Performing_a_Vulnerability_Assessment_4e_-_Tyjaha_Steele

pdf

School

University of South Carolina, Aiken *

*We aren’t endorsed by this school

Course

255

Subject

Information Systems

Date

Dec 6, 2023

Type

pdf

Pages

7

Uploaded by tyjahasteele

Report
Performing a Vulnerability Assessment (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 02 Student: Email: Tyjaha Steele tnsteele@usca.edu Time on Task: Progress: 1 hour, 45 minutes 20% Report Generated: Saturday, September 23, 2023 at 1:38 PM Section 1: Hands-On Demonstration Part 1: Scan the Network with Zenmap 9. Make a screen capture showing the contents of the Ports/Hosts tab from the SYN scan for fileserver01.securelabsondemand.com . Page 1 of 7
Performing a Vulnerability Assessment (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 02 15. Make a screen capture showing the contents of the Host Details tab from the OS scan for fileserver01.securelabsondemand.com . 19. Make a screen capture showing the details in the Ports/Hosts tab from the Service scan for fileserver01.securelabsondemand.com. Part 2: Conduct a Vulnerability Scan with Nessus Page 2 of 7
Performing a Vulnerability Assessment (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 02 14. Make a screen capture showing the Nessus report summary . Part 3: Evaluate Your Findings 11. Summarize the vulnerability you selected, including the CVSS risk score, and recommend a mitigation strategy. The vulnerability that I chose to focus on for this assignment was the "SSL Certificate Cannot be Trusted" which is based upon the SSL certificate which establishes a secure and encrypted connection between a individual's browser and a web server. When this certificate cannot be verified or trusted, it opens the door for individuals with malicious intent to intercept and access data transmitted between the browser and the server because it is no longer encrypted. The CVSS risk score for this vulnerability is a 6.4-6.5 (Medium). Some reasons that these certificates will show as expired is when it has expired, there are invalid signatures, or when the authority of the certificate cannot be recognized. Some ways that those issues can be resolved is to install or update the certificates, configure the certificates and check their expiration, verify the domain match, and perhaps even go a step further and implement HTTP Strict Transport Security so user's are unable to access your site over an insecure connection. Page 3 of 7
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Performing a Vulnerability Assessment (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 02 Section 2: Applied Learning Part 1: Scan the Network with Nmap 6. Make a screen capture showing the results of the traceroute command . Incomplete 10. Make a screen capture showing the results of the Nmap scan with OS detection activated . Incomplete Part 2: Conduct a Vulnerability Scan with OpenVAS 13. Make a screen capture showing the detailed OpenVAS scan results . Incomplete Part 3: Prepare a Penetration Test Report Target Insert the target here. Incomplete Completed by Insert your name here. Incomplete On Insert current date here. Incomplete Page 4 of 7
Performing a Vulnerability Assessment (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 02 Purpose Identify the purpose of the penetration test. Incomplete Scope Identify the scope of the penetration test. Incomplete Summary of Findings Identify and summarize each of the three high-severity vulnerabilities identified during your penetration test. For each vulnerability, identify the severity, describe the issue, and recommend a remediation. Incomplete Conclusion Identify your key findings. Incomplete Page 5 of 7
Performing a Vulnerability Assessment (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 02 Section 3: Challenge and Analysis Part 1: Scan the Domain Controller with Nmap Make screen capture showing the results of your targeted port scan on the domain controller . Incomplete Part 2: Scan the Domain Controller with Nessus Make a screen capture showing the Nessus report summary for the domain controller . Incomplete Part 3: Prepare a Penetration Test Report Target Insert the target here. Incomplete Completed by Insert your name here. Incomplete On Insert current date here. Incomplete Purpose Identify the purpose of the penetration test. Incomplete Page 6 of 7
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Performing a Vulnerability Assessment (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 02 Scope Identify the scope of the penetration test. Incomplete Summary of Findings Identify and summarize each vulnerability identified during your penetration test. For each vulnerability, identify the severity, describe the issue, and recommend a remediation. Incomplete Conclusion Identify your key findings. Incomplete Powered by TCPDF (www.tcpdf.org) Page 7 of 7

Related Documents

Week 4 Lab 1.docx
Week 9-BigdataDataLakeDataWarehose.docx
JThomas_Clinical Documentation Worksheet_112623.docx
Email # 2 Bad News.docx
Quiz Technology in Counseling.pdf
4-2 Activity Critical Analysis Reimagine_Alexi Heiney.docx
ADMN 2906 A - Assignment Three.docx
3-4 Lenses Chart .docx
M2.pdf
SITXINV002_V1.0_Assessment 1 & 2 Completed.pdf
SITXCCS006_V1.0_Assessment 1 & 2 Completed.pdf
SITHPAT006_V1.0_Assessment 1 & 2 Completed.pdf