e-Portfolio Activities
Practical Activity - Scanning Exercise
Using your assigned website, carry out the following exercises reporting on the questions listed below.
Perform a basic scan using standard tools such as traceroute (not ICMP version). Use these basic tools to compile a list that details the following information:
- How many hops from your machine to your assigned website?
- Which step causes the biggest delay in the route? What is the average duration of that delay?
- What are the main nameservers for the website?
- Who is the registered contact?
- What is the MX record for the website?
- Where is the website hosted?
e-Portfolio Activity - Kali Linux
Read the following articles on Kali Linux:
Leroux, S. (2020) The Kali Linux Review You Must Read Before You Start Using It. It's FOSS. Available from: https://itsfoss.com/kali-linux-review/
Bhatt, D. (2018) Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper. International Journal of Scientific & Technology Research 7(4): 233-237.
- What does the article teach you about carrying out vulnerability scans using Kali?
- What issues might you encounter?
- How would you overcome them?
Bhingardeve, N. & Franklin, S. (2018) A Comparison Study of Open Source Penetration Testing Tools. International Journal of Trend in Scientific Research and Development 2(4): 2595-2597.
- How do their results compare with your initial evaluation?
- What do you think of their criteria?
“Kali Linux is a well-respected collection of open source pen testing tools, including metasploit, nmap, wireshark and sqlmap amongst many others. It has the benefit of being available as a ‘live distro’ which means that there is no requirement to install it – it will run from a DVD or a USB/ thumb drive. For these reasons, we recommend that Kali Linux is the tool of choice for this assignment.” (UoEO Computing Team, 2020.)
Based on your evaluation in the previous session and the articles above, consider the recommendation given above:
- What are the pros and cons of using Kali Linux vs. Nessus?
- Has this changed your original evaluation score?
Wiki Submissions
As the module progressed Wiki entries were submitted. These are listed below:
Wiki Entry - Medical Device Security
Hi Team
I came across a very informative research report on connected medical device security. This is a 2020 Research Report titled "Connected Medical Device Security: A Deep Dive into Healthcare Networks" by Forescout Research Labs.
Available from: https://www.forescout.com/resources/connected-medical-device-security-a-deep-dive-into-healthcare-networks/
It is worth a read and contains some very useful information and statistics on medical devices and security.
Click here to download the article
Wiki Entry - Scanning Exercise and Collaborative Learning
Perform scans against your assigned website using the tools available in Kali Linux. Answer as many of the following questions as you can:
- What Operating System does the web site utilise?
- What web server software is it running?
- Is it running a CMS (Wordpress, Drupal, etc?)
- What protection does it have (CDN, Proxy, Firewall?)
- Where is it hosted?
- Does it have any open ports?
- Does the site have any known vulnerabilities?
- What versions of software is it using? Are these patched so that they are up to date?