in an IT

Infrastructure

Course Name: IAA302

Student Name: Hoang Tien Dat – SE162085

Instructor Name: Nguyen Van Vinh

Lab Due Date: Tuesday, 11 October 2022, 11:00 PM

Lab Assessment Questions

1. What are the differences between ZeNmap GUI (Nmap) and Nessus?
 Nessus:
• you with known vulnerabilities affecting services in different opening ports.
 Zenmap:
• It provides you with what ports, services that are available on the target host.

2. Which scanning application is better for performing a network discovery reconnaissance

probing of an IP network infrastructure?
 Passive scan: https://dnschecker.org/, etc
 Active scan: Nmap, Nessus, etc.

3. Which scanning application is better for performing a software vulnerability

assessment with suggested remediation steps?
 Nessus

4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform?
 The INTENSE SCAN takes 36 scripts and then Zenmap will display the Nmap “done”
command.
5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the
Cisco Security Appliance device?

 Port 443 and SSL/HTTP service

6. What is the source IP address of the Cisco Security Appliance device (refer to page 6
of the pdf report)?

 Source IP address: 172.30.0.1

7. How many IP hosts were identified in the Nessus® vulnerability scan? List them.

 There are 7 IP hosts. They are:

• 172.16.20.1

• 172.17.20.1

• 172.18.20.1

• 172.19.20.1

• 172.20.20.1

• 172.30.0.10

• 172.30.0.66

8. While Nessus provides suggestions for remediation steps, what else does Nessus provide
that can help you assess the risk impact of the identified software vulnerability?

 Nessus offers devices and software on the network that are unauthorized or signal a network
compromise in addition to remedial measures.

9. Are open ports necessarily a risk? Why or why not?

 Open ports are risky, of course, as an attacker can exploit them to take advantage of flaws such as
using a Trojan to take a snapshot and then send it back to the attacker.
10. When you identify a known software vulnerability, where can you go to assess the risk
impact of the software vulnerability?
 We can use the Common Vulnerability Scoring System (CVSS) to evaluate the risk impact of a
software vulnerability. This is a system for classifying how easily exploitable software
vulnerabilities and exposures are.

11. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-
2009-3555 when using the CVE search listing, specify what this CVE is, what the
potential exploits are, and assess the severity of the vulnerability.
 CVE is a list of information security vulnerabilities and exposures that provides common
names for public known problems. Additionally, CVE makes it simple to transfer data among
several vulnerability capabilities.

12. Explain how the CVE search listing can be a tool for security practitioners and a tool for
hackers.

 Both security professionals and hackers can benefit from the CVE search listing because it informs
them of the applications they can and cannot use to secure or break into systems.

13. What must an IT organization do to ensure that software updates and security
patches are implemented timely?
 Both security professionals and hackers can benefit from the CVE search listing because it informs
them of the applications they can and cannot use to secure or break into systems.

14. What would you define in a vulnerability management policy for an organization?
 The amount of time an administrator must fix vulnerabilities on a system should be specified in a
vulnerability management policy.

15. Which tool should be used first if performing an ethical hacking penetration test and why?
 When conducting an ethical hacking penetration test, Nmap should be used. Because it is a strong
auditing and port scanning tool. In addition, it is an open-source program that can be used with a
variety of operating systems, including Windows, Linux, and Mac OS.