Randall Lewis

Zenmap and Nessus Lab

Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable

Network Security. Below are results of an analysis and screen shots

104 Quick Scan

103 Intense Scan

103 Quick Scan

105 Intense scan plus UDP

105 Ping Scan

106 Quick traceroute Scan

106 Regular Scan

A) Ping Sweeping

C) TCP Connect

D) Stealth Scanning

E) UDP Scanning

F) Which OS is Running

G) Other Options

Part A:

1. Several services running on each host:

Echo

Discard

Daytime

Chargen

qotd

ssh

telnet

dsp

unknown

2. Nmap's ability to identify the operating system running on each system:

Nmap is able to identify the Operating System running on each system by containing a large list/database

( nmap-os-db database) of heuristics that act differently when responding to selections of TCP/IP probes.

So depending on the responses determines the type of OS that is operating. So Nmap does let you know

what OS is operating.

Is there any

Nmap feature than can be used to guess the OS of the host? Explain your answer.

Using the ports that are open and the probable services running on those ports,

I determined what operating systems are running on the devices:

The Operating systems that is running is Windows. Certain ports that are open:For Example: 7 - Echo, 21

- tcp, 22- ssh and 110 - pop3 are common ports that are related to Windows.

3. The host that appears most secure and least secure are:

192.168.100.103 is the most secure Host because it has 991 Closed ports which is the least number of open

ports.

192.168.100.106 is the least secure because it has the most open ports.

4. Several uses of Nmap:

NMAP can be used in many different ways. It can let you know the device type and/or which kind of

routers, or printers. The type of operating system, this was a hacker can figure out what tool to use in

exploit a vulnerability.

Nmap can show wish host are up and running. This can be done by doing a ping sweep and the ones that

are connected are the ones that are up.

Stealth Scanning is an option also, some hackers may not want to let the person know that they are being

scanned and in stealth scanning and the TCP 3-way connection is never established.

5. The feature of Nmap that I find the most useful:

I found the Ping Sweeping the most useful. Because knowing which networks are up and connected,. This

is most important because you don't want to attack a host that is not connected.

6. The feature of Nmap that I find the most difficult to use:

I found the OS Fingerprinting the most difficult because it has to be combined with a port scan to be

effective. This just adds one more element which makes it more difficult.

7. A command that I consider important:

NMAP - sW,-sT, -sA, sM is a group of commands that finds the most commonly used TCP ports.

This is important because knowing the most commonly used TCP ports can prepare a hacker to try and

Breach that port using known vulnerabilities for those ports. This actually makes the job easier.

Part B

IP ADDRESS

EXecutive SUmmary

Executive Summary -cont.

-Cont.

Cont

-Cont

-Cont.

-Cont.

1. The operating systems that are running on the different hosts are:

Microsoft Windows XP Service pack 2

Microsoft Windows XP Service pack 3

Linux Kernel

2. What web server (if any) is running on each computer?

Microsoft Web server is running

3. Several services running on each computer:

smb

msrdp

ntp

www

telnet

ftp

4. The host that had the highest number of vulnerabilities and the least number

of vulnerabilities are:

192.168.100.103 had the highest number

192.168.100.105 had the Lowest number

5.Here I will Identify one high severity vulnerability for each computer and describe

the vulnerability and discuss control to minimize the risk from the vulnerability:

52717 had multiple Vulnerabilities. The remote web server uses a version of PHP that is affected by

multiple vulnerabilities

42411 - Microsoft smb shares unprivileged access. It is possible to access a network share.

The Control to minimize this risk is to restrict access under WIndows by going to each share, right clicking

and configure “sharing” on “permissions”. (Microsoft, 2009)

53503 - MS11-020: Vulnerability in SMB server could allow remote code execution. it is possible to

execute arbitrary code on the remote windows host due to flaws in its SMB implementation.

The Control to minimize this risk is a security update and Microsoft recommends that the update Patch is

applied immediately. (Microsoft, 2009)

6. Various uses of Nessus:

Nessus is a vulnerability checker that scans areas a hacker from the outside would face when trying to

infiltrate a network.

Nessus can be used to find misconfigurations in the systems. It can find patches that need to be Patched.

Nessus can also send out an alert if vulnerabilities are discovered during a scan.

7. The feature of Nessus that I find the most useful is:

I find the Pie Chart and section that shows that Highest severity of problems and it is listed in the

Executive summary. This is the most useful because you want to know where a hacker can break in or

easily exploit and this shows it.

8. The differences between using Nessus and Nmap:

Nmap is used mainly for host detection and port discovery while Nessus Scans ports to find open ports to

check security vulnerabilities.

References:

Microsoft. (2009, Jan 13). Microsoft security bulletin ms09-001 - critical. Retrieved from

http://technet.microsoft.com/en-us/security/bulletin/MS09-001