Once all assets have been identified and their value to the organization has been established, specific threats to each asset are identified. An attempt must be made to establish both the likelihood of the threat’s realization and the impact to the organization if it occurs. While both quantitative and qualitative risk assessments may be performed,when a qualitative assessment is conducted, the risks are place into the following categories:
- High
- Medium
- Low
Typically, a risk assessment matrix is created. Subject experts grade all risks based on their likelihood and impact. This helps prioritize the application of resources to the most critical vulnerabilities.
To install Solarwinds Network Topology Mapper (NTM) click Accept and Install. It will auto download the Microsoft.NET Framework.
Once installation is complete, click New Scan > type a password to encrypt the file.
Click New Credential if network devices uses
a custom SNMP community string. In this case I configured R2 with an SNMPv1 read/write community string of cisco. Version 1 and 2c are both considered insecure and it's recommended to use SNMPv3.
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#snmp-server ?
chassis-id String to uniquely identify this chassis
community Enable SNMP; set community string and access privs
contact Text for mib object sysContact
context Create/Delete a context apart from default
drop Silently drop SNMP packets
enable Enable SNMP Traps
engineID Configure a local or remote SNMPv3 engineID
file-transfer File transfer related commands
group Define a User Security Model group
host Specify hosts to receive SNMP notifications
ifindex Enable ifindex persistence
inform Configure SNMP Informs options
ip IP ToS configuration for SNMP traffic
location Text for mib object sysLocation
manager Modify SNMP manager parameters
packetsize Largest SNMP packet size
queue-length Message queue length for each TRAP host
queue-limit Message queue size for different queues
source-interface Assign an source interface
system-shutdown Enable use of the SNMP reload command
tftp-server-list Limit TFTP servers used via SNMP
trap SNMP trap options
trap-source Assign an interface for the source address of all traps
trap-timeout Set timeout for TRAP message retransmissions
user Define a user who can access the SNMP engine
usm user security