Lab Questions - Part A
192. 168. 100. 106:
No, Nmap is not able to identify all the operating system running on each system. It is able to determine that 192.168.100.103 is running on windows XP. However, the rest from 192.168.100.104 -106 have not been identified. Yes, there is an Nmap feature that can be used for operating system detection. This feature is known as TCP/IP stack fingerprinting. Nmap sending a number of TCP and UDP packets to the host achieves this. The packets are then examined for any responses. It also performs a number of test which include TCP ISM sampling and IP ID sampling. The results of these tests are compared to a database of OS fingerprints. For example, port 23 for Windows XP runs telnet services.
192.168.100.103 seems to be the least secure while 192.168.100.105 seems to be the most secure. This is mainly because 192.168.100.103 has the highest number of open ports as compared to 192.168.100.105, which has 998 closed ports. In addition, it was possible to determine a large number of services running on 192.168.100.103 due to the large number of ports that are open.
1. Nmap can be used to check the security of a device by checking the type of connection that can be achieved on the devices.
2. It can be used to identify ports that are open on a host.
3. It can be used for network mapping and inventory.
4. It can be used to detect hosts that are down. It can be able to ping all hosts to determine whether it is up.
5. It can also be used to detect the IP address of a device.
OS detection seems to be the most useful feature of Nmap. This is mainly because from the feature, it is automatic and it makes it possible to determine the operating system that is running on a system, which makes this feature interesting.
The feature that I found most difficult to use was version detection. This is mainly because it involves querying hosts as well as devices in an effort to determine their version number. This was not an easy feature to use.
Scriptable interaction with the target is an important feature not covered in the lab. This is mainly because it requires knowledge of both the Nmap Scripting Engine and LUA programming language. It would be important to learn these two features of the software.
Assignment Part B: - Nessus scanner
192.168.100.104 Windows XP service pack 2 or 3
192.168.100.105 Linux Kernel
192.168.100.106: Linux Kernel 2.6
1. What web server (if any) is running on each computer? (4 points)
192.168.100.103 had the highest number of vulnerabilities, which were 21 in total. 192.168.100.105 had the least number of vulnerabilities.
The only high-level vulnerabilities that were found were on 192.168.100.103. One of the high vulnerabilities is that its www service may be experiencing a denial of service. This can be mitigated by upgrading the version of Apache used on the machine.
2. To audit networks in an effort to identify vulnerabilities in a network
3. To recommend changes to be implemented in order to reduce vulnerabilities in a network
4. To test patch levels on computers running the Windows
5. To audit passwords in order to ensure that they are secure
I found the reporting feature very useful. This is mainly because the reporting feature allows a user to sort the aspects of a report that he or she wants to view. In addition, this makes it easy to analyze vulnerabilities.
All features were useful and easy to use since the Nessus is user friendly.
The most obvious difference is that Nessus is a browser-based application while Nmap has a client GUI that a user uses to carry out desired tests. Nessus can also be able to detect the operating system being used on the host as compared to Nmap which was unable to detect the operating systems. Nessus is more user friendly as compared to Nmap. It offers more detail as well as better reporting features.
The lab was an excellent learning experience. The changes that I would implement are that I would add more features of the two systems for students to further explore them.
The password auditing feature on Nessus is critical since it uses dictionaries to audit and test passwords. This would be an interesting feature to test since it offers better insight into excellent password selection techniques.