...Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings of the vulnerability assessment scan and identify critical vulnerabilities. *...
Words: 559 - Pages: 3
...Penetration Test vs. Vulnerability Assessment Ø Penetration testing ensures you that your network will not be penetrated by malicious users. Ø Vulnerability Assessment gives an organization the ability to identify potentials for intrusion to their network. Ø Penetration test are more intrusive Reason for Assessement Ø Identify the vulnerability Ø Quantify the vulnerability Ø Prioritizing the vulnerability Internal vs. External Ø Internal assessment shows the vulnerabilities that employees or anyone with access to the internal network and exploit them. Ø External assessments shows the vulnerabilities from someone without direct access to the internal network. Window of Vulnerability Ø Unknown Window of Vulnerability Ø Known Window of Vulnerability Risk Ø Vulnerability Ø Attacks Ø Threats Ø Exposure Risk = Vulnerability x Attacks x Threats x Exposure Risk of Internal Assessment Ø Can’t be truly objective Ø Fair and impartial assessment Management is force to deal with the “fox in the Hen House” problem Steps 1-3 to an Successful Assessment • Understand the consequences • Document Management buy-in • Develop manageable objectives Step 4-6 to an Successful Assessment • Determine method • Plan for disruptions • Develop an assessment in a impactful, yet understandable, way. Qualified and Experienced outside Third Party. Ø Protect yourself with an contract Ø Breadth of experience Ø Currency with the latest technical...
Words: 255 - Pages: 2
...A. Memo of Case Social engineering is a method of gaining access to information by deception performed against human capital. System penetrators and ‘crackers’ know that people, and their desire to be helpful, or their ability to emote, are the weakest links in any program designed to protect information systems. Attackers can trick or persuade their way into systems in any number of ways via remote and physical means, and convince users to reveal information of interest that can cause harm to an organization. A typical social engineering attack can be segmented into physical and psychological stages. The physical segment of the social engineering operation could include phone calls, or returned phone calls from employees back to the attacker (an example of reverse social engineering) that volunteer information, ‘dumpster diving’ for company specific information that can be used to simulate a rapport or relationship with the company if questioned by an employee or security, emails with surreptitious links requesting unique information such as PIN’s or user names, or physical proximity and entry by impersonating an authorized person. The psychological stage of a social engineering attack takes place after the physical foot printing of the organization by using the bona fides that were learned while gathering physical intelligence to manufacture relationships with persons or the company, or by asserting false authority by impersonating persons or departments within the company...
Words: 1868 - Pages: 8
...The Philadelphia Water Department, Baxter Water Treatment Plant Anthony Vega, Denise Youmans, Christopher Williams, Stephen Glenn, Darnell Jessie Immaculata University EPM 301 Report Summary The purpose of this assessment is designed to look at the hazard vulnerability and exploitation potential surrounding The Philadelphia Water Department, Baxter Water Treatment Plant located at 9001 State Road in Philadelphia, Pa. The treatment plant must be prepared for every emergency when considering the safety of the community. This assessment is a detailed analysis of the possible catastrophic events that could occur in or near the water treatment plant and an inquisition into the possible contingency plans in the event that a catastrophe occurs. This assessment is designed to identify and assess hazards to which the Baxter Treatment Plant is ill-prepared to respond and strengthen these weak areas. Methods We, as a group, conducted site visits and surveys of the property. A point of contact was established within the Philadelphia Water Department, but the Water Department policies dictate that written approval for a site visit must be approved by higher level management. These policies and the limited amount of time in the accelerated semester did not allow us to complete an internal site visit. As a contingency, we evaluated the site from the exterior. Physical surveillance was conducted allowing us to observe the visible security of the premises. The building is surrounded...
Words: 4007 - Pages: 17
...1. Distinguish between and define (see glossary in Maxfield and Brown’s Bebop Bytes Back for the definition of terms not found in Andrews’ A Guide to Managing and Maintaining Your PC): a. Hardware (H/W) b. Software (S/W) c. Firmware (F/W) d. Wetware (W/W) e. Vaporware (V/W) 2. Be able to define or describe: a. I/O device b. I/O controller c. peripheral device d. serial and parallel ports (explain the difference) e. adapter card, expansion card, interface card f. video adapter, video card g. pixel h. keyboard i. mouse j. printer k. BIOS l. device driver m. systemboard, motherboard n. video cable o. drive cable p. ribbon cable q. expansion slot (ISA, EISA, MCA, VL bus, PCI, local bus; what does each of the acronyms stand for?) r. ZIF socket (what does “ZIF” stand for?) s. SIMM (what does “SIMM” stand for?) t. system realtime clock u. jumper v. chipset w. cache memory x. power supply cable y. RAM and ROM z. CPU, microprocessor aa. coprocessor bb. primary storage and secondary storage (give examples of each, and know which is which) cc. volatile vs. nonvolatile memory (know which is which) dd. CMOS configuration chip ee. traces ff. bus gg. power supply 3. Be able to identify all of the items shown in Figures 1-2, 1-3, 1-4, and 1-5 in Andrews’ A Guide to Managing and Maintaining Your PC. 4. What are the principal functions of an Operating System? 5. Distinguish between, and give examples of the use of: a. a command-driven...
