User Account

All Pages

Register at tenable to receive an evaluation key

Assignment Help Computer Network Security
Reference no: EM133782333

Question: Register at tenable to receive an evaluation key for a trial version of Nessus. Submit a 3- to 5-page report in APA format in which you:

Explain the steps you took to complete the lab. Include screenshots for the key steps. Report the results of at least two scans and include screenshots. Your document should be 3-5 pages long (not including the list of references), but it is the quality of the work that is important, not the number of pages. Cite and reference all sources using APA format and style guidelines and submit in a single document.
Instruction: Penetration Testing

The Lab Assignment for this week covers ethical hacking (also known as white hacking, or penetration testing).

To prepare for this Lab:

Note 1: Use your Walden University Office365 email account to request the license key; it will not accept Gmail, Yahoo, or Hotmail email addresses.

Note 2: It may take an hour or more to receive an email response containing your evaluation key. You may want to wait until you receive your evaluation key from Nessus before proceeding further.

Step 1: Log in to AWS and create two instances of Ubuntu

Log in to AWS and create/start up two instances of Ubuntu. Label one of the instances Server A and the other one Server B.

Using either GiT or PuTTY, log in to Server A:

Step 2: Install nmap

Install nmap on Server A using the following command:

Step 3: Use nmap to scan Server B

Your first experiment is to use nmap to scan all computers on Server B's network to see which computers are up. This can be done with a ping scan using the nmap "-sP" flags. Nmap sends an ICMP echo and a TCP ACK to each host it scans. Hosts that respond are up and running.

Assume that Server B has the IP address: bb1.bb2.bb3.bb4. For this example, use nmap running on Server A to scan hosts running on the same network segment as Server B. Run this command on Server A:

Note: Using the wildcard character ‘*' to replace the last number in an IPv4 address results in all the servers on that network segment being targeted. In this assignment, we are using IPv4 Class C network addresses which contain 254 servers per network segment.

If you want to check the availability of a system without sending ICMP echo requests, you can issue a TCP "ping" sweep. A TCP "ping" will send an ACK to each server on a target network. Servers that are up should respond with a TCP RST. This is done via the "-PT" flag to target a specific port on the network you are probing. Now you can run this command on Server A:

Nmap provides different types of scans such as TCP connect, TCP SYN, Stealth FIN, Xmas Tree, and Null. These scans can be done using flags: "-sT", "-sS", "-sF", "-sX", "- sN", "-sU" etc., Run these commands from Server A against the Server B network, e.g. using the flag "sT" as follows:

You may also try to check which OS is running on a target server. This scan can take a very long time to complete so it is suggested that you target only Server B, not the Server B network. This command also requires the use of sudo:

Step 4: Install Nessus on Server B

You will use Nessus to scan for server vulnerabilities.

Use either another instance of GiT or PuTTY to log in to Server B.
Make sure you get the version that matches your server - at this time, it is:

Next, save the file on a personal Dropbox (see Option A). Alternatively, you may download the file to your PC or Mac, and move it using Filezilla (see Option B).

Option A: Moving the Package from a Dropbox to Server B

Note: This is the simplest method.

From the prompt on Server B, run the following commands using the correct path for your Dropbox and the version of Nessus you downloaded:

Example:

Option B: Moving the Package from PC or Mac with Filezilla

Use Filezilla to ftp the file from your PC to Server B. (See the Filezilla setup document provided in this week's Learning Resources).

Once the package is on Server B, run the following commands:

Step 5: Configure and Use Nessus

If you have not yet registered, do so now at
to receive an evaluation key for a trial version of Nessus. It may take an hour or more to receive an email response containing your evaluation key.

Note: use your UoL Office365 email account to request the license key; it will not accept Gmail, Yahoo, or Hotmail email addresses.

You need to configure Server B to open ports to use with Nessus. Select the inbound rules for Server B:

Select Security Groups on the left side:

Scroll down until you find your launch wizard:

Click on Edit:

Click on Add Rule:
Use Custom TCP
Set the port to 8834
Under Source, select MyIP for both 8834 and 22
Description - Test Nessus

Click on Save

From your desktop or laptop, connect to Nessus running on your virtual Linux server (i.e., Server B) in the Amazon Elastic Cloud.

Select Profession and click on Continue
You will be prompted to create a Nessus account. Create an account when asked.
Input the activation code: WEBEVAL-53AE-4E54-F26F-1B35-21C2. (This is the one that I received. Please use the one that you received by email from Tenable.)

Note: This step may require up to 30 minutes to complete. When complete, you should see a screen like the screen shown in Figure 1.

After the Nessus server is set up and running, use your Nessus server to scan your Linux server (i.e., Server B) or your classmates' servers to identify vulnerabilities of these sites. For example, you might choose to run a Basic Network Scan, Advanced Scan, a Malware Scan or one of the other scans available.

Step 6: (Optional) Advanced vulnerability scanning tools (this is not mandatory)

Alternatively, you may use Nexpose instead of Nessus to scan your server. But this is optional and is not required for this class.

Rapid 7 Metasploit is a more advanced scanning tool into which users can insert their own attacking codes. It is not required for this class, but if you are interested, you could follow the steps at to install Rapid 7 Metasploit and scan your server.

Step 7: (Mandatory) Stop Nessus

When you are finished, stop Nessus using:

Once you finish this Lab Assignment, make sure you terminate your AWS servers.

Step 8: Terminate your Instance

You can easily terminate the instance from the EC2 console. In fact, it is a best practice to terminate instances you are no longer using so you don't keep getting charged for them.

Back on the EC2 Console, select the box next to the instance you created. Then click the Actions button, navigate to Instance State, and click Terminate.

You will be asked to confirm your termination - select Yes, Terminate.

Note: This process can take several seconds to complete. Once your instance has been terminated, the Instance State will change to terminated on your EC2 Console.

By Day 7

Write a detailed report on what you have done and what you have obtained.
Screenshots of key steps are required. You should report on the results of at least two scans.

Reference no: EM133782333

Questions Cloud

Knowledge of types of labour unions : For international HR managers, a knowledge of the types of labour unions that exist in a particular country is essential.
What features would you encounter along the way : What features would you encounter along the way? Draw a quick sketch of what your traveled path might look like. What would you see on the ocean floor?
What is believed to be the primary reason for sleeping : Define the term "sleep" and describe the stages of sleep. What is believed to be the primary reason for sleeping?
Why is goal specificity crucial in od interventions : Why is goal specificity crucial in OD interventions, and what challenge might arise from having broad, unspecific goals?
Register at tenable to receive an evaluation key : Register at tenable to receive an evaluation key for a trial version of Nessus. Submit a 3- to 5-page report in APA format in which you
Consider the external validity of od intervention : Why is it necessary to consider the external validity of an OD intervention, and what limitation does this consideration address?
Controlling the spread of the disease : Some countries are more successful in controlling the spread of the disease than others. What have these countries done right?
Manufactures unique pens with bolt activation mechanism : Karas Kustoms in Mesa manufactures unique pens with a bolt activation mechanism that does not require a spring like an ordinary pen.
Determine employees responsibility to treat : Determine an employees' responsibility to treat their peers with respect Suppose you're working on a large project in your organization

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd