IAA202 Lab5 SE140810
IAA202 Lab5 SE140810
SE140810
Lab 5
-Zenmap is the GUI version of nmap – a tool that can be used to perform reconnaissance on a network,
determine open ports, service version and etc… Nessus is a vuln scanner that can test and detect specific
vulns
2. Which scanning application is better for performing a network discovery reconnaissance probing of an
IP network infrastructure?
3. Which scanning application is better for performing a software vulnerability assessment with
suggested remediation steps?
4. How many total scripts does the Intense Scan using Zenmap perform?
-It’s include port scanning, OS detection, version detection, network distance, trace route….
5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco Security
Appliance device?
6. What is the source IP address of the Cisco Security Appliance device (refer to page 6 of the pdf
report)?
-The IP is 172.30.0.1
7. How many IP hosts were identified in the Nessus® vulnerability scan? List them
8. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can
help you assess the risk impact of the identified software vulnerability?
The number of impacts on your systems and which ones pertain to the scan.
-If there is a service running on that open port, and the service is running on the newest version, with
good security configuration, is is not a risk, as long as you don’t use any vulnerable version of the service
10. When you identify a known software vulnerability, where can you go to assess the risk impact of the
software vulnerability?
-It would be found under solutions. This is for found vulnerabilities that have been addressed already.
11. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555
when using the CVE search listing, specify what this CVE is, what the potential exploits are, and
-CVE is a list of information security vulnerabilities and exposures that aims to provide common names
for publicly known problems. Network exploitable. Allows unauthorized modification; Allows disruption
of service. This a Medium Risk.
12. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers.
-CVE search listing can reveal a known vulnerability of a software, from this information security
practitioners can patch it, or hacker can research about this vuln and develop exploit & tools for it.
13. What must an IT organization do to ensure that software updates and security patches are
implemented timely?
-The organization should maintain update & internal system, perform risk assessment and etc…
14. What would you define in a vulnerability management policy for an organization?
-The possible risk involved with vulnerabilities that were found on you systems and how you plan to
mitigate them.
15. Which tool should be used first if performing an ethical hacking penetration test and why?
-Reconnaissance tools should be used first to map a network, and then vuln scanner tools can be used
on discovered potential attack vector, then exploit tools to gain access.