Words: 2332 - Pages: 10
...Vulnerability Assessment Penetration Analysis A. Memo For Record: IDS upgrade or replacement Summary of Events: The health care clinic’s network security appliance (combined router/firewall/wireless access point) was hacked and passwords were cracked. Configuration changes to this device opened the network to a Denial-of-Service (DoS) attack. The result of this attack prevented access to patient records and insurance claims as part of their daily routine. The network Intrusion Detection System (IDS) sensor had been previously disabled because of degradation of network performance caused by the device. No advanced notification of system degradation caused by the DoS attack was identified until employees were unable to use the network to perform the jobs. IDS Definition: Network IDS is part of the external boundary protection and monitoring system. Threats to the network from external sources are identified and reported using a management console. With the sensor disabled attacks against the network can be accomplished undetected and reduce response time. “An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to...
Words: 972 - Pages: 4
...VULNERABILITY ASSESSMENT WHITEPAPER Automating Vulnerability Assessment This paper describes how enterprises can more effectively assess and manage network vulnerabilities and reduce costs related to meeting regulatory requirements. Automated Vulnerability Assessment / Vulnerability Management (VA/VM) solutions are supplementing and in some cases replacing manual penetration testing with an overall improvement in network security without increasing costs. New advances have eliminated the high management overhead and false positive rate issues that plagued open source and early market VA/VM entries. This whitepaper discusses: Speed of change in networks, equipment and applications plus the speed of exploit deployment is revealing weakness in corporate policies specifying relatively infrequent manual penetration testing. Perimeter defences (anti-virus, firewall and IPS/IDS) are vital, but can be bypassed by determined effort to reach and exploit known vulnerabilities that reside just inside the fence. The introduction of an automated network scanning mechanism and consolidated reporting to identify and track mitigation of known vulnerabilities is establishing a higher overall security level often using already existing budget and manpower. Table of Contents Introduction................................................................................................................................................... 3 The Challenges of Network Security Assessments .......
Words: 3435 - Pages: 14
...The biggest difference is that with a Vulnerability assessment you know your network security has issues and you want someone to help you locate and remediate those issues. The company will come in an scan the network looking for problems. The goal is to find all of them so the more they can give you the better you will be in the future. Once they find all the vulnerabilities they will help you to prioritize them into a list of most important issues to address first down to the least important issue. When you are ready and feel your network is running pretty well and you have the majority of the security issues fixed you are ready for a Penetration test. A Pen test will be done, generally, by an 3rd party. The 3rd party will have very...
Words: 333 - Pages: 2
...survey or audit can also be referred to as a vulnerability analysis. A security survey is an exhaustive physical examination whereby all operational systems and procedures are inspected thoroughly (Fischer & Green, 2004). A security survey involves a critical on-site examination and analysis of a facility, plant, institution, business or home to determine its current security status, its current practices deficiencies or excesses, determine level of protection needed, and ways of improving overall security levels are recommended. A security survey can either be done by in-house personnel or by external security consultants. However, outside security experts are preferred their approach to the job would be more objective and would not take some parts of the job for granted therefore resulting to a more complete appraisal of current conditions. A security survey/audit should be carried out regularly so as keep improving to and up to date especially with the growing rate of technology. Overall objectives of a security survey are: determination of current states of security, location various weaknesses in the security defenses, determination of level of protection required and finally give recommendations for the establishment of a total security program (Fischer & Green, 2004). Some weaknesses identified in the process of a security survey may be: vulnerability to injury, death or destruction by natural causes, vulnerability of corporate assets to outside and within criminal...
Words: 686 - Pages: 3
...Lab #1 – Attack & Penetration Test Plan Answer Sheet Hacking and Countermeasures 6/28/2013 MR. Walker Ramon B Kreher Jared Long Part 1: Table of Contents 1. Introduction 2. Authorization 3. Preliminary 4. Scope 5. Goals & Objectives 6. Test Plan Reporting 7. Test Plan Reporting 8. Projecting Plan and Schedule Part 2: Sample Authorization Letter The Undersigned hereby testifies that they have proper authority and agrees to offer authorization to perform the work that is specified in the statement of work for the penetration test to be conducted by Security Consulting Inc. The systems to be tested shall not be compromised and any vulnerabilities that are discovered shall be kept confidential unless federal, state, or local law requires that they be disclosed or the statement of work specifies otherwise. This Document also certifies that the undersigned testifies that the Client has sufficient disaster recovery systems and insurance in the event of an incident during or after the test procedures. Part 3: Penetration Test Client Questions If black box is selected, do not fill out question 3 or following sections. 1. Black Box | White Box (please circle one) 2. Intrusive | Non-Intrusive (please circle one 3. Test Credentials: (fill in as many as needed) Username | Password | | | | | | | | | | | | | | | E-Commerce Web-based Application Server 1. Authorized to View Source? Yes | No (please...
