Student Name: Tom Fletcher
Your last name must be in the filename of your submitted document according the assignment naming standard. IS3110_U5L1_Firstname_Lastname Email to: SMichnick@itt-tech.edu
Due By: 6:00 PM CDT, Wednesday July 23, 2014
Note: Emails received after Due Date Due Date will be marked LATE and subject to a grade of 0 for the assignment. Please refer to Pages 33-38 of the IS3110 Student Lab Manual when working on this lab. Lab #5 – Assessment Worksheet
How to Identify Risks, Threats & Vulnerabilities in an IT Infrastructure Using ZeNmap GUI (Nmap) & Nessus® Reports
One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.
1. What are the differences between ZeNmap GUI (Nmap) and Nessus? ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities.
2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon.
3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such.
Please join StudyMode to read the full document