Sergio Ginocchio
  • Home
  • About
  • Cyber Security Operations and Leadership Program
    • Cyber Security Fundamentals >
      • Vulnerability Assessment
    • Cryptography >
      • Cryptographic Techniques for Network Security
    • Security Architecture
    • Operational Policy >
      • Summary of Major US and Industry Rules
      • Data Classification and Security Policy Models
      • Privacy Policy
    • Risk Management
    • Management and Cyber Security
    • Secure Software Design and Development
    • Network Visualization and Vulnerability Detection >
      • SIEM Tools Trade Study
      • Vulnerability Scanning Tools
      • Viewing Network Communications with Wireshark
    • Cyber Threat Intelligence
    • Cyber Incident Response and Computer Forensics
  • Reference Link Library
    • Major Industry Websites
    • Government Resources
    • Cybersecurity News
    • Cyber Security Tools >
      • Tools
    • Certification and Training
    • Books
    • Coursework Final Papers
  • Media Presentation
  • Home
  • About
  • Cyber Security Operations and Leadership Program
    • Cyber Security Fundamentals >
      • Vulnerability Assessment
    • Cryptography >
      • Cryptographic Techniques for Network Security
    • Security Architecture
    • Operational Policy >
      • Summary of Major US and Industry Rules
      • Data Classification and Security Policy Models
      • Privacy Policy
    • Risk Management
    • Management and Cyber Security
    • Secure Software Design and Development
    • Network Visualization and Vulnerability Detection >
      • SIEM Tools Trade Study
      • Vulnerability Scanning Tools
      • Viewing Network Communications with Wireshark
    • Cyber Threat Intelligence
    • Cyber Incident Response and Computer Forensics
  • Reference Link Library
    • Major Industry Websites
    • Government Resources
    • Cybersecurity News
    • Cyber Security Tools >
      • Tools
    • Certification and Training
    • Books
    • Coursework Final Papers
  • Media Presentation

Vulnerability Assessment
 
Purpose
The purpose of this document is reporting the findings of the network vulnerability assessment. This document describes the scope of this assessment, the network components, the tools used in this assessment, the findings of the assessment and the recommended actions to correct any vulnerabilities found.
Scope
The scope of this assessment is to attempt to discover all vulnerabilities on the home wireless network and all the devices attached to the network
Preparation
The tools to be used for this assessment are Nmap and OpenVas with Greenbone Security Assistant.
The initial step will be to discover all the devices attached to the home wireless network. This will be accomplished by using the Nmap tool. The known ip address range for this network is 192.168.1.0/24.
Executing the following  `nmap 192.168.1.0/24 >> nmapOutput` will find all the devices on the network. It will also provide very useful information that will be used in the next step.  This output will not only contain the ip address and information on open ports but the output will be use as input for OpenVas.
This will produce an IP list of targets that will be used to configure the targets in OpenVas
cat nmapOutput.txt |grep 'Nmap scan report' | cut -d' ' -f5- >>iplist.txt
Picture
This is the list of identified targets found with nmap:

Network Router

Nmap scan report for 192.168.1.1

Host is up (0.0015s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

53/tcp open domain

80/tcp open http

548/tcp open afp

631/tcp open ipp

5000/tcp open upnp

8200/tcp open trivnet1

20005/tcp open btx

MAC Address: 2C:30:33:61:BB:AF (Netgear)

Smart TV 1

Nmap scan report for 192.168.1.3

Host is up (0.0023s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

80/tcp open http

8008/tcp open http

8009/tcp open ajp13

MAC Address: AC:9B:0A:E1:AA:A7 (Sony)

TV Box 1

Nmap scan report for 192.168.1.4

Host is up (0.0066s latency).

Not shown: 999 closed ports

PORT STATE SERVICE

111/tcp open rpcbind

MAC Address: FC:52:8D:CC:25:4A (Technicolor CH USA)

TV Box 2

Nmap scan report for 192.168.1.5

Host is up (0.0072s latency).

Not shown: 999 closed ports

PORT STATE SERVICE

111/tcp open rpcbind

MAC Address: FC:52:8D:CC:24:2D (Technicolor CH USA)

Desktop

Nmap scan report for 192.168.1.7

Host is up (0.0022s latency).

All 1000 scanned ports on 192.168.1.7 are filtered

MAC Address: 6C:62:6D:43:C7:9B (Micro-Star INT'L)

iPad

Nmap scan report for 192.168.1.9

Host is up (0.044s latency).

Not shown: 996 closed ports

PORT STATE SERVICE

1022/tcp filtered exp2

18988/tcp filtered unknown

51103/tcp filtered unknown

62078/tcp open iphone-sync

MAC Address: 04:15:52:5F:7D:72 (Apple)

BL Laptop

Nmap scan report for 192.168.1.10

Host is up (0.0089s latency).

All 1000 scanned ports on 192.168.1.10 are filtered

MAC Address: 64:80:99:97:6F:99 (Intel Corporate)

Wireless Printer

Nmap scan report for 192.168.1.11

Host is up (0.0033s latency).

Not shown: 984 closed ports

PORT STATE SERVICE

80/tcp open http

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

631/tcp open ipp

6839/tcp open unknown

7435/tcp open unknown

8080/tcp open http-proxy

8089/tcp open unknown

9100/tcp open jetdirect

9101/tcp open jetdirect

9102/tcp open jetdirect

9110/tcp open unknown

9111/tcp open DragonIDSConsole

9220/tcp open unknown

9290/tcp open unknown

MAC Address: 9C:B6:54:63:6E:07 (Hewlett Packard)

TV Box 3

Nmap scan report for 192.168.1.17

Host is up (0.0072s latency).

Not shown: 999 closed ports

PORT STATE SERVICE

111/tcp open rpcbind

MAC Address: FC:52:8D:CC:1D:C1 (Technicolor CH USA)

Smart TV 2

Nmap scan report for 192.168.1.18

Host is up (0.0096s latency).

Not shown: 991 filtered ports

PORT STATE SERVICE

6001/tcp closed X11:1

6002/tcp closed X11:2

6003/tcp closed X11:3

6004/tcp closed X11:4

8082/tcp open blackice-alerts

9001/tcp open tor-orport

10000/tcp closed snet-sensor-mgmt

10010/tcp open rxapi

49153/tcp closed unknown

MAC Address: 10:77:B1:06:66:7C (Samsung Electronics)

Dell Laptop 3

Nmap scan report for 192.168.1.20

Host is up (0.11s latency).

All 1000 scanned ports on 192.168.1.20 are filtered

MAC Address: 18:4F:32:F2:79:15 (Hon Hai Precision Ind.)

ASUS Laptop 4

Nmap scan report for 192.168.1.33

Host is up (0.11s latency).

All 1000 scanned ports on 192.168.1.33 are filtered

MAC Address: 34:02:86:5D:C0:DC (Intel Corporate)

HP Laptop (host)

Nmap scan report for 192.168.1.38

Host is up (0.00039s latency).

Not shown: 998 filtered ports

PORT STATE SERVICE

2869/tcp open icslap

5357/tcp open wsdapi

MAC Address: E0:94:67:38:BC:15 (Intel Corporate)

Smart TV 3

Nmap scan report for 192.168.1.40

Host is up (0.021s latency).

All 1000 scanned ports on 192.168.1.40 are filtered

MAC Address: 40:16:3B:5F:BB:0A (Samsung Electronics)

WiFi Extender

Nmap scan report for 192.168.1.250

Host is up (0.0021s latency).

Not shown: 998 closed ports

PORT STATE SERVICE

80/tcp open http

3333/tcp open dec-notes

MAC Address: A0:21:B7:98:3A:6D (Netgear)

Laptop (VirtualBox)

Nmap scan report for 192.168.1.37

Host is up (0.0000010s latency).

Not shown: 998 closed ports

PORT STATE SERVICE

80/tcp open http

443/tcp open https

Scan
After creating the target(s) , a task is created in the Scan Management by selecting the target and specifying the Scanner option. Then the Scan can be executed.
Picture
Picture
Assessment Results
This scan did not really find any vulnerabilities. Another scan selecting a deeper scan in the Scan Config option in Task Management is recommended.
Picture
Picture
Assessment Results
This scan did not really find any vulnerabilities. Another scan selecting a deeper scan in the Scan Config option in Task Management is recommended.
Full OpenVas Report:
openvas_report.pdf
File Size: 257 kb
File Type: pdf
Download File

References:
https://www.cyberciti.biz/networking/nmap-command-examples-tutorials/
http://security.stackexchange.com/questions/9322/nmap-scan-shows-ports-are-filtered-but-nessus-scan-shows-no-result
https://nmap.org/book/man-port-scanning-basics.html