Scribd
Upload
75 views

Practical Exercise 1

The document provides instructions for using the Microsoft Baseline Security Analyzer (MBSA) and Nmap security scanning tools. It outlines tasks for scanning computers with MBSA to identify missing security updates and common vulnerabilities. It also describes various Nmap scanning techniques like TCP SYN, TCP connect, UDP, FIN, and ping scans and provides example commands. The document aims to help users effectively configure their security environment and analyze systems using these profiling tools.

Uploaded by

faris_39
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
75 views

Practical Exercise 1

The document provides instructions for using the Microsoft Baseline Security Analyzer (MBSA) and Nmap security scanning tools. It outlines tasks for scanning computers with MBSA to identify missing security updates and common vulnerabilities. It also describes various Nmap scanning techniques like TCP SYN, TCP connect, UDP, FIN, and ping scans and provides example commands. The document aims to help users effectively configure their security environment and analyze systems using these profiling tools.

Uploaded by

faris_39
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

DFN6223 1

PRACTICAL EXERCISE 1

CHAPTER 2: INTRODUCTION TO VULNERABILITIES, THREATS AND ATTACK

PRACTICAL EXERCISE 1A : Use security analysis tools - Microsoft Baseline


Security Analyzer (MBSA) [25 marks]

DURATION: 15 Minutes

CLO2: Configure security environment to security information using various tools


effectively

Requirement: MBSA 2.3 or latest version

Introduction:

The Microsoft Baseline Security Analyzer (MBSA) provides a streamlined method to


identify missing security updates and common security misconfigurations. MBSA
will scan for missing security updates, rollups and service packs using Microsoft
Update technologies. MBSA will not scan or report missing non-security updates,
tools or drivers.
Source: https://www.microsoft.com/

Preparation:

1. Downloading the installer (https://www.microsoft.com/en-


us/download/details.aspx?id=7558

2. Running the installer

Task:

3. Scan a computer (print screen Which computer do you want to scan? window) [5
marks]

4. Analysis the report (print screen Report Details for <computer name> window) [5
marks]

5. Correct TWO issues state in Security Update Scan Results and Windows Scan
Results (show the procedures) [10 marks]

6. Scan and print the latest report after corrections are done. [5 marks]
DFN6223 2
PRACTICAL EXERCISE 1

CHAPTER 2: INTRODUCTION TO VULNERABILITIES, THREATS AND ATTACK

PRACTICAL EXERCISE 1B : Use security scanning tools – Nmap [25 marks]

DURATION: 15 Minutes

CLO2: Configure security environment to security information using various tools


effectively

Requirement: Nmap 7.4 or latest version

Introduction:

Nmap (Network Mapper) is a free and open source (license) utility for network
discovery and security auditing. Many systems and network administrators also
find it useful for tasks such as network inventory, managing service upgrade
schedules, and monitoring host or service uptime. Nmap uses raw IP packets in
novel ways to determine what hosts are available on the network, what services
(application name and version) those hosts are offering, what operating systems
(and OS versions) they are running, what type of packet filters/firewalls are in use,
and dozens of other characteristics. It was designed to rapidly scan large networks,
but works fine against single hosts. Nmap runs on all major computer operating
systems, and official binary packages are available for Linux, Windows, and Mac
OS X. In addition to the classic command-line Nmap executable, the Nmap suite
includes an advanced GUI and results viewer (Zenmap), a flexible data transfer,
redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff),
and a packet generation and response analysis tool (Nping).
Source: https://nmap.org/

Preparation:

1. Downloading the installer (https://nmap.org/download.html nmap-7.40-setup.exe)

2. Running the installer

Task:

3. Show the result of the following basic commands:

(i) Scan a single system [2 marks]

# nmap <your target hostname> i.e www.example.com

# nmap <your target address> i.e 192.168.1.1

(ii) Scan the entire subnet [2 marks]

# nmap 192.168.1.1/24
DFN6223 3
PRACTICAL EXERCISE 1

(iii) Scan a multiple targets (separate each target via space) [2 marks]

# nmap 192.168.1.1 192.168.1.8

(iv) Scan a range of IP addresses but not the entire subnet [2 marks]

# nmap 192.168.1.1-100

(v) Scan for the entire list (make sure to put the file on the same directory) [2
marks]

# nmap -iL target.txt

(vi) If you want to see the list of all the hosts that you are scanning, then use the
command with an -sL parameter: [2 marks]

