lab1
.pdf
keyboard_arrow_up
School
Community College of Baltimore County *
*We aren’t endorsed by this school
Course
127
Subject
Information Systems
Date
Apr 3, 2024
Type
Pages
2
Uploaded by BarristerSeaUrchin2174
This is where you submit your completed assignment.
Return to the lesson module to find the link to access the lab environment and
documentation:
Practice Labs is compatible with recent versions of Chrome and Firefox. Please use one
of these browsers to access the lab.
One of the essential tools for both network security administrators and white hat
hackers is the vulnerability scanner. It is an important tool for ensuring the security of
your network. With a vulnerability scanner, you can ensure that the systems on your
network meet security standards, have no unacceptable open vulnerabilities, are
properly patched, and belong on the network.
In this lab we will be looking at two industry standard vulnerability scanners: Nmap and
Nessus.
●
You should be aware of the following work-arounds to make this lab work properly:
●
The passwords in the instructions may be incorrect. Look at the "I" in the top
right corner of PracticeLabs - click on that icon (two steps over from "London,
UK") to get the usernames and passwords of systems when you need them.
●
In the nmap section of the lab:
○
Change the IP range that you scan. All systems should be in the
range of 192.168.0.140-192.168.0.150 range. (The instructions on
PL may say to scan 192.168.204.140-150, which is incorrect.)
●
For the setup of the Nessus part of the lab, you will need to do the following:
○
After Nessus installs and it asks for the IP range, you will get an
"API Error" at this point, you will need to TURN OFF the proxy
server settings in the browser. This is the browser that you are
using to access Nessus from the Kali machine.
Activities
Nmap
The instructions tell you to only run a scan for "port 80" when using nmap. Run this scan
for port 80. After you do this, you should run a SECOND scan to figure out all of the
services that may be running on your target machines, not just the web servers. You will
need to figure out what options, flags and switches to make this happen. You should
scan every single port of every machine that is in the range to scan.
Document the "normal" and "expected" services that are running. Do some research on
each port number that responds. Identify malicious, unintentional, and/or unexpected
services that are running on this business's computers.
Nessus
For this section complete a full Nessus Scan of the computers that you found in the
previous section. Limit your scan to less than 16 computers, since that's all that your
license will permit. Complete the scan. Report the findings that Nessus gave you.
Interpretation
Interpret the findings from both scans. In your report, explain the findings that the scans
produced.
Deliverable
Your report should include:
●
Screen shot(s) from the Nmap scan (with the commands that you used). For
each command you used, you should explain the command in human terms,
as if you're explaining it to a top level business executive or non-technical
manager. Make a list of all systems found and all ports that are
open/responding. Annotate your screen shots.
●
Screen shot(s) from the completed Nessus scan. Make a table of your
findings. For each finding, you should explain the finding in human terms, as
if you're explaining it to a top level business executive or non-technical
manager. Annotate your screen shots.
●
Interpretation - Write a one paragraph response that identifies your concerns
with what this set of scans told you. Include the most important findings first.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help