W23 SPR100_Lab_9v3 (1)

docx

School

Seneca College *

*We aren’t endorsed by this school

Course

100

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

4

Uploaded by ElderLeopardMaster1065

Report
SPR100 Labs Lab 9: I Feel so Vulnerable (2%) Overview: When considering vulnerabilities, we need to consider a number of things including: What is the role of the host. Are we running the minimum required software/services to deliver that functionality? What can someone see of the host if the host is scanned from another machine. In this lab, we will discover what services are available on our hosts. We will try to discover some of the vulnerabilities that exist on the Security Lab network you scanned with nmap in the last lab. To do this we will use the Nessus vulnerability assessment tool. Warning: As mentioned in a previous lab, the use of the tool described in this lab outside of an authorized environment could lead you to be possibly charged with a criminal offense. DO NOT: Run scans on any network or host unless you are clearly and explicitly authorized to do so. Use this tool on only on a host-only network. Objective: 1. Learning to use the netstat command on Windows 2. Learning about Common Vulnerabilities and Exposures (CVEs) 3. Learning to install Nessus, a vulnerability scanner 4. Learning to generate scans of individual hosts using Nessus Page 1 of 4
SPR100 Labs The Lab Activities Part 1: What is listening on the local host (Home) Here we are looking at our hosts to see what services they are running. Why is this of interest? If you do not need to run a particular service, and you find a host is doing so, it becomes an unnecessary point of vulnerability, and needs to be shutdown. In each of the following readings, try the examples and record which services are running, the ports they are listening to, their states, etc. Microsoft OSs have a command called netstat which allows us to analyze their network connections. Read these articles: Article : this gives a quick understanding of the ‘netstat’ command. Article : this provides a number of netstat examples. NB: This will require you to use your VM Window 10’s Command Line interface. Steps 1. Run your Windows 10 VM and start a web-browser. 2. Do two netstat command Window examples from each of the articles. 3. Insert a heading in your report ‘ netstat Commands ’. 4. For each command: Capture a screenshot of command’s execution. If the output so long that the command you used is no longer visible in the Command window, scroll the window such that the command you gave is visible at the top of the Command window . Insert the image under the ‘ netstat Commands ’ heading, with its own sub-heading. This sub-heading should be the command that was executed. For example: netstat –o 5 <image of netsat –o 5 result> Part 2: Vulnerabilities Vulnerabilities are rife with software and computer systems due to their complex nature and there are a number of publicly accessible databases available to help us keep track of these vulnerabilities. One of the best known and most commonly used is the Common Vulnerabilities and Exposures ( CVE ®). Have a look at their introductory page , this will give you a good overview of how the system works. Every newly discovered vulnerability is given a unique CVE identifier number, such as CVE-2011-3406. An example of a typical CVE entry is the following: CVE-2022-23307 (Log4j) . Other interesting sites with which you should be familiar: The National Vulnerability Database , the U.S. government repository of standards-based vulnerability management data The CERT Coordination Center , Carnegie Mellon University's Computer Emergency Response Team CVSS , the Common Vulnerability Scoring System Part 2A: Vulnerability Scanner Installation (Home – before in-person lab) When you have assumed responsibility for network security, one of the methods at hand to assess your network is vulnerability assessment. Why? You want to find the vulnerabilities in your system and repair them before bad guys find them and exploit them. Page 2 of 4
