Lab 5
Scanning for Network Vulnerabilities Using the GFI LanGuard 2012
Lab Scenario
You have learned in die previous lab to monitor TCP IP and UDP ports 011 your local computer or network using CurrPorts. This tool will automatically mark widi a pink color suspicious TCP/UDP ports owned by unidentified applications. To prevent attacks pertaining to TCP/IP; you can select one or more items, and dien close die selected connections.
Your company’s web server is hosted by a large ISP and is well protected behind a firewall. Your company needs to audit the defenses used by die ISP. After starting a scan, a serious vulnerability was identified but not immediately corrected by the ISP. An evil attacker uses diis vulnerability and places a backdoor on the server. Using die backdoor, the attacker gets complete access to die server and is able to manipulate the information 011 the server. The attacker also uses the server to leapfrog and attack odier servers 011 the ISP network from diis compromised one. As a security administrator and penetration tes te r for your company, you need to conduct penetration testing in order to determine die list o f threats and vulnerabilities to the network infrastructure you manage. 111 diis lab, you will be using GFI LanGuard 2012 to scan your network to look for vulnerabilities.
Lab Objectives
The objective of diis lab is to help students conduct vulnerability scanning, patch management, and network auditing.
111 diis lab, you need to:
■ Perform a vulnerability scan
■ Audit the network
■ Detect vulnerable ports
■ Identify sennit}־ vulnerabilities
■ Correct security vulnerabilities with remedial action
Lab Environment
To perform die lab, you need:
■ GFI Languard located at D:\CEH-Tools\CEHv8 Module 03 Scanning NetworksWulnerability Scanning Tools\GFI LanGuard
■ You can also download the latest version of GFI Languard from the link http://www.gfi.com/la1111etsca11
■ If you decide to download the la te s t version, then screenshots shown in the lab might differ
■ A computer running Windows 2012 Server as die host machine
■ Windows Server 2008 running in virtual machine
■ Microsoft ■NET Framework 2.0
■ Administrator privileges to run die GFI LANguard Network Security Scanner
■ It requires die user to register on the GFI website http: / /www.gii.com/la1111etsca11 to get a license key
■ Complete die subscription and get an activation code; the user will receive an email diat contains an activation code
Lab Duration
Time: 10 Minutes
Overview o f Scanning N etw ork
As an adminisuator, you often have to deal separately widi problems related to vulnerability issues, patch management, and network auditing. It is your responsibility to address all die viilnerability management needs and act as a virtualconsultant to give a complete picture of a network setup, provide risk analysis, and
maintain a secure and compliant network state faster and more effectively. Security scans or audits enable you to identify and assess possible risks within a network. Auditing operations imply any type of checking performed during a network security audit. These include open port checks, missing Microsoft patches and vulnerabilities, service infomiation, and user or process information.
Lab Tasks
Follow die wizard-driven installation steps to install die GFI LANguard network scanner on die host machine windows 2012 server.
1. Navigate to Windows Server 2012 and launch the Start menu by hovering the mouse cursor in the lower-left corner o f the desktop
 |
| FIGURE 5.1: Windows Server 2012 - Desktop view |
2. Click the GFI LanGuard 2012 app to open the GFI LanGuard 2012 window
 |
| FIGURE 5.2 Windows Server 2012 - Apps |
 |
| FIGURE 5.3: Hie GFI LANguard mam window |
 |
| FIGURE 5.4: The GFI LANguard main window indicating die Launch a Custom Scan option |
i. 111 die Scan Target option, select localhost from die drop-down list
ii. 111 die Profile option, select Full Scan from die drop-down list
iii. 111 die Credentials option, select currently logged on user from die drop-down list
6. Click Scan.
 |
| FIGURE 5.5: Selecting an option for network scanning |
7. Scanning will start; it will take some time to scan die network. See die following figure
8. After completing die scan, die scan result will show in die left panel
 |
| FIGURE 5.7: The GFI LanGuard Custom scan wizard |
9. To check die Scan Result Overview, click IP address of die machinein die right panel
10. It shows die Vulnerability Assessment and Network & Software Audit: click Vulnerability Assessment
 |
| FIGURE 5.8: Selecting Vulnerability Assessment option |
 |
| FIGURE 5.9: List of Vulnerability Assessment categories |
 |
| FIGURE 5.10: System patching status report |
 |
| FIGURE 5.11: TCP/UDP Ports result |
15. Click Password Policy
 |
| FIGURE 5.12 Information of Password Pohcy |
 |
| FIGURE 5.13: Information of Groups |
 |
| FIGURE 5.14: scanned report of the network |
Dociunent all die results, dueats, and vulnerabilities discovered during die scanning and auditing process.
Questions
1. Analyze how GFI LANgtiard products provide protection against a worm.
2. Evaluate under what circumstances GFI LAXguard displays a dialog during patch deployment.
3. Can you change die message displayed when GFI LANguard is performing administrative tasks? If ves, how?
Không có nhận xét nào:
Đăng nhận xét