How to Identify Threats & Vulnerabilities in an IT Infrastructure Using ZeNmap Essay

1. Understand how run a risk from threats and softw are vulnerabilities impacts the seven domains of a typical IT infrastructure 2Review a ZeNmap GUI (Nmap) vane discovery and Nessus pic assessment run out report (hardcopy or softcopy) 3.Identify hosts, operating systems, services, applications, and open ports on devices from the ZeNmap GUI (Nmap) s force out report 4.Identify critical, major, and minor software vulnerabilities from the Nessus photo assessment scan report 5.Prioritize the determine critical, major, and minor software vulnerabilities 6.Verify the exploit potential of the identified software vulnerabilities by conducting a high-level risk impact by visiting the Common Vulnerabilities & Exposures (CVE) online leaning of software vulnerabilities at http//cve.mitre.org/Week 3 Lab Assessment WorksheetIdentify Threats and Vulnerabilities in an IT InfrastructureOverviewOne of the most important first steps to risk management and implementing a security strategy is to id entify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy selective cultivation or intellectual keeping require additional security controls to ensure the C-I-A of that data. This lab requires thestudents to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.Lab Assessment Questions & Answers1. What are the differences between ZeNmap GUI (Nmap) and Nessus? ZeNmap is the graphical exploiter interface for Nmap. Nmap when introduced was all command line interface, ZeNmap was created to make the software user friendly. Nmap doesnt tell you the vulnerabilities on a system that requires knowledge of the computer network, t he network baseline, to figure out where the vulnerabilities exist. Nessus is like Nmap in that it can do network discovery, but unlike Nmap, it is designed to scan systems to determine their vulnerabilities. Nessus has the ability to create policies which are composed of scanning specifications.2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? The beaver application for this process would be Nmap3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be the go around application for this process.4. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability? Nessus allows users to identify vulnerabilities, and attack those vulnerabilities to take the impact of an attack. Nessus starts with a port scan and attemp ts to exploit ports that are open.5. Are open ports necessarily a risk? Why or why non? Open ports are not necessarily a risk, it depends upon the application that is using the port. If no service is using the port, then the packets will be rejected by the system.6. When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability? Software vulnerabilities are documented and bring in by US CERT, U.S. Computer Emergency Readiness and Team, in a public accessible list called Common Vulnerabilities and Exposures list, CVE.7. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are, and assess the severity of the vulnerability. Does not renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sess ions protected by TLS or SSL. The CIA scores are none, partial, and partial with a CVVS score of 5.8.8. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers. I a public access list of known vulnerabilities that a security professional can use to check against the systems being analyzed. Hackers can use the list of know vulnerabilities in OSs and software, to exploit the vulnerability to gain files, or information from systems.9. What must an IT organization do to ensure that software updates and security patches are implemented timely? Allow testing of the patch or update on a non-production system, have an update policy for the implementation of updates and patches.10. What would you define in a vulnerability management policy for an organization? An executive summary stating the findings of the vulnerability assessment from a penetration test. Audit goals and objectives, audit methodologies, recommendations and prioritization of vulner abilities.