SophiaPretty
$14/per page/Negotiable
Upon completion of Lab #5 – Identify Risks, Threats & Vulnerabilities in an IT Infrastructure Using ZeNmap GUI (Nmap) & Nessus® Reports, students are required to provide the following deliverables as part of this lab:
1. Lab #5 – A four-paragraph executive summary written to executive management providing a
summary of findings, risk impact to the IT asset and organization, and recommendations for next
steps.
Recommended Procedures
Lab #5 – Student Steps:
Student steps needed to perform Lab #5 – Identify Threats & Vulnerabilities in an IT Infrastructure Using
ZeNmap GUI (Nmap) & Nessus Reports:
1. Connect your removable hard drive or USB hard drive to a classroom workstation.
2. Boot up your classroom workstation and DHCP for an IP host address.
3. Login to your classroom workstation and enable Microsoft Word.
4. Review Figure 1 – Seven Domains of a Typical IT Infrastructure.
5. Load your workstation’s browser and go to: http://cve.mitre.org/ .
6. Familiarize yourself with the CVE listing and search engine tool.
• Load sample search criteria: “Microsoft XP 2003 Service Pack 1”, “Cisco ASA 5505
Security +”, etc.
7. Review the ZeNmap GUI (Nmap) network discovery and vulnerability assessment scan report
and identify the following:
• What was the date and time stamp of the Nmap host scan?
• How many total tests or scripts ran during the scan?
• A SYN stealth scan discovers all open ports on the targeted host. How many ports are open
on the targeted host?
• What ports are open on the targeted host?
• What services/applications are on the targeted host?
• What is the MAC layer address of the targeted host?
• What OS is loaded on the targeted host?
• How many router hops away is the targeted host?
• Does the ZeNmap GUI (Nmap) scan report provide any information regarding to risk, threats,
or vulnerabilities found?
• What must you do to confirm or verify if the identified OS, software, application has the
latest release and/or software updates and patches?
8. Review the Nessus vulnerability assessment scan report and identify the following:
• What was the date and time stamp of the Nessus host scan?
• How many total vulnerabilities were found per host?
• Of these vulnerabilities, how many were open ports, high, medium, or low criticality
vulnerabilities?
• What specific information was obtained regarding the targeted host:
o Name:
o Operating System:
• Does the Nessus vulnerability assessment scan report provide any information regarding to
risk, threats, or vulnerabilities found?
• What must you do to confirm or verify if the identified OS, software, application has the
latest release and/or software updates and patches?
Attachments: