[go: up one dir, main page]
Scribd
Upload
25 views2 pages

Lab 5

The document outlines the importance of identifying threats and vulnerabilities in IT infrastructure as a crucial step in risk management and security strategy. It discusses the need for security operations for servers handling critical applications and customer data, and emphasizes the use of tools like CVE for identifying vulnerabilities. Additionally, it highlights the necessity of timely software updates and suggests using Nmap as a primary tool for ethical hacking penetration tests.

Uploaded by

minhmeomn204
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
25 views2 pages

Lab 5

The document outlines the importance of identifying threats and vulnerabilities in IT infrastructure as a crucial step in risk management and security strategy. It discusses the need for security operations for servers handling critical applications and customer data, and emphasizes the use of tools like CVE for identifying vulnerabilities. Additionally, it highlights the necessity of timely software updates and suggests using Nmap as a primary tool for ethical hacking penetration tests.

Uploaded by

minhmeomn204
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Lab #5: Assessment Worksheet

Identify Threats and Vulnerabilities in an IT

Infrastructure

Overview

One of the most important first steps to risk management and

implementing a security strategy is to identify all resources and hosts

within the IT infrastructure. Once you identify the workstations and

servers, you now must then find the threats and vulnerabilities found

on these workstations and servers.

Servers that support mission critical applications require security

operations and management procedures to ensure C-I-A throughout.

Servers that house customer privacy data or intellectual property

require additional security controls to ensure the C-I-A of that data. This

lab requires the students to identify threats and vulnerabilities found

within the Workstation, LAN, and Systems/Applications Domains.

2. Which scanning application is better for performing a network

discovery reconnaissance probing of an IP network infrastructure?


CVE is a list of information security vulnerabilities and exposures that

aims to provide common names for publicly known problems

12. Explain how the CVE search listing can be a tool for security

practitioners and a tool for hackers.

It enables the users to identify system weaknesses. For hackers, this

may be extremely useful information. They could utilize this

vulnerability to conduct an attack if he knows about it. This will assist

the administrator in identifying and resolving problems, or at the very

least mitigating them.

13. What must an IT organization do to ensure that software updates

and security patches are implemented timely?

Scan for vulnerabilities and find the patch to fix them

14. What would you define in a vulnerability management policy for an

organization?

The possible risk involved with vulnerabilities that were found on

systems and how to plan to mitigate them.

15. Which tool should be used first if performing an ethical hacking

penetration test and why?

When executing an ethical hacking penetration test, Nmap should be

used. Because it's a robust port scanner and auditing tool. It is also an

open-source application that may run on a variety of operating

systems, including Windows, Linux, and Mac OS.

You might also like