Lab #2: Perform a Vulnerability Assessment Scan Using Nessus® (Nessus® is a Registered Trademark of Tenable Network Security, Inc.)
Learning Objectives and Outcomes
Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using ZenMap GUI (Nmap) to perform an IP host, port, and services scan * Perform a vulnerability assessment scan on a targeted IP subnetwork using Nessus® * Compare the results of the ZenMap GUI “Intense Scan” with a Nessus® vulnerability assessment scan * Assess the findings of the vulnerability assessment scan and identify critical vulnerabilities * Make recommendations for mitigating the identified risks, threats, and vulnerabilities as described on the CVE database listing
Lab #2 – Assessment Worksheet
Perform a Vulnerability Assessment Scan Using Nessus®
Course Name & Number: Information Security System IS433
Student Name: Anh N Bien
Instructor Name: Rich Fesl
LAB Due Date: 1/29/2013
This lab demonstrates the first 3 steps in the hacking process that is typically performed when conducting ethical hacking or penetration testing. The first step in the hacking process is to perform an IP host discovery and port/services scan (Step 1: Reconnaissance & Probing) on a targeted IP subnetwork using ZenMap GUI (Nmap) security scanning software. The second step in the hacking process is to perform a vulnerability assessment scan (Step 2: Scanning) on the targeted IP subnetwork using Nessus® vulnerability assessment scanning software. Finally, the third step in the hacking process (Step 3: Enumeration) is to identify information pertinent to the vulnerabilities found in order to exploit the vulnerability.
Lab Assessment Questions & Answers
1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of...