Professional Documents
Culture Documents
Lab-M04-02: Vulnerability
Scanning
NOVEMBER 16, 2017
BY: LIVIA NGUYEN, MARK LAROCQUE, VIRGIL WYLIE
Contents
Summary ......................................................................................................................................... 2
Check ........................................................................................................................................... 5
Uncheck....................................................................................................................................... 5
MyPolicy Scan ................................................................................................................................ 8
Nessus is used to perform vulnerability scan on the Window XP target host for
vulnerabilities. The scan was performed to identify potential vulnerabilities in the system. The
default scan gives a simple list of information and the time is faster. Creating policy and applied
it to the scan will allow a more accurate report for potential vulnerability and reduce the time that
it takes to run the scan by check and uncheck unnecessary scan on something that is not
needed. The scan result and report will be analyzed to find false positives or any potential
vulnerability that the system might not be able to scan due to certain reason.
Target Information
IP Address: 10.31.104.14
The scan result on target with the IP address 10.31.104.10 Windows XP system, show that there
is five potential vulnerability. Port 23, 135, 139, 445, 3389 is open on the targets system. The
following port is telnet, eqmap, smb, cifs, msrdp and it is vulnerable to an attacker because it
could be used to access the system. Telnet protocol allows user to establish a connection to TCP
port 23. Port 135 is the Remote Procedure Call (RPC) port, which is used in client/server
applications. The SMB port, which is essentially the Session Message Packet. Common Internet
File Service (CIFS) port is used by windows system for file sharing.
Custom Scan Policy
Check consider unscanned port as close to making sure that we are only scanning the target that
we want. Override automatic firewall detection and use aggression detection will allow us to
bypass firewall and continue with the scanned without having to stop. Checking stop after on
flaw is found per parameter make the scan to make sure that at least one flaw is found within one
perimeter to speed up the time and at the same time running vulnerability scan on multiple
parameters and cover a certain range of area. Make sure to uncheck allow users to edit scan
Check
Ports- Consider unscanned ports as closed
Network Port Scanners - Override automatic firewall detection Use aggressive detection
Stop after one flaw is found per web server > Stop after one flaw is found per parameter
Uncheck
Allow users to edit scan results
MyPolicy Scan
Running the scan again by using the MyPolicy template speed up the time that it takes to
perform the same scan and cover a certain area within the scan in the scan report.
Scan Analysis
There are no items that I suspect are false positives because the scan only present information on
the open port on the system. The reason why I believe that there are no false positives items is
that the vulnerability scan result show similar open port to the initial port scan using nmap and
the systems information that present during the scan is accurate to the information that was
gathered by doing a port scan. I believe that there are vulnerabilities on the system that the
vulnerability scanner didnt find because there are services and different application that the
system does not pick up and the scan result only show information on the system and general
open ports information. Every system has some sort of service running, but nothing was