Lab 2 Performing A Vulnerability Assessment Worksheet Essay

* Check existing security scan reports, from WireShark and NetWitness Investigator, and see if we can identify data leakage, and setup new policies and procedures for monitoring web servers and applications.

Risk assessments are vital to be included within a laboratory setting as it involves evaluating the potential risks which may be involved when completing an experiment or activity. The employer must be aware that risks which someone is exposed to at work must be reduced by them responsibly implementing precautions in order to make the setting safer. They need to analyse: what could possible go wrong? How likely is it? And what would be the consequences? These questions are regularly used when creating a risk assessment so that every risk sheet has a similar outline and meets the criteria of an effective risk assessment. It covers the general procedures, the working environment and the handling, storage and transportation of various substances.

HTML5 will also allow pen-testers to review new scans, create new policies, and view scans from any device on the scanner, which means the entire network will be secure. This magnificent security tool is capable of providing any vulnerability within the IP address range, network or host located on the network. Within the configuration and compliance auditing, it can be compared to the Security Content Automation Protocol (SCAP), which is a method used to enable automated vulnerability management (National Institute of Standards and Technology, 2016). Nessus will also ensure the system is configured to be compliant within the security structure of Windows, Linux, Mac OS and applications. One more feature included is the integration of patch management, which allows patch information to be retrieved and to be included in the patch management report. Nessus will go one step further and check to ensure that patches have been properly installed, will audit mobile device weaknesses, gathering data and writing reports about potential threats for the devices connected to the network, whether it be iOS, Android, or Windows operating

The most important step in the fi ve-step hacking process is step 5, where the security practitioner must remediate the vulnerability and eliminate the exploit. What is the name and number of the Microsoft® Security Bulletin?

This lab provided a virtual environment that simulated a corporate WAN network. Having a similar network environment at the organization I am currently employed at, I have some experience with vulnerability scanning. I do not have much experience using the nmap utility however, so I was interested to get some experience by completing the tasks within this lab. I didn’t experience many challenges following the steps in the lab itself. I was able to launch the environment successfully and perform the steps without any issue. As with any new environment, it took me a little time to figure out the layout of the simulation and how it functioned. After reading the documentation and spending about ten minutes clicking through the different areas, I felt comfortable and began the steps of the lab.

This will benefit me while generating a security strategy for the Network and its hardware.

Vitale, D. (2013, Feb 07). Doug Vitale Tech Blog. Retrieved from Network administration commands for Microsoft Windows and Active

The penetration tools provided in this document allow us to review our network from a security standpoint. This paper focused predominantly on phase two of a penetration test, the exploitation phase; however, a successful penetration test typically starts with the reconnaissance phase. In this phase, the tester attempts to gain as much information about the target company and its network as possible. He or she will test the physical infrastructure (how do people gain access to the building?) and other organizational aspects of the company to find a weakness and a way to get in. Also during this portion of the test, the penetration tester will use tools such as NMAP, whois.com, and other resources to obtain information regarding the network

The use of Flow Analysis Port Scan to determine the open ports on routers or hosts

Finally, gathering all this information would enable the network administrator adjust the IDS to attacks specific to the network.

What is the risk impact or risk factor (critical, major, minor) that you would qualitatively assign to the risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for the healthcare and HIPPA compliance scenario?

Nessus is typically installed on a server and runs as a web-based application. Nessus uses plugins to determine if a vulnerability is present on a specified machine.

Despite its impact ping sweeps and port scans are best understood as a huge security threat on today's company's network system.

Identification of controls already in place – including policies, firewalls, applications, intrusion and detection prevention systems, virtual private networks, data loss prevention and encryption.

In the three maintained products the threats and risks are to be identified. Such as the data base securing, user identification, authorizing proper managers, protections from hackers and updated firewalls and less vulnerable software.