Nessus allows you to remotely audit a network and determine if it has been broken into or misused in some way. It also provides the ability to locally audit a specific machine for vulnerabilities.
This lab will give you experience on scanning the network for vulnerabilities, and show you how to use Nessus. It will teach you how to:
In the previous lab, you learned to use different tools to extract a company's information. Once attackers have the information related to network devices, they can use it as an entry point to a network for a comprehensive attack and perform many types of attacks ranging from DoS attacks to unauthorized administrative access. If attackers are able to get traceroute information, they might use a methodology such as firewalking to determine the services that are allowed through a firewall.
If an attacker gains physical access to a switch or other network device, he or she will be able to successfully install a rogue network device; therefore, as an Information Security Auditor/ Penetration Tester, you should disable unused ports in the configuration of the device. Also, it is very important that you use some methodology in detecting such rogue devices on the network.
As an expert penetration tester, you must understand how vulnerabilities, compliance specifications, and content policy violations are scanned using the Nessus tool.
The Security Analyst Exercises / Vulnerability Analysis contains the following Exercises:
- Vulnerability Analysis Using the Nessus Tool
The Virtual Private Cloud for this Lab set utilizes:
Security Analyst Exercises are available as part of the following subscription:
Each subscription provides 6 months access to 15 Different Exercises.
Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise. The Penetration Testing Exercises are designed to give the user an ultimate hands-on experience. Each exercise category above has it’s own Virtual Private Cloud that comes preconfigured with Vulnerable websites, Victim Machines, and the environment is LOADED with tools. Included in your network share are all the supporting tools required to practice in the Cyber Range / Lab environment.
Lab exercises are included for:
- TCPIP Packet Analysis
- Information Gathering
- Vulnerability Analysis
- External Penetration Testing
- Internal Network Penetration Testing
- Firewall Penetration Testing
- IDS Penetration Testing
- Password Cracking Penetration Testing
- Social Engineering Penetration Testing
- Web Application Penetration Testing
- SQL Penetration Testing