How to Identify Threats & Vulnerabilities in an IT Infrastructure Using ZeNmap Essay

1. Understand how risk from threats and softw are vulnerabilities blows the seven domains of a typical IT infrastructure 2Review a ZeNmap GUI (Nmap) network breakthrough and Nessus picture sagacity graze report (hardcopy or softcopy) 3.Identify hosts, operating systems, services, employments, and open ports on devices from the ZeNmap GUI (Nmap) scan report 4.Identify critical, major, and minor parcel vulnerabilities from the Nessus pic respectment scan report 5.Prioritize the identified critical, major, and minor software system vulnerabilities 6.Verify the exploit effectiveness of the identified software vulnerabilities by conducting a high-level risk impact by visiting the Common Vulnerabilities & Exposures (CVE) on cable system keep downing of software vulnerabilities at http//cve.mitre.org/Week 3 Lab Assessment WorksheetIdentify Threats and Vulnerabilities in an IT stemOverviewOne of the most important first steps to risk worry and implementing a security strateg y is to come upon all resources and hosts within the IT infrastructure. at one time you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and heed procedures to ensure C-I-A throughout. Servers that house customer privacy data or sharp property require additional security controls to ensure the C-I-A of that data. This lab requires thestudents to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.Lab Assessment Questions & Answers1. What are the differences betwixt ZeNmap GUI (Nmap) and Nessus? ZeNmap is the graphical user interface for Nmap. Nmap when introduced was all command line interface, ZeNmap was created to make the software user friendly. Nmap doesnt tell you the vulnerabilities on a system that requires knowledge of the computer network, the network baseline, to figure out where the vulnerabilities exist. Nessus is wish well Nmap in that it can do network discovery, but unlike Nmap, it is knowing to scan systems to determine their vulnerabilities. Nessus has the ability to create policies which are composed of examine specifications.2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? The outgo application for this process would be Nmap3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be the best application for this process.4. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability? Nessus allows users to identify vulnerabilities, and fervency those vulnerabilities to establish the impact of an attack. Nessus starts with a port scan and attempts to exploit ports that are open.5. Are open ports necessarily a risk? Why or why not? Open ports are not necessarily a risk, it depends upon the application that is using the port. If no service is using the port, then the packets go forth be rejected by the system.6. When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability? Software vulnerabilities are documented and tracked by US CERT, U.S. computing device Emergency Readiness and Team, in a public accessible advert called Common Vulnerabilities and Exposures list, CVE.7. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555 when using the CVE search listing, specify what this CVE is, what the potential drop exploits are, and assess the severity of the vulnerability. Does not renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and mayhap other types of sessions protected by TLS or SSL. The CIA scores are none, overtone, and partial with a CVVS score of 5.8.8. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers. I a public access list of known vulnerabilities that a security schoolmaster can use to check a establishst the systems being analyzed. Hackers can use the list of know vulnerabilities in OSs and software, to exploit the vulnerability to gain files, or information from systems.9. What must an IT organization do to ensure that software updates and security blotes are implemented timely? Allow testing of the patch or update on a non-production system, have an update indemnity for the implementation of updates and patches.10. What would you define in a vulnerability management insurance policy for an organization? An executive summary stating the findings of the vulnerability assessment from a perceptiveness test. Audit goals and objectives, audit methodologies, rec ommendations and prioritization of vulnerabilities.