# nmap -sL 192.168.1.1/24

(vii) In some cases we need to scan the entire subnet but not a specific IP addresses
(use the Nmap command with the excluding parameter) [2 marks]

# nmap 192.168.1.1/24 – -exclude 192.168.1.1

(viii) If you have a file that contains the list of IP addresses that you want to
exclude, then you can call the file in the exclude parameter: [2 marks]

# nmap 192.168.1.1/24 –exclude file target.txt

(ix) If you want to scan a specific port on the target machines (for example, if you
want to scan the HTTP, FTP, and Telnet port only on the target computer), then you
can use the Nmap command with the relevant parameter: [2 marks]

# nmap -p80,21,23 192.168.1.1

4. Show the result of the following Nmap scanning techniques:

(i) TCP SYN Scan (-sS) [1 mark]

It is a basic scan, and it is also called half-open scanning because this technique
allows Nmap to get information from the remote host without the complete TCP
handshake process, Nmap sends SYN packets to the destination, but it does not
create any sessions, as a result, the target computer can’t create any log of the
interaction because no session was initiated, making this feature an advantage of
the TCP SYN scan.

If there is no scan type mentioned on the command, then avTCP SYN scan is used
by default, but it requires the root/administrator privileged.

# nmap -sS 192.168.1.1


DFN6223 4
PRACTICAL EXERCISE 1

(ii) TCP connect() scan (-sT) [1 mark]

This the default scanning technique used, if and only if the SYN scan is not an
option, because the SYN scan requires root privilege. Unlike the TCP SYN scan, it
completes the normal TCP three way handshake process and requires the system
to call connect(), which is a part of the operating system. Keep in mind that this
technique is only applicable to find out the TCP ports, not the UDP ports.

# nmap -sT 192.168.1.1

(iii) UDP Scan (-sU) [1 mark]

As the name suggests, this technique is used to find an open UDP port of the target
machine. It does not require any SYN packet to be sent because it is targeting the
UDP ports. But we can make the scanning more effective by using -sS along with –
sU. UDP scans send the UDP packets to the target machine, and waits for a
response—if an error message arrives saying the ICMP is unreachable, then it
means that the port is closed; but if it gets an appropriate response, then it means
that the port is open.

# nmap -sU 192.168.1.1

(iv) FIN Scan (-sF) [1 mark]

Sometimes a normal TCP SYN scan is not the best solution because of the firewall.
IDS and IPS scans might be deployed on the target machine, but a firewall will
usually block the SYN packets. A FIN scan sends the packet only set with a FIN
flag, so it is not required to complete the TCP handshaking.

# nmap -sF 192.168.1.8

The target computer is not able to create a log of this scan (again, an advantage of
FIN). Just like a FIN scan, we can perform an xmas scan (-sX) and Null scan (-sN).
The idea is same but there is a difference between each type of scan. For example,
the FIN scan sends the packets containing only the FIN flag, where as the Null scan
does not send any bit on the packet, and the xmas sends FIN, PSH, and URG flags.

(v) Ping Scan (-sP) [1 mark]

Ping scanning is unlike the other scan techniques because it is only used to find
out whether the host is alive or not, it is not used to discover open ports. Ping
scans require root access s ICMP packets can be sent, but if the user does not have
administrator privilege, then the ping scan uses connect() call.

# nmap -sP 192.168.1.1


DFN6223 5
PRACTICAL EXERCISE 1

(vi) Version Detection (-sV) [1 mark]

Version detection is the right technique that is used to find out what software
version is running on the target computer and on the respective ports. It is unlike
the other scanning techniques because it is not used to detect the open ports, but
it requires the information from open ports to detect the software version. In the
first step of this scan technique, version detection uses the TCP SYN scan to find
out which ports are open.

# nmap -sV 192.168.1.1

(vii) Idle Scan (-sI) [1 mark]

Idle scan is one of my favorite techniques, and it is an advance scan that provides
complete anonymity while scanning. In idle scan, Nmap doesn’t send the packets
from your real IP address—instead of generating the packets from the attacker
machine, Nmap uses another host from the target network to send the packets.
Let’s consider an example to understand the concept of idle scan:

nmap -sI zombie_host target_host

# nmap -sI 192.168.1.6 192.168.1.1

The idle scan technique (as mentioned above) is used to discover the open ports on
192.168.1.1 while it uses the zombie_host (192.168.1.6) to communicate with the
target host. So this is an ideal technique to scan a target computer anonymously.

http://resources.infosecinstitute.com/nmap/#gref

You might also like