Part 1: Conduct a baseline scan
To complete this part of the assessment, you will be required to participate in a practical demonstration of how to complete a task or activity.
Your responses will be used as part of the overall evidence requirements of the unit.
Refer to the list of steps below to understand what you need to demonstrate in this section of the assessment. The Marking criteria outlines the assessment criteria used to assess your performance.
Once completed you will need to submit this assessment and the tasks and activities you are required to complete to your assessor for marking.
Use the three supplied virtual machines for this assessment. They will be provided to you for download or via online lab access.
The VM’s can be downloaded here: http://bit.ly/CSC72005
Assessment
Complete the tasks with either OpenSUSE or CentOS.
Save the file as “CSC72005_A3_CentOS_<Firstname_Surname>.pdf” or “CSC72005_A3_OpenSUSE_<Firstname_Surname>.pdf”
Step 1: Set up network
Complete the following steps:
- Extract each of the three supplied virtual machines.
- Ensure that each VM’s network adapter is set to the correct network
We suggest trying Bridged or Host Only. - Start each of the your VMs.
- Test that there is network connectivity between each of the virtual machines.
Consider “ping” or “traceroute”. - Identify the IP address of the OpenVAS and other virtual machine.
Consider “ip add” or “ifconfig”.
Step 2: Run baseline scan
- Open a web browser.
- Type in the IP address of the OpenVAS.
Note: You may need to go to port 9392.- You will need to add an exception to accept the certificate.
- Login to the OpenVAS web interface using the following:
- Username = admin
- Password = secret.
Step 3: Run security scan
Note: If you receive a message that a security scan has been previously run, ignore the message and continue with the scan.
Run a scan against the CentOS or OpenSuse systems as follows:
- From the menu tab select Scans then Tasks.
Click on the * icon at the top left.
Create a new task as follows:
- Task Name = CSC72005_SUSE_<Firstname_Surname>
- Create the scan list
- Create a text file with the IP address for openSUSE or CentOS
- Start the scan:
- In the actions column, press the start button
Allow the scan to run.
Step 4: Download and save report
Once the scan has finished, review the report screen and note any vulnerabilities that have been found.
Export the report as a PDF, as follows:
- Click on Scans, then Reports.
- Click on the current scan.
- Click on Report Results and select Report summary and download.
- In the Download column for ‘Full Report’, select PDF instead of Anonymous XML and click on the Download button.
- Save the report.
Step 5: Edit, save and upload report
- Once exported to PDF, use PDF software to highlight vulnerabilities that have a severity of 8.5 or above. You can use Microsoft Word to edit the PDF.
- Add a short description of 3 vulnerabilities rated at high that OpenVAS has found and any recommendations or solutions to mitigate. A maximum of 100 word per vulnerability.
- Briefly, with a maximum of 100 words, provide the history of OpenVAS and how it is related to any other vulnerability scanner.
- Resave the PDF file with the name “CSC72005_A3_OpenSUSE_<Firstname_Surname>.pdf”
Take a screen shot with the changed filename and submit as evidence that you have completed this task.
- Submit the final report as evidence that you have completed this assessment.
Software
OpenVAS
This is the system to perform the
Username: admin
Password: secret
OpenSUSE
Username: student
Password: student
Root Password: secret
CentOS 7
Username: student
Password: student
Root password: secret
Putty Download
[Button id=”1″]
[ad_2]
Source link
"96% of our customers have reported a 90% and above score. You might want to place an order with us."
