You are on page 1of 6

Vulnerability Assessment Plan

1 Purpose
This document discusses the planning, execution, and reporting of a Vulnerability
Assessment (VA) performed on a single host with IP address 192.168.1.138.

This document lists the steps in the VA process and suggests resources or tools that
can help. Upon completion of the VA, findings will be reported in a remediation
plan.

2 Scope
The internal vulnerability scan is used to gather data to assess the effectiveness of
security control measures on a host. The host was scanned using a laptop plugged
into the 192.168.1.0/24 network and given an IP address of 192.168.1.126 (Guest OS
– Kali Linux).

3 Process Overview
Vulnerability scans always run the risk of affecting hosts in a negative way, either
slowing performance or even causing a crash. Aggressive scan settings will not be
used to try to reduce this risk as much as possible.

The VA will include the following activities:


- Discovery of the host on the network
- Verification of listening ports and services
- Discovery of any known vulnerabilities of network accessible ports and services

a. Discovery of host
Approach: For the specified network, verify the host is discoverable.

Document the execution of this activity and include the following as appropriate:
- Methodology utilized to obtain the list of hosts on the network (i.e. Nmap scan,
etc.).
- Scan result data, screenshots, or other appropriate evidence demonstrating
methodology.

b. Open Ports and Services


Approach: For the host found in the discovery phase, obtain a list of open ports
and services.
Document the execution of this activity and include the following as appropriate:
- Methodology utilized to obtain the list of listening ports and services for each
host (i.e. Nmap scan, netstat, etc.).
- Scan result data, screenshots, or other appropriate evidence demonstrating
methodology.

c. Vulnerabilities of network accessible ports and services


Approach: For the host found in the discovery phase, identify network accessible
ports and services along with the identification of known vulnerabilities
associated with the services running on those ports.

Document the execution of this activity and include the following as appropriate:
- Methodology used to enumerate network accessible ports and services along
with associated vulnerabilities (i.e. Nessus, OpenVAS, etc.).
- Identification of any service vulnerabilities.

4 Vulnerability Assessment Report


Upon completion of the VA, the methods used, results, execution evidence
(screenshots, imbedded files, etc.) are reported below.
Vulnerability Assessment Report

Date of Assessment: March 5, 2017


Network: 192.168.1.0/24

1. Host Discovery
a. Method Used
Nmap scan
# nmap -O 192.168.1.138

b. Results
192.168.1.138 Host (Linux 2.6.9-2.6.33)

c. Evidence of method used

2. Open Ports and Services


a. Method(s) Used
nmap scan of all TCP ports and common UDP ports. Aggressive scan of UDP ports
performed since scan target crash not a concern.
# nmap -p0-65535 192.168.1.138

# nmap -sU -T5 192.168.1.138

b. Results
Open TCP Ports
21, 22, 23, 25, 53, 80, 111, 139, 445, 512, 513, 514, 1099, 1524, 2049, 2121,
3306, 3632, 5432, 5900, 6000, 6667, 6697, 8009, 8180, 8787, 37377, 40932,
52248, 60432

Open UDP Ports


53, 111, 137, 2049

c. Evidence of Method Used


TCP Port Scan
UDP Port Scan

3. Vulnerabilities of Listening Ports and Services


a. Method Used
Nessus Home v6.10.2

b. Results

CRITICAL HIGH MEDIUM LOW INFO Total


Vulnerabilities 5 8 30 9 83 135

Double click on the report icon below for more details.

Metasploitable2_Vu
ln_Scan.pdf
c. Evidence of Method Used

4. Disclosures
A vulnerability assessment is a point-in-time analysis. New vulnerabilities may be
introduced with any changes to the host, even new patches. Annual vulnerability
assessments are recommended.

You might also like