DETERMINE HOW SECURITY POLICIES APPLY TO DATA AND SYSTEM ACCESS.

/in /by

M3A1: Determining Criticality from Ports and ResearchImage Source: www.istockphoto.comLab ObjectivesThis activity will address module outcomes 1, 2, and 3. Upon completion of this activity, you will be able to:• Identify different forms hacking attacks and malware types. (CO3, CO4)• Determine how security policies apply to data and system access. (CO1)• Analyze vulnerability research and test for hacking techniques. (CO1)This week the course assignment asks us to work with Nmap. Review the following videos first.• Introduction of what Nmap is, options, how it works behind the scenes- Nmap Intro.mp4 (Links to an external site.)Links to an external site.• Demonstrating the usage of Nmap against sample target – Nmap Usage.mp4 (Links to an external site.)Links to an external site.• Using Descover Scripts to parse Nmap results into a nice CSV format (covers the table with results you are expected to provide for M3A1) – Parse Nmap with Discover Scripts.mp4 (Links to an external site.)Links to an external site.• Example of the table with results you need to submit for M3A1 (Note this table is what the Discover nmap parser outputs the results to with the exception of the NSE script output) – Table.xlsx For this assignment, we will use Nmap from the Kali, attacker, VM to scan the Metasploitable, target, VM for open ports, running services, service/app versions, target OS, and invoke Nmap Script Engine (NSE) scripts to discover low hanging fruit vulnerabilities. Nmap can be utilized through the Command Line Interface (CLI) version or its Graphical User Interface (GUI) counterpart called Zenmap. Your task is to complete an Nmap scan of the target and report the results in a table format.Lab Instructions• Review all of the provided Nmap videos in the “Course Related Questions”>>Week 3 Additional Material”• Start the Kali VM• Use Nmap or Zenmap to scan your Metasploitable VM. The included videos provide a walkthrough of Nmap usage and scanning a target• Use Nmap build-in help menu as shown in the videos or refer to https://nmap.org/book/man.html (Links to an external site.)Links to an external site. to put together and execute Nmap scan (one scan) with the following options configuredo Enable script scanning, ports scanning, service scanning, OS detection, enable verbosityAND• o Export the results in XML format• Scan only the Metasploitable VM• Save the XML scan results• Complete a table with the results. The example table is provided in Excel formato The table can be prepopulated with most of the information using the Discover Scriptso To download and setup the Discover scripts watch the “Parse Nmap with Discover Scripts” video which provides a step-by-stepo Hint: The same video walks through also conducting Nmap scan against Metasploitable, saving the results in XML file, using Discover to parse the results, and import them into Excel