Words: 652 - Pages: 3
...Research to invest personal for the sole purpose of constant testing of network security and vulnerability; therefore ensure AR’s safety of intellectual property. Table of Contents Executive Summary……………………………………………………………………….2 Introduction………………………………………………………………………………..2 Recommendations…………………………………………………………………………3 Budget……………………………………………………………………………………...4 References………………………………………………………………………………….4 Executive Summary Advanced Research (AR) is on its way to becoming a major player in the medical research and development industry. However, suspicion that the corporate network infiltrated from unauthorized sources more than once, indicated the lack of solid security measures. The false allegations of unethical research and development practices are proof of such accesses. Despite the security troubles and false allegations, AR has experienced a 40% increase in business and as result of the increase AR has hires more stuff. The increase traffic is another indication that AR needs a sure and effective method to securing employee’s credential and devices. AR’s innovative research and development information is paramount to its continued success as a company. AR must enhance every security measure to meet the increase in business and procurement of new tools, personal and advance software for the sole purpose of testing the vulnerabilities in our...
Words: 1213 - Pages: 5
...of such a threat is the Trojan circuit, an insidious attack that involves planting a vulnerability in a processor sometime between design and fabrication that manifests as an exploit after the processor has been integrated, tested, and deployed as part of a system. Vulnerability is the existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved. Vulnerability is a weakness which consists of three elements which include system susceptibility, attacker access to the flaw and attacker capability to exploit the flaw. A security risk may be considered as a vulnerability and there are vulnerabilities without risk when the affected asset has no value at all. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software to when access was removed, a security fix was deployed, or the attacker was disabled. Vulnerabilities that are not related to software include hardware, site and personnel vulnerabilities. A large source of vulnerabilities include constructs in programming languages that are hard to use in the right way. Threats...
Words: 657 - Pages: 3
...Vulnerability Management Policy Purpose The purpose of this policy is to increase the security posture of IHS systems and mitigate threats posed by vulnerabilities within all IHS-owned or leased systems and applications. Scope This policy applies to all IHS employees, contractors, vendors and agents with access to any part of IHS networks and systems. This policy applies to remote access connections used to do work from a remote location, including reading or sending email and viewing intranet web resources. Policy 1. Approved Scanning Tools 1.1 There are numerous, tools that can provide insight into the vulnerabilities on a system. Not all scanning tools have the same set of features. The CSO shall be the sole entity to implement an enterprise...
Words: 1400 - Pages: 6
...intellectual property, trade secrets, and proprietary corporate data, the risk of a data breach is now higher than ever before. To monitor and protect information from hackers, malicious and well-meaning insiders, organizations should select solutions based on an operational model for security that is risk-based and content-aware. Here are six steps that any organization can take, using proven solutions to significantly reduce the risk of a data breach. 1 2 3 4 5 6 Stop incurSion By targeteD attackS The top four means of hacker incursion into a company’s network are through exploiting system vulnerabilities, default password violations, SQL injections, and targeted malware attacks. To prevent incursions, it is necessary to shut down each of these avenues into the organization’s information assets. Core systems protection, IT compliance controls assessment automation, and endpoint management, in addition to endpoint, Web, and messaging security solutions, should be combined to stop targeted attacks. iDentify threatS By correlating real-time alertS with gloBal intelligence To help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. The value of such real-time alerts is much greater when the information they provide can be correlated in real time with current research and analysis of the worldwide threat environment. proactively protect information ...
Words: 642 - Pages: 3
...be very rewarding. Knowing the over-all methodology can help the clients understand the process and the steps that help do the assessment. Qualified and experienced consultant who will work on site with you and your team to examine each of the ten risk areas (described below) in sufficient detail to identify the strengths and weaknesses of your current security posture. All this information consolidated into a tailored, immediately usable action plan that will help you close the gap between recognized good practice and what you are actually doing. The assessment can also find bottlenecks within the network that slow data and cause unnecessary downtime. Reports are produce so that concerns or problems will easily identified. Our organization finalizes the assessment and makes recommendations for improvements on the network. Our assessment included five major attributes, which are infrastructure, performance, availability, management, and security. When the final assessment is finished, the collected data reviewed for problems that negatively affect the network. We test the network at multiple levels for enterprise deigns errors, application problems, and equipment and circuit errors. We do not take our work or are assessments lightly it will be our pleasure to find what make your network function correctly and more proficiently. This assessment will take time and patients. Our team will conduct it with speed and professionalism that organizations like Cyber-Core demands...
Words: 612 - Pages: 3