CIS 403L week 3 Performance

docx

School

ECPI University *

*We aren’t endorsed by this school

Course

403L

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

4

Uploaded by kitapatel4923

Report
Week Three Lab: Vulnerability Analysis In this Performance Assessment, you will perform the tasks you have completed in the Guided Practices (iLabs content from EC-Council). You may use the book, any notes you have, and you may look at your prior labs. You may not give or receive help from other students. You may ask your instructor for help, but it will likely cost points. How does this practical lab apply in the real world? During the vulnerability analysis phase of a penetration test, an ethical hacker uses information gathered in previous phases to identify and analyze potential vulnerabilities that may exist on the target systems. This phase will usually include the use of both manual and automated methods to detect these potential vulnerabilities. In this activity, you will focus on identifying and researching vulnerabilities. Document your findings thoroughly through screenshots and well-written paragraphs describing the purpose of the tools you used, the options you set, and your interpretation of the results. Resources Needed This lab assessment covers Modules 05 from your EC-council lab content. Thus, all resources you need will be from your labs, your text, and any research that you might have. As a special note: Greenbone is running by default, you will not need to start it. Use your browser and go to the localhost it is on port 443 by default no need to add a port switch. Level of Difficulty Moderate Important Please note the following guidance : This Assessment should be performed in the VCastle POD using the Parrot Linux virtual machine. All screenshots should reflect your own work and should have the date, time and user information (name, student ID) clearly displayed. All takeaways/inferences you can make about your target based on the reconnaissance should be clearly expressed (full sentences without excessive use of bullet points) and should be in your own words and result from you doing the work. Instructions Tasks:
1. Using the Parrot OS virtual machine, perform a vulnerability scan on one or more targets using one of the built-in vulnerability scanners. Provide a screenshot of the results of the vulnerability scan. 2. Are vulnerability scanners primarily an offensive tool or a defensive tool? Justify your answer. Vulnerability scanners can be used for both offensive and defensive reasons, however they are generally regarded as defensive tools. Here is the justification: Vulnerability scanners are widely used by enterprises to proactively discover security flaws and vulnerabilities in their systems, networks, and applications. Organizations can improve their overall security posture by scanning their infrastructure on a regular basis and detecting flaws before attackers exploit them. Furthermore, vulnerability scanners frequently include extensive findings and recommendations for reducing discovered vulnerabilities, allowing enterprises to take appropriate steps to strengthen their defenses. 3. Using any identified vulnerability from the previous scan (or one provided by your instructor), research the vulnerability in an online vulnerability database. Provide a screenshot or screenshots that show the following: a. CVSS Rating b. CWE c. Web locations that provide information on mitigating the vulnerability 4. If you were writing a report for a customer, write a statement for a recommendation for remediation. Based on the detected vulnerability and its associated risks, the following remedy recommendation could be made:
"We recommend that you apply the most recent security patches or upgrades supplied by the software vendor to address the discovered vulnerability. In addition, limiting accessibility to susceptible systems through network segmentation and access rules can help lower the risk of exploitation. Regular vulnerability scanning and patch management mechanisms should be implemented to ensure the early detection and correction of future vulnerabilities." 5. On a scale from 1 to 10, 1 being low and 10 being high, what is the likelihood of this vulnerability being exploited in an environment? What is your reasoning? The chance of exploitation is determined by a variety of factors, including the severity of the vulnerability, the presence of mitigation mechanisms, and possible attackers' motivations and skills. On a scale of 1 to 10, the probability of exploitation could be judged as follows: The likelihood is 7. Reasoning: The vulnerability has a high CVSS score, which indicates its severity and possible impact on impacted systems. Furthermore, if the vulnerability is widely known and exploit code is available, the chances of exploitation increase. The likelihood of successful exploitation can, however, be influenced by the organization's security procedures and patch management processes. 6. Explain in detail how you can use a vulnerability database to both attack and defend an organization's network. Attacking: Attackers can utilize vulnerability databases to find known flaws in target systems and devise exploit ways to breach them. By exploiting vulnerabilities, attackers can gain unauthorized access, steal sensitive information, disrupt services, or carry out other nefarious acts. Vulnerability databases provide specific information about vulnerabilities, such as descriptions, CVSS scores, impacted software versions, and probable attack paths, which hackers can use to plan and execute attacks. Defending: Vulnerability databases can help organizations stay up to date on known security vulnerabilities that affect their systems and applications. Organizations that check vulnerability databases on a regular basis might identify vulnerabilities relevant to their environment and prioritize patching and mitigation activities. Furthermore, vulnerability databases frequently give advise on repair processes and best practices for safeguarding vulnerable systems, allowing enterprises to proactively address security. 7. Using the identified vulnerability (or one provided by your instructor), search an online exploit database, and provide a screenshot of the code or method (if any) to exploit the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
vulnerability. 8. What ethical issues must be addressed before posting exploit code in an online exploit database? This ethical issues must be addressed before posting exploit code in an online exploit database: Responsible Disclosure, Dual-Use Dilemma, Legal Implications, and Mitigation Strategies

Related Documents

section c.docx
Assignment 4.pptx
Discussion 3 CMGT555.docx
CMIT 291 Project 2 - Client Response Memorandum (TEMPLATE).docx
draft CMIT 291 Project 2 - Client Response Memorandum.docx
DES_T03_1_Instructions_v4.docx
CIS 403L week 2 Performance.docx
w4.docx
POD 2403 Assignment 1 - Instructions.docx
Paper Outline session 3.docx
HSM 101 Week 3 Discussion.pdf
M10 Challenge Submission File Shantinique Williams.docx