Vulnerability Scans

/in /by

Create A Virtual Environment And Conduct Vulnerability Scans

Assignment 1.

Create three virtual systems that meet the following criteria:

Use this naming scheme: Across The States Bank.

A Windows Server (Latest Version) (English) Domain Controller with the following services installed (at minimum):

  1. Server Role: Active Directory Domain Services (ADDS) – Promote to DC
  2. Server Role: DNS Server
  3. Features: Group Policy Management

A Windows Server (Latest Version) (English) with the following services installed (at minimum):

  1. Add as member server to domain
  2. Server Role: Application Server
  3. Server Role: Web Server
  4. Features: .Net Framework
  5. Role Services: Web Server (IIS) Support

A Windows Server (Latest Version) (English) with the following services installed (at minimum):

  1. Add as member server to domain
  2. Default installation

NOTE:

Do not install antivirus software or install system updates at this time.

Assignment 2. Dependent on Assignment 1.

During this assignment, students will conduct a vulnerability assessment based on various security frameworks using an industry standard vulnerability scanner. The scan will be conducted on all three Windows Servers within your virtual environment created in the Topic 1 assignment.

Part 1

  1. Download and install Nessus Essentials (free) vulnerability scanner on your Windows Standard Server.
  2. Conduct a vulnerability scan on all three servers.
  3. In a 250- to 500-word technical report, summarize the findings, to include the number of critical vulnerabilities discovered. Make sure to include screen shots of the completed scans.

Part 2

  1. Perform a Windows update on all three servers. Make sure that you have completely updated each server with all applicable patches, service packs, and security updates.
  2. Conduct a second vulnerability scan on all three servers.
  3. Compare the results of your first scan with the second scan after updates. What was the percentage of improvements?
  4. In the same report, present a 250- to 500-word summary of the findings, including the percentage of reduced vulnerabilities. Make sure to include screenshots of the completed scans.