Lab 8 for Network Security, Firewalls and VPNs
Lab 4
1) As a student explain what the Tenable Security INC software license permits you to do and what it does not permit you to do?
2) What is the purpose of defining a Policy definition as a first step in performing a Nessus vulnerability scan?
a. Nessus is an application built for network discovery of devices and the operating systems and software running on them. This is a policy definition of it. IT is a free program that can be downloaded but donations are accepted. IT is also an open source program so people are constantly improving it.
3) What five things can you configure as part of a vulnerability scan?
i. You can configure:
1. Data Leakage
2. Compliance priority
3. Users
4. Scan options
5. Plugins
4) Explain both the information systems security practitioner and hacker perspectives of using a security scanning application such as Nessus.
a. Vulnerability scans performed from external hosted servers give the same perspective as an attacker. Two types of hacking are White hats which are individuals that used their abilities to find vulnerabilities in systems and networks and then report them to the owner of the system so that they can be fixed. Black Hats are individuals that break into systems or networks that are not authorized to.
5) How many tests does the Nessus Lab #4 Server Farm Scan perform?
a. 6
6) Describe what each of these test display withing the Scan Report Details.
a. The test include the severity from high, medium or low. Scans and test also include, parameters that control technical aspects, timeouts, number of host, type of port scanner, policy checks, service detection scan settings, UNIX compliances and many other checks that can give vulnerabilities.
7) How does Nessus differ from ZeNmap GUI and which tool would you use for network discovery and inventory versus identifying software vulnerabilities?
8) How many total IP hosts dod you find on the server farm VLAN using the Nessus Lab #4 server farm scan?
a. 261
9) Did the targeted
1) As a student explain what the Tenable Security INC software license permits you to do and what it does not permit you to do?
2) What is the purpose of defining a Policy definition as a first step in performing a Nessus vulnerability scan?
a. Nessus is an application built for network discovery of devices and the operating systems and software running on them. This is a policy definition of it. IT is a free program that can be downloaded but donations are accepted. IT is also an open source program so people are constantly improving it.
3) What five things can you configure as part of a vulnerability scan?
i. You can configure:
1. Data Leakage
2. Compliance priority
3. Users
4. Scan options
5. Plugins
4) Explain both the information systems security practitioner and hacker perspectives of using a security scanning application such as Nessus.
a. Vulnerability scans performed from external hosted servers give the same perspective as an attacker. Two types of hacking are White hats which are individuals that used their abilities to find vulnerabilities in systems and networks and then report them to the owner of the system so that they can be fixed. Black Hats are individuals that break into systems or networks that are not authorized to.
5) How many tests does the Nessus Lab #4 Server Farm Scan perform?
a. 6
6) Describe what each of these test display withing the Scan Report Details.
a. The test include the severity from high, medium or low. Scans and test also include, parameters that control technical aspects, timeouts, number of host, type of port scanner, policy checks, service detection scan settings, UNIX compliances and many other checks that can give vulnerabilities.
7) How does Nessus differ from ZeNmap GUI and which tool would you use for network discovery and inventory versus identifying software vulnerabilities?
8) How many total IP hosts dod you find on the server farm VLAN using the Nessus Lab #4 server farm scan?
a. 261
9) Did the targeted