Scribd
Upload
140 views2 pages

IAA202 Lab5 SE140810

This document discusses differences between Zenmap and Nessus vulnerability scanning tools. It also summarizes the results of scans performed with each tool, including open ports found and IP addresses identified. Potential exploits and risks related to software vulnerabilities are discussed.

Uploaded by

Vinh Huynh K14 HCM
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
140 views2 pages

IAA202 Lab5 SE140810

This document discusses differences between Zenmap and Nessus vulnerability scanning tools. It also summarizes the results of scans performed with each tool, including open ports found and IP addresses identified. Potential exploits and risks related to software vulnerabilities are discussed.

Uploaded by

Vinh Huynh K14 HCM
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

IAA202

Huynh Hien Vinh

SE140810

Teacher: Mai Hoang Dinh

Lab 5

1. What are the differences between Zenmap and Nessus?

-Zenmap is the GUI version of nmap – a tool that can be used to perform reconnaissance on a network,
determine open ports, service version and etc… Nessus is a vuln scanner that can test and detect specific
vulns

2. Which scanning application is better for performing a network discovery reconnaissance probing of an
IP network infrastructure?

-Zenmap is a good choice for these type of reconnaissance.

3. Which scanning application is better for performing a software vulnerability assessment with
suggested remediation steps?

-It’s Nessus since it’s a vuln scanner

4. How many total scripts does the Intense Scan using Zenmap perform?

-It’s include port scanning, OS detection, version detection, network distance, trace route….

5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco Security

Appliance device?

-443 tcp, open ssl/http

-No exact OS matches for host

-OS guess: Cisco Catalyst 1900 Switch, Software v9.00.03 (89%)

6. What is the source IP address of the Cisco Security Appliance device (refer to page 6 of the pdf

report)?

-The IP is 172.30.0.1

7. How many IP hosts were identified in the Nessus® vulnerability scan? List them

172.16.20.1- Low Severity problem(s) found

172.17.20.1- High Severity problem(s) found

172.18.20.1- High Severity problem(s) found

172.19.20.1- Low Severity problem(s) found


172.20.20.1 -High Severity problem(s) found

172.30.0.10-High Severity problem(s) found

172.30.0.66- High Severity problem(s) found

8. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can
help you assess the risk impact of the identified software vulnerability?

The number of impacts on your systems and which ones pertain to the scan.

9. Are open ports necessarily a risk? Why or why not?

-If there is a service running on that open port, and the service is running on the newest version, with
good security configuration, is is not a risk, as long as you don’t use any vulnerable version of the service

10. When you identify a known software vulnerability, where can you go to assess the risk impact of the

software vulnerability?

-It would be found under solutions. This is for found vulnerabilities that have been addressed already.

11. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555

when using the CVE search listing, specify what this CVE is, what the potential exploits are, and

assess the severity of the vulnerability.

-CVE is a list of information security vulnerabilities and exposures that aims to provide common names
for publicly known problems. Network exploitable. Allows unauthorized modification; Allows disruption
of service. This a Medium Risk.

12. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers.

-CVE search listing can reveal a known vulnerability of a software, from this information security
practitioners can patch it, or hacker can research about this vuln and develop exploit & tools for it.

13. What must an IT organization do to ensure that software updates and security patches are

implemented timely?

-The organization should maintain update & internal system, perform risk assessment and etc…

14. What would you define in a vulnerability management policy for an organization?

-The possible risk involved with vulnerabilities that were found on you systems and how you plan to
mitigate them.

15. Which tool should be used first if performing an ethical hacking penetration test and why?

-Reconnaissance tools should be used first to map a network, and then vuln scanner tools can be used
on discovered potential attack vector, then exploit tools to gain access.

You might also like