1. Understand how risk from threats and software vulnerabilities impacts the seven domains of a typical IT infrastructure 2Review a ZeNmap GUI (Nmap) network discovery and Nessus vulnerability assessment scan report (hardcopy or softcopy) 3.Identify hosts, operating systems, services, applications, and open ports on devices from the ZeNmap GUI (Nmap) scan report 4.Identify critical, major, and minor software vulnerabilities from the Nessus vulnerability assessment scan report 5.Prioritize the identified critical, major, and minor software vulnerabilities 6.Verify the exploit potential of the identified software vulnerabilities by conducting a high-level risk impact by visiting the Common Vulnerabilities & Exposures (CVE) online listing of software vulnerabilities at http://cve.mitre.org/
Week 3 Lab: Assessment Worksheet
Identify Threats and Vulnerabilities in an IT Infrastructure
One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the
students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.
Lab Assessment Questions & Answers
1. What are the differences between ZeNmap GUI (Nmap) and Nessus? ZeNmap is the graphical user interface for Nmap. Nmap when introduced was all command line interface, ZeNmap was created to make the software user friendly. Nmap doesn’t tell you the vulnerabilities on a system that requires knowledge of the computer network, the network baseline, to figure out where the vulnerabilities exist. Nessus is like Nmap in that it can do network discovery, but unlike Nmap, it is designed to scan systems to determine their vulnerabilities. Nessus has the ability to create policies which are composed of scanning specifications.
2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? The best application for this process would be Nmap
3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be the best application for this process.
4. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability? Nessus allows users to identify vulnerabilities, and attack those vulnerabilities to establish the impact of an attack. Nessus starts with a port scan and attempts to exploit ports that are open.
5. Are open ports necessarily a risk? Why or why not? Open ports are not necessarily a risk, it depends upon the application that is using the port. If no service is using the port, then the packets will be rejected by the system.
6. When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability? Software vulnerabilities are documented and tracked by US CERT, U.S. Computer Emergency Readiness and Team, in a public accessible list called Common Vulnerabilities and Exposures list, CVE.
7. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are, and assess the severity of the vulnerability. Does not renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL. The CIA scores are none, partial, and partial with a CVVS score of 5.8.
8. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers. I a public access list of known vulnerabilities that a security professional can use to check against the systems being analyzed. Hackers can use the list of know vulnerabilities in OS’s and software, to exploit the vulnerability to gain files, or information from systems.
9. What must an IT organization do to ensure that software updates and security patches are implemented timely? Allow testing of the patch or update on a non-production system, have an update policy for the implementation of updates and patches.
10. What would you define in a vulnerability management policy for an organization? An executive summary stating the findings of the vulnerability assessment from a penetration test. Audit goals and objectives, audit methodologies, recommendations and prioritization of vulnerabilities.