This is the Nessus Report -- Nessus Report https://learn.umgc.edu/content/enforced/ XXXXXXXXXX2212-OL2-6980/My_Basic_Network_Scan_qw3e2d%20(2).html VM Scanner Background Report CMIT 421 Threat...

1 answer below »
instructions are included. Please follow it carefully. Last project you guys did it for me, I failed because most of the requirements were not followed. I want only 5 pages. My school login is Amohamed20 p: Sisko-103


This is the Nessus Report --  Nessus Report https://learn.umgc.edu/content/enforced/572633-027858-01-2212-OL2-6980/My_Basic_Network_Scan_qw3e2d%20(2).html VM Scanner Background Report CMIT 421

Threat Management and Vulnerability Assessment Introduction Provide an introduction that includes what you intend to cover in the background paper. Ensure you are specific and define your purpose clearly. Part 1: Nessus Vulnerability Report Analysis In this section, analyze and interpret the results of the report to give your boss a clear picture of the Mercury USA’s potential vulnerabilities. As you analyze the report, address the following points: · Is it appropriate to distribute the report as is, or do you need to interpret the report, attach meaning before sending to management? Explain why or why not. · What is your overall impression of the tool’s output? Is it easy to interpret, well-organized, include enough detail, too much detail? · Does the tool provide enough reporting detail for you as the analyst to focus on the relevant vulnerabilities for Mercury USA? · Name the three most important vulnerabilities in this system for Mercury USA. Why are they the most critical? · How does the report provide enough information to address and remediate the three most important vulnerabilities? Take Note: Judy has asked you to provide a screenshot to help her understand what the Nessus report looks like. Screenshot Instructions 1. Open Lab 4.5.x, “Conducting Vulnerability Scans” within the uCertify Pearson CompTIA Cybersecurity Analyst (CySA+) content   1. After Step 25, click on the scan “General Scan” 1. Click the Report button dropdown and choose HTML 1. In the “Generate HTML Report” dialog, click the Generate Report button   1. Open the report from the browser’s download bar at the bottom of the screen   1. Click the Show Details button 1. Take a full window screenshot that includes the date/time of the report and the date/time area of the VM’s taskbar (refer to the example below) Note: This portion of the background paper also helps determine that your submission is unique. Thus, you must include the specific screenshot as seen below or your project will not be accepted. Part 2: The Business Case Keep these issues in mind as you address the two questions below: · Think back to the video from Mercury USA’s CEO. What were his main areas of concern? · What is the industry/function of the organization? · What kinds of data might be important to the organization? What is your assessment of the Mercury USA’s overall current security posture? What information in the vulnerability scans supports your assessment? Based on the vulnerabilities present in the reports and the information available about them, what threats might an adversary or black hat hacker try to use against the organization to exfiltrate data or hold it for ransom? Part 3: Nessus Purchase Recommendation State your case for your recommendation of the Nessus commercial vulnerability scanner. Be sure to address the following questions: · Do you think the overall presentation and scoring features are adequate for technical professionals? · How can this tool help Mercury USA comply with regulatory and standards requirements? · What is the cost to license the tool? Does the usability, support, and efficacy of the tool warrant the cost? · Do you think the Nessus report is understandable/suitable for management? Explain why or why not. · Would you recommend that Mercury USA purchase the tool? Provide your rationale for this recommendation. Conclusion Provide a conclusion of at least a paragraph summarizing your analysis of the Nessus vulnerability report, your purchase recommendation, and why your purchase recommendation is beneficial for employees, management, and the organization. References Use in-text citations in the body of your memorandum as appropriate. Add all sources you used here. This example citation uses IEEE style. Use a style of your choice or ask your instructor for clarification. When using the associated course content, ensure you cite to the chapter level. An example IEEE citation is provided below for your reference. [1] "Chapter 5: Implementing an Information Security Vulnerability Management Process", Pearson CompTIA Cybersecurity Analyst (CySA+), 2020. [Online]. Available: https://www.ucertify.com/. [Accessed: 28-Apr-2020].
Answered Same DayMar 22, 2021

Answer To: This is the Nessus Report -- Nessus Report https://learn.umgc.edu/content/enforced/...

Ali Asgar answered on Mar 23 2021
151 Votes
VM Scanner Background Report

CMIT 421
Threat Management and Vulnerability Assessment

Introduction
This is an assessment report for Nessus tool, a proprietary vulnerability scanner tool developed by Tenable Inc. Nessus is a scanning tool for scanning remote hosts to test their security. It runs more than 12
00 checks on the host machine to check for any vulnerability that the hacker might exploit to get access to the host and then the entire network. This report is to assess the working of the tool and its reporting features and patterns. The purpose of this report is to look at the vulnerabilities found in the company server and interpret it in simpler language to be able to decide the usability, efficacy and cost justification of this tool.
Part-1: Nessus Vulnerability Report Analysis
By doing an analysis of the report it is confirmed that Mercury USA network is vulnerable to attack by an attacker. The server is running an outdated and unsupported Operating system that is not receiving any further security patches. Due to this the un-resolved vulnerabilities are still there and can be and may have been accessed by the attacker. The report clearly shows there is a Backdoor that’s been detected and it suggest further analysis to confirm if the system has been compromised or not and take necessary corrective action.
On analyzing and interpreting the report it is clear that:
· It would not be appropriate to share this report without any interpretation as this report contains a lot of technical terms that might not be meaningful to the management without a proper analysis by the cyber-security team and the IT Department. The report although very precise, needs to be analyzed by the cyber-security team to pin-point the area of primary concern and provide correct remedy in order to minimize the vulnerability and cost of remediation. One most important thing to note here is that the report is an analysis and it needs further confirmation by checking the necessary processes and files to deduce if the machine or the network is compromised or not.
· Overall, the tool’s output is quite impressive and is organized according to severity of the problem thus the most critical issues are shown on the top. The Severity is clearly marked in color and its corresponding Common Vulnerability Scoring System (CVSS) number is also mentioned. A link is also provided to the plugin page of the vendor’s website that explains the vulnerability, its criticality and its solution in precise and easy to understand language. There are also some references provided for further clarification and knowledge.
· The tool has provided enough detail to acknowledge that there indeed is a very critical security vulnerability in the network and server and it needs to be rectified on immediate basis. The report also shows that there is a high possibility that the server has already been compromised and thus we need to find the extent to which the breach has occurred (if it did) and take necessary remedial actions. There is a possibility that the server is compromised and may need to be cleaned and re-configured.
· The three most critical vulnerabilities in the system for Mercury USA are:
1. Presence of Backdoor: This is the most critical of vulnerabilities present in the system. It indicates that the Mercury USA network is already compromised and attacker may have stolen information or will be planning to do so soon as the backdoor entry...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here