Assignment 8 - Administering Security
Hands-on Activity
(DUE May 2, 2003 by midnight EST)
Network Security - security scanner

Pre-assignment: "A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way.
Unlike many other security scanners, Nessus does not take anything for granted. That is, it will not consider that a given service is running on a fixed port - that is, if you run your web server on port 1234, Nessus will detect it and test its security. It will not make its security tests regarding the version number of the remote services, but will really attempt to exploit the vulnerability."

  1. Download and install a copy of the Nessus client: http://www.nessus.org/download.html (either Nessus 2.0 for Unix/Linux client; or NessusWX for a Windows client
  2. Run Nessus and explore the different options.

Assignment:

Post-assignment: SUBMIT TO DROP-BOX in eCollege.

  1. Submit the report that you saved above.
  2. Submit answers to the following questions based on the reports you generated.
    1. Which host had the higest number of vulnerabilites? least number of vulnerabilities?
    2. What operating systems are running on the three computers?
    3. What web server (if any) is running on each computer?
    4. Which computer is mine?
    5. List several services running on each computer?
    6. Identify one high severity vulnerability for each computer (if there is one). Describe the vulnerability and discuss control(s) to minimize the risk from the vulnerability.
  3. Answer the following questions:

Discussion Questions

  1. (DUE April 16, 2003 by midnight EST) Select one of the following questions to discuss in detail through the threaded discussion.
  2. (DUE April 21, 2003 by midnight EST) Select a discussion from one or more of your classmates and respond to their comments.

Webliography Assignment
(DUE April 21, 2003 by midnight EST) Submit to the class Webliography 5 annotated links related to administering security. These will be added to our Information Assurance E-library (http://csc.ColumbusState.edu/summers/e-library/security.html) You will receive 1 point if just a new link; 1 point if annotation for one of my links; or 2 points if a new annotated link.