- What operating systems are running on the different hosts This is done by running this command on command prompt # nmap -sS -O “host IP address #nmap-os-db
- What web server (if any) is running on each computer? Answer:
- List several services running on each computer?
- Which host had the highest number of vulnerabilites? The least number of vulnerabilities?
- Identify one high severity vulnerability for each computer (if there is one). Describe the vulnerability and discuss control(s) to minimize the risk from the vulnerability. Answer: one high severity vulnerability for each is port attack.
ulnerability is a weakness which allows hacker to attack on system.
- Port scanning
- Host scanning Describe various uses of Nessus. Answer: Its main priority is to detect the vulnurabilities on the tested systems such as follows:
- It checks the vulnerabilities which resists a remote cracker to get control or access the sensitive data on a user systems.
- It is used to catch the misconfiguration such as open mail relay, missing patches.
- It is also used to catch the password related vulnerabilities such as default passwords, some common passwords, as well blank passwords on some system accounts. So to prevent all this it can also call a tool which is external called Hydra to launch the most protected dictionary attack.
- Using mangled packets its been used for services such as denials of service.
- It is also used in the preparation of PCS DSS audits. What are the differences between using Nessus and Nmap?
Nessus is typically port scanner tool which considered open port to check security vulnerabilities whereas Nmap is purely host detection and port discovery tool.2 Nessus' primary function is to provide security scanning capabilities to its user wheras Nmap primary function is to designed or scan systems to determine their vulnerabilities. Which feature(s) of Nessus did you find the most useful and why? (4 points) I found agentless auditing the most useful and there are several reasons because of which it must be very helpful feature of nessus:
- It does not involve the deployments of agents on every target systems.
- It helps us in rapidly deploying the scanners on the target systems.
- It also helps us in eliminating the need for agent patching and which also creates a flexible environment, which usually is not dependent on the target specific agents.
- For IT audits, nessus scanner has various options available such as the use of Microsoft windows domain, unix secure shell keys or even the SNMPv2 community strings.
- We can also use the NTLM hash as well if we are using the nessus during a penetration test.
- Nessus will determine the following:
- It detects missing security setting and vulnerable system settings.
- Compliant and non compliant configuration settings. Which feature(s) of Nessus did you find the most difficult to use and why? Answer: While working on nessus, then I came to the feature of In-Depth Assessments which I found the most difficult because of the following reasons:
- It performs the long scans which took up most of the server resources.
- The CPU utilization is severely hit if it goes to run for hours.
- If any non compliant hosts interrupted in between the resource utilization is further increased.
- Its scan performs search on any device connected to it. What would you change about this lab? Any suggestion or feedback? (4 points) Answer: Research a command or feature that consider important but not covered in the lab.
The client itself will often list each vulnerability found, gauging its level of severity and suggesting to the user how this problem could be fixed. An example screen is shown below: