When conducting the pen test the following risks were identified and categorised. Management SummaryĪs requested, a pen test was conducted on the vulnerable metasploitable machine as security risks had been identified previously by internal IT staff members. These ports need to be closed in order to ensure no ports can be exploited and root access granted to unauthorised users. The ports specified as being open can be found in ( Figures 3–6). In addition, it was found to be that many TCP and UDP ports were marked as open using nmap scans using flags -sV -sU -sT -O. As for the remaining vulnerabilities there needs to be remediation for them put into place over the next 10 days to ensure the metasploitable machine is fully secure and protected from any potential data breaches from potential hackers. It is vital that the 9 critical vulnerabilities identified are patched within the next 24 hours to ensure that none of the internal systems are compromised otherwise there is a high risk of allowing internal company access to potential hackers. These results were conducted and gathered using an open-source vulnerability scanner known as Nessus to evaluate any potential weaknesses which could allow the metasploitable system to be compromised through Kali Linux. The breakdown of the vulnerabilities is as follows: It was found that a total of 71 security vulnerabilities. Using Kali Linux, Nessus and Metasploitable to test for Vulnerabilities (Assignment written for Sheffield Hallam University) Technical SummaryĪs requested by company (X), a penetration test of the metasploitable machine was conducted to due to recent concerns made by IT Staff internally.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |