Part 1: Conduct a baseline scan To complete this part of the assessment, you will be required to participate in a practical demonstration of how to complete a task or activity. Your responses will be used as part of the overall evidence requirements of the unit. Refer to the list of steps below to understand what you need to demonstrate in this section of the assessment. The Marking criteria outlines the assessment criteria used to assess your performance. Once completed you will need to submit this assessment and the tasks and activities you are required to complete to your assessor for marking. Use the three supplied virtual machines for this assessment. They will be provided to you for download or via online lab access. The VM’s can be downloaded here: http://bit.ly/CSC72005 Assessment Complete the tasks with a server such as OpenSUSE or CentOS. Save the file as “COMP2002_A3_CentOS_.pdf” or “COMP2003_A3_OpenSUSE_.pdf” If you do not find a vulnerability check with your partner and choose another server. Step 1: Set up network Complete the following steps: Extract the supplied virtual machines.Ensure that each VM’s network adapter is set to the correct networkWe suggest trying Bridged or Host Only.Start each of the your VMs.Test that there is network connectivity between each of the virtual machines.Consider “ping” or “traceroute”.Identify the IP address of the OpenVAS and other virtual machine.Consider “ip add” or “ifconfig”. Step 2: Run baseline scan Open a web browser. Type in the IP address of the OpenVAS.Note: You may need to go to port 9392.You will need to add an exception to accept the certificate.Login to the OpenVAS web interface using the following:Username = adminPassword = secret. Step 3: Run security scan Note: If you receive a message that a security scan has been previously run, ignore the message and continue with the scan. Run a scan against the CentOS or OpenSuse systems as follows: From the menu tab select Scans then Tasks. Click on the * icon at the top left. Create a new task as follows: Task Name = COMP2003_SUSE_Create the scan listCreate a text file with the IP address for openSUSE or CentOSStart the scan:In the actions column, press the start button Allow the scan to run. Step 4: Download and save report Once the scan has finished, review the report screen and note any vulnerabilities that have been found. Export the report as a PDF, as follows: Click on Scans, then Reports.Click on the current scan.Click on Report Results and select Report summary and download.In the Download column for ‘Full Report’, select PDF instead of Anonymous XML and click on the Download button.Save the report. Step 5: Edit, save and upload report Once exported to PDF, use PDF software to highlight vulnerabilities that have a severity of 8.5 or above. You can use Microsoft Word to edit the PDF.Add a short description of 3 vulnerabilities rated at high that OpenVAS has found and any recommendations or solutions to mitigate. A maximum of 100 word per vulnerability.Briefly, with a maximum of 100 words, provide the history of OpenVAS and how it is related to any other vulnerability scanner.Resave the PDF file with the name “COMP2003_A3_OpenSUSE_.pdf” Take a screen shot with the changed filename and submit as evidence that you have completed this task. Submit the final report as evidence that you have completed this assessment. Software Other VM’s may have their own username or password, typically contained in the VM comment. OpenVAS This is the system to perform the Username: admin Password: secret OpenSUSE Username: student Password: student Root Password: secret CentOS 7 Username: student Password: student Root password: secret Putty Download https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