SPR100 Labs Nessus is an industry standard vulnerability scanner that is a powerful tool, which generates excellent reports. It is modular and highly configurable. While started as an open source project, it is now propriety and owned by Tenable Network Security You can set up a free version for home use (called nessus essentials) and we are allowed to use the free version for our program. Tenable provides very useful documentation . Take a look at the documentation for the current version (10.4.2) at the time of last edit for this lab) here . Nessus essentials only allows you to scan 16 IP addresses . Note: Nessus does run on Windows 10, so install it on to your Windows 10 VM Your Windows 10 requires the Windows 64bit version of Nessus You need to make sure you are on the Security Lab network BEFORE you scan a network using Nessus Steps: 1. Go to Tenable Network Security and register for a home version of nessus essentials . They will email you an installation key. 2. Download and install Nessus on your Win 10 VM. 3. Create an account ( Note: full installation will only happen once you have created your account ) 4. Login to your account 5. Take a screenshot of Nessus running and insert it in your report under the heading ‘ Nessus Installed and Running’ Part 2B: Scanning with Nessus (Security Lab) Before we start… Nessus is a powerful tool, and we are only going to touch on it. There are a huge number of options available. Using everything at once in a brute force manner can cause systems to crash, so be careful. A vulnerability scan should be carefully thought out, and skillfully applied. This lab is a very very brief introduction. In this part of the lab we will be using the list of hosts you identified in a previous lab (where you used Nmap ). Select what you think are the most interesting 3 hosts . You will be running a full Nessus scan on each of the hosts as described below. While you can scan entire subnets, please do one host at a time , in order to ease the strain on our network. While scanning subnet may seem a quick way for you to complete the lab, it will likely interfere with other students’ ability to do their lab, and such interference is a violation of the Security Lab policy. Warning: Do not run scans on any network or host unless you are clearly authorized to do so. The following steps should be done 3x. Once for each IP address identified above. Steps: 1. Verify you are on the Security Lab network before you proceed. 2. Start Nessus if it is not already running and log in with credentials for user that has been created during installation. 3. Starting at My Scans , scan the IP: a. Select Create New Scan Page 3 of 4
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SPR100 Labs b. Select Basic Network Scan c. For Name , give your scan the following name: ‘Lab 9 Scan n-n-n-n” (n-n-n-n is the IP you are going to scan) d. For Targets , enter the IP (one of the three you identified above) e. Save the scan f. Launch the scan – this is done by ‘hovering’ over the right-hand side of the saved scan and a launch option appear. g. Wait for the scan to complete – this may take a while, especially if a number of students are scanning the same IP address . h. When the scan is complete: Scan Details: click on the scan to bring up details of the scan – you should see a screen with tabs such as ‘Hosts’, ‘Vulnerabilities’ etc. Scan Report: we want to get the scan report, so click on the ‘Report’ button (top right), select ‘HTML’ for report format, then select the report template as ‘Detailed Vulnerabilities by Host’, and the scan report will be downloaded. Copy the downloaded scan report to your Security Lab workstation desktop. Open the scan report on your Security Lab workstation with MS Word and save it as a PDF. Copy the PDF to you SSD as you will need to upload the PDF version of scan report with your lab report – no scan reports, not mark for the lab. NB: You will need to upload your three (3) scan reports with your lab report. Part 2C: Analyzing Data and Reporting the Results (Home) Now you have done your scans and downloaded the reports, it’s time to look scan results, doing some analysis and writing up your results. For the scan reports you have generated: 1. Read through them 2. Make a note of what was discovered 3. Check out the CVE descriptions of three (3) critical vulnerabilities found – there should be at least one from each report In your lab report, under the heading ‘ Vulnerability Testing ’ write-up the following. Under the sub-heading ‘ Critical Vulnerabilities ’ discuss the 3 critical vulnerabilities you have found. For each vulnerability: Give the CVE Identify what types of exploits are possible for each given CVE (if any) Under the sub-heading ‘ Nessus vs Nmap ’ outline, based on your experiences, the key differences between the information from nmap and Nessus. Report Submission Now that you have filled out the Lab report submit it, along with Nessus report and your elog book. This is done through the submission link given with Lab 9 on Blackboard. Page 4 of 4

Related Documents

bus523 Executive summary - Copy.docx
Project_charter_(5000)[1].docx
Summary sheet for PRECEDE.NA.related to grant..docx
test 3.docx
Assignment 2 (ch. 2).pdf
Unit 2 Assignment Homeland Security Certificate (1).docx
W23 SPR100 W1 Lab 1 v1.docx
W23_SPR100_Lab_7v1.docx
test 2.docx
Unit 3 Assignment FEMA Certificate.docx
MD5 Assgn1_White_A.doc
U2L3 Culture.docx