Scribd Logo
Upload

Welcome to Scribd!

  • 348 views

    Nessus Lab V12nov07

    Uploaded by

    Shahril The Boss
    This document provides instructions for a lab exercise using the Nessus vulnerability scanner to scan a local network. Students will use Nessus to locate live hosts on the local 192.168.3.0/24 network and scan them for vulnerabilities. The report will include screenshots showing the scan process, answers to questions about vulnerabilities found, and a list of discovered hosts with IP/MAC addresses, operating systems, and 3 vulnerabilities for each with potential countermeasures. The lab quiz will cover practical use of Nessus as well as theoretical concepts addressed in the lab.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd

    Nessus Lab V12nov07

    Uploaded by

    Shahril The Boss
    348 views6 pages
    This document provides instructions for a lab exercise using the Nessus vulnerability scanner to scan a local network. Students will use Nessus to locate live hosts on the local 192.168.3.0/24 network and scan them for vulnerabilities. The report will include screenshots showing the scan process, answers to questions about vulnerabilities found, and a list of discovered hosts with IP/MAC addresses, operating systems, and 3 vulnerabilities for each with potential countermeasures. The lab quiz will cover practical use of Nessus as well as theoretical concepts addressed in the lab.

    Original Description:

    Lab exercise

    Original Title

    Nessus Lab v12nov07

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides instructions for a lab exercise using the Nessus vulnerability scanner to scan a local network. Students will use Nessus to locate live hosts on the local 192.168.3.0/24 network and scan them for vulnerabilities. The report will include screenshots showing the scan process, answers to questions about vulnerabilities found, and a list of discovered hosts with IP/MAC addresses, operating systems, and 3 vulnerabilities for each with potential countermeasures. The lab quiz will cover practical use of Nessus as well as theoretical concepts addressed in the lab.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    348 views6 pages

    Nessus Lab V12nov07

    Uploaded by

    Shahril The Boss
    This document provides instructions for a lab exercise using the Nessus vulnerability scanner to scan a local network. Students will use Nessus to locate live hosts on the local 192.168.3.0/24 network and scan them for vulnerabilities. The report will include screenshots showing the scan process, answers to questions about vulnerabilities found, and a list of discovered hosts with IP/MAC addresses, operating systems, and 3 vulnerabilities for each with potential countermeasures. The lab quiz will cover practical use of Nessus as well as theoretical concepts addressed in the lab.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    of 6

    Lab Exercise Introduction to Nessus Vulnerability Scanner

    Objectives
    In this lab exercise you will complete the following task:

    Use Nessus to locate live hosts on local network and scan them for vulnerabilities.

    Visual Objective

    Introduction
    Tenable Nessus Vulnerability Scanner is a comprehensive network vulnerability scanner, which
    allows for detection of potential or confirmed security holes. Security holes or vulnerabilities for
    most of the time can be thought of as weak spots in the programming code, which could be
    exploited by an attacker to perform malicious act. In addition to that, in network environment,
    misconfigured programs sometimes are being referred as vulnerabilities or potential risks. To
    locate vulnerabilities, Nessus use special plug-ins, which are actually scripts written in Nessus
    Attack Scripting Language (NASL). Each plug-in is created to test for a specific vulnerability.
    Plug-ins come in two categories dangerous and non-dangerous. Dangerous ones would attempt
    to crash the system, while non-dangerous would merely perform scan.

    After completing scan, Nessus displays IP addresses of all hosts that were found and scanned.

    Further below, detailed information about every host is displayed. For most part, report provides
    information about open ports of scanned hosts, including port number, service being ran by the
    port, and potential security risk or exploit, along with a recommended action on how to counter
    or fix the problem.

    Along with some general information gathering about the host, Nessus performs trace-route to
    every scanned host and attempts to identify operating system of a host.

    Lab Assignment Scan local network for machines/vulnerabilities


    Step 1: Start Nessus, by clicking on Nessus shortcut on the desktop.
    Step 2: Click on Start Scan Task

    Step 3: In the next window you can specify target IP address, IP addresses within certain range,
    or whole subnet. In our case, we do not know IP addresses of hosts in our LAN, so we are going
    need to include the whole network. 192.168.3.0 is network ID and the /24 is same as
    255.255.255.0, which is subnet mask of our network. Subnetmask provides for IP range in which
    Nessus will perform the scan. In current situation this mask directs scan of all hosts inclusively
    from 192.168.3.1 to 192.168.3.254. Thus, to scan local network for possible hosts, type
    192.168.3.0/24 and click next.

    Step 4: In next window you can choose between plug-ins use. Our simulated LAN does not have
    anything important, so choose Enable all but dangerous plugins with default settings
    (Recommended) or Enable all plugins with default settings (Even dangerous plugins are
    enabled) and click next.
    Next window allows you too choose between scanning from your PC or remote server. Such
    option is considered to be one of the important features of Nessus, because servers that do actual
    scanning can be placed in strategic parts of the network, allowing scanning from different point
    of views, while clients would handle configuration and reports.
    In our case, your PC would initiate the scan, so proceed with choosing localhost and click next.
    Step 5:
    After scan is completed, inspect results. If you done everything right you should see that there is
    number of vulnerabilities in the discovered hosts. Note, that one of the hosts has much more
    vulnerabilities than others.
    Now, use Nessus report to answer following questions (if you want, you can safe Nessus report
    and answer questions on your own later):
    a. Provide IP addresses of hosts that are running under VMware simulation and point to the
    place in Nessus report where you got this information from.
    b. Nessus have identified the large number of vulnerabilities with critical risk factor.
    1. Name port number through which nessus was able to identify majority of them.
    2. In one of the hosts Nessus have identified critical vulnerability associated with Spooler
    service. In what way an attacker can use this vulnerability to perform malicous acts?
    3. In one of the hosts Nessus have identified critical vulnerability associated with DHCP
    client. What is type of vulnerability is it, and what does it allow attacker to do?
    c. Through what service and port number Nessus was able to identify computer/workgroup
    names for hosts?

    In addition to answers on questions above, you need to list IP and MAC addresses of discovered
    hosts, their operating systems (if Nessus was able to identify them), and 3 vulnerabilities with
    possible course of counter actions for each host. If there is host with no vulnerabilities or
    potential risks, indicate that.

    Things to know for the lab quiz:


    To do well on the Nessus lab quiz you need to understand basic idea of what Nessus does, and
    understand steps you went through while configuring basic scan. In addition to that, you need to
    know at least two vulnerabilities, including port numbers and associated services, and counter
    actions. Also, you need to know operating systems of discovered hosts.

    Grading Rubric
    Please note that the report would weight only 36% of the grade for this LAB, and your group are
    only required to give a simple report, such as a serious of step by step snapshots (or screen shots)
    showing how your group conducts this lab exercise. 64% of your grade would come from the lab
    quiz, which you will be given individually at the end of the lab in room 202. The quiz questions
    may deal with not only practical but theoretical aspects of the lab as well. The quiz is intended to
    check how much attention you have paid to the practical part of the lab and whether you
    understand the idea behind the lab.

    Report Writing Requirements

    The report must include a cover page. Among other things, the name of each group member
    must be put on the cover page.
    The contribution of each group member must be summarized in the report. That is, the report
    should report who did what in a clear way.

    The report must include a series of screen shots showing how the group conducts the lab step
    by step. Two or more screen shots may need to be associated with one step of the lab. For
    Nessus results part of this lab, you need only screenshot of the page where summary of
    scanned hosts IP addresses, warnings, notes, and holes are listed.

    The report must include answers on questions asked in step 5

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy