vulnerabilities

Provide (2) 150 words response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.

RESPONSE 1:

Hello everyone,

The automated assessment tool I picked is Nmap. This tool is commonly know as a port scanner, but it has abilities beyond that with the addition of scripts. These scripts allow it to detect software versions, vulnerabilities, and services. It is quite configurable with the features and abilities it can use such as evasion techniques like IP spoofing and and increased scan speed (5 legitimate tools commonly used for malicious purposes, 2019). Nmap is also known for being able to get around different security levels. An attacker would use Nmap to locate the vulnerabilities of it target.

Common steps in defense against automated assessment tools start with with simply renaming the server hosting software and blocking HEAD requests for content information. While old school, renaming can deceive automated tools into not searching for vulnerabilities and cutting off HEAD request will stop only early scanning technology. After that you would want to hide informational errors, identify non-human request, and stop non-human content requests (Ollmann, 2005). Referer entity field validates appropriate access paths. Single use links and timeouts force a user to respond in a time frame and use a specific navigational path which does not bode well for the automated attack as it does not operate as human does understandably.

Jaron

5 legitimate tools commonly used for malicious purposes. (2019, September 23). Retrieved August 06, 2020, from https://resources.infosecinstitute.com/5-legitimate-tools-used-for-malicious-purposes/

Ollmann, G. (2005, April). Stopping Automated Attack Tools: An analysis of web-based application techniques capable of defending against current and future automated attack tools [PDF]. NGSSoftware Insight Security Research.

RESPONSE 2:

The automated assessment tool that I have chose to talk about is Metasploit penetration testing. Metasploit is a free open source penetrating testing framework. Metasploit is available for the main operating systems (OS). Metasploit can be ran from a command line interface or through is application and it follows the directory with hierarchy of the root folder being pentest. Some of the exploitation tools that this application provides are network exploitation tool, open source exploitation, social engineering tools, web exploitation tools, and wireless exploitation (Singh, 6/22/2012).

Metasploit can work for a cyber criminal as well as it can for ethical hackers working for an organization. A hacker can perform penetration testing on systems using this free tool to find vulnerabilities and exploit it for their gain. The cyber criminal may want to gather sensitive/secret information or financial information for personal gain. The main thing that makes Metasploit dangerous is the different penetration testing’s it provides and the other available options that accompany it such as information gathering, vulnerability assessments, privilege escalation, revers engineering, and forensics (Singh, 6/22/2012). Cyber criminals utilizes Metasploit other tools to gather information such as port scanning with Nmap. Another tool used is Nessus to conduct vulnerability scanning. NeXpose can be used through Metasploit and it is a vulnerability scanning tool that import results to the Matasploit database.

Organizations may reduce the vulnerabilities that Metasploit can identify by providing penetration testing of its own infrastructure. An organization may have their own ethical hackers that conduct penetration testing or they can higher a security firm to preform penetration testing on their network and systems.

Respectfully,

Ben

Reference:

Singh, A. (6/22/2012). Metasploit Penetration Testing Cookbook. Packt Publishing, limited. Retrieved from https://ebookcentral.proquest.com/lib/apus/reader.action?docID=952079

"Get Help With Your Essay
. If you need assistance with writing your essay, our professional essay writing service is here to help!

Order Now