How to Identify Threats & Vulnerabilities in an IT Infrastructure Using ZeNmap Essay

1. Understand how luck from threats and parcel vulnerabilities tincts the seven domains of a true IT infrastructure 2Review a ZeNmap graphical user interface (Nmap) net income discovery and Nessus vulnerability discernment cream off survey (hardcopy or softcopy) 3.Identify hosts, operating systems, services, coatings, and uncivil miens on devices from the ZeNmap GUI (Nmap) skim off musical theme 4.Identify critical, major, and chela softw atomic number 18 vulnerabilities from the Nessus vulnerability estimate s can buoy report 5.Prioritize the determine critical, major, and minor softw be package vulnerabilities 6.Verify the exploit potential of the place software vulnerabilities by conducting a upper-level adventure impact by tour the Common Vulnerabilities & Exposures (CVE) online diping of software vulnerabilities at http//cve.mitre.org/Week 3 lab assessment WorksheetIdentify Threats and Vulnerabilities in an IT InfrastructureOverview angiotensin-converting enzyme of the most important first stairs to risk management and implementing a earnest strategy is to find all told resources and hosts in spite of appearance the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical coats study security system operations and management procedures to understand C-I-A throughout. Servers that house customer privacy selective information or intellectual property get hold of additional security controls to ensure the C-I-A of that information. This interrogatory ground requires thestudents to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.Lab Assessment Questions & Answers1. What are the differences between ZeNmap GUI (Nmap) and Nessus? ZeNmap is the graphical user interface for Nmap. Nmap when introduced was all command line interface, ZeNmap was created to make the software user friendly. Nmap doesnt tell you the vulnerabilities on a system that requires knowledge of the reckoner net, the interlocking baseline, to figure out where the vulnerabilities exist. Nessus is equivalent Nmap in that it can do network discovery, but unlike Nmap, it is designed to scan systems to determine their vulnerabilities. Nessus has the ability to create policies which are composed of scanning specifications.2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? The best application for this process would be Nmap3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be the best application for this process.4. enchantment Nessus provides suggestions for remediation steps, what else does Nessus provide that can tending you assess the risk impact of the identified software vulnerability? Nessus allows users to identify vulnerabilities, and fervour those vulnerabilities to establish the impact of an attack. Nessus starts with a port scan and attempts to exploit ports that are open.5. are open ports inevitably a risk? Why or why non? Open ports are not necessarily a risk, it depends upon the application that is using the port. If no service is using the port, then the packets volition be rejected by the system.6. When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability? Software vulnerabilities are documented and tracked by US CERT, U.S. Computer Emergency Readiness and Team, in a public retrieveible lean called Common Vulnerabilities and Exposures list, CVE.7. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555 when using the CVE inquisition listing, specify what this CVE is, what the potential exploits are, and assess the bad of th e vulnerability. Does not renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL. The CIA scores are none, partial tone, and partial with a CVVS score of 5.8.8. Explain how the CVE look listing can be a lance for security practitioners and a tool for hackers. I a public access list of known vulnerabilities that a security professional can use to keep in line against the systems being analyzed. Hackers can use the list of know vulnerabilities in OSs and software, to exploit the vulnerability to gain files, or information from systems.9. What must an IT shaping do to ensure that software updates and security patches are implemented timely? Allow testing of the patch or update on a non-production system, have an update policy for the implementation of updates and patches.10. What would you define in a vulnerability management policy for an organi zation? An executive summary stating the findings of the vulnerability assessment from a penetration test. Audit goals and objectives, audit methodologies, recommendations and prioritization of vulnerabilities.