Essay on Is 305 Week 3 Lab

795 Words Oct 3rd, 2013 4 Pages
-------------------------------------------------
Week 3 Laboratory

How to Identify Threats & Vulnerabilities in an IT Infrastructure Using ZeNmap GUI (Nmap) & Nessus Reports

Learning Objectives and Outcomes
Upon completing this lab, students will be able to: 1. Understand how risk from threats and software vulnerabilities impacts the seven domains of a typical IT infrastructure
2 Review a ZeNmap GUI (Nmap) network discovery and Nessus vulnerability assessment scan report (hardcopy or softcopy)
3. Identify hosts, operating systems, services, applications, and open ports on devices from the ZeNmap GUI (Nmap) scan report
4. Identify critical, major, and minor
…show more content…
Nmap when introduced was all command line interface, ZeNmap was created to make the software user friendly. Nmap doesn’t tell you the vulnerabilities on a system that requires knowledge of the computer network, the network baseline, to figure out where the vulnerabilities exist. Nessus is like Nmap in that it can do network discovery, but unlike Nmap, it is designed to scan systems to determine their vulnerabilities. Nessus has the ability to create policies which are composed of scanning specifications.

2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? The best application for this process would be Nmap

3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be the best application for this process.

4. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability? Nessus allows users to identify vulnerabilities, and attack those vulnerabilities to establish the impact of an attack. Nessus starts with a port scan and attempts to exploit ports that are open.

5. Are open ports necessarily a risk? Why or why not? Open ports are not necessarily a risk, it depends upon the application that is using the port. If no service is using the

More about Essay on Is 305 Week 3 Lab

Open Document