User Account

All Pages

Identify network vulnerability with tool

Assignment Help Computer Networking
Reference no: EM133792388

Information Systems Security

Aim: Use the Nessus tool to scan the network for vulnerabilities.

Objectives: Objective of the module is scan system and network analysis. Outcomes: The learner will be able to:
Identify network vulnerability with tool
Use current techniques, skills, and tools to find out different vulnerabilities and the countermeasures for identified vulnerabilities.
Hardware / Software Required: Nessus Vulnerability Scanner I Tenable Network Security tool

Theory:
Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment. Operation
Nessus allows scans for the following types of vulnerabilities.
Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.
Misconfiguration (e.g. open mail relay, missing patches, etc.).
Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack. Denials of service against the TCP/IP stack by using malformed packets.

Preparation for PCI DSS audits
On UNIX (including Mac OS X), it consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user. In typical operation, Nessus begins by doing a port scan with one of its four internal port scanners (or it can optionally use AmapM or Nmap) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction. Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (e.g. audit files, compliance tests, additional vulnerability detection plugins). Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners. If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus' vulnerability test may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production. Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers.

Reference no: EM133792388

Questions Cloud

Why did you select windows or macos as your operating system : Why did you select Windows or macOS as your operating System? What features did you find the most valuable? What features did you find the most valuable?
Analyze the companys use of information and it : Analyze Company's Use of Information and IT. What types of information does this company collect, process, transmit and store as part of its business operation?
How the media responds to your chosen theory : CTCH 203 Introduction to Media and Communication, University of Regina - identifies your chosen media and explains how the media responds to your chosen theory
Which scales would you use to measure each one of them : BUS 698- Enlist your hypotheses describing the assumed relationships between them. Which scales would you use to measure each one of them?
Identify network vulnerability with tool : Identify network vulnerability with tool Use current techniques, skills, and tools to find out different vulnerabilities and the countermeasures for identified
Identify your ethnicity and culture : Identify your ethnicity and culture. Then, list three health promotion strategies that can be taken to address this obesity in your culture/ethnicity.
How a psychiatric nurse practitioner could create space : Discuss how a psychiatric nurse practitioner could create space for a minor to discuss their gender identities and expressions during a session?
Explain the controversy regarding vaccines as possible cause : Explain the controversy regarding vaccines as a possible cause of autism spectrum disorder. Use US scholarly journal articles to explain your response.
What makes childhood depression difficult to assess : What makes childhood depression difficult to assess? Explain your answer by comparing your cultural beliefs regarding depression and anxiety.

Reviews

Write a Review

Computer Networking Questions & Answers

  Networking and types of networking

This assignment explains the networking features, different kinds of networks and also how they are arranged.

  National and Global economic environment and ICICI Bank

While working in an economy, it has a separate identity but cannot operate insolently.

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

  Network simulation

Network simulation on Hierarchical Network Rerouting against wormhole attacks

  Small internet works

Prepare a network simulation

  Solidify the concepts of client/server computing

One-way to solidify the concepts of client/server computing and interprocess communication is to develop the requirements for a computer game which plays "Rock, Paper, Scissors" using these techniques.

  Identify the various costs associated with the deployment

Identify the various costs associated with the deployment, operation and maintenance of a mobile-access system. Identify the benefits to the various categories of user, arising from the addition of a mobile-access facility.

  Describe how the modern view of customer service

Describe how the greater reach of telecommunication networks today affects the security of resources which an organisation provides for its employees and customers.

  Technology in improving the relationship building process

Discuss the role of Technology in improving the relationship building process Do you think that the setting of a PR department may be helpful for the ISP provider? Why?

  Remote access networks and vpns

safekeeping posture of enterprise (venture) wired and wireless LANs (WLANs), steps listed in OWASP, Securing User Services, IPV4 ip address, IPV6 address format, V4 address, VPN, Deploying Voice over IP, Remote Management of Applications and Ser..

  Dns

problems of IPV, DNS server software, TCP SYN attack, Ping of Death, Land attack, Teardrop attack, Smurf attack, Fraggle attack

  Outline the difference between an intranet and an extranet

Outline the difference between an intranet and an extranet A programmer is trying to produce an applet with the display shown in Figure 1 below such that whenever one of the checkboxes is selected the label changes to indicate correctly what has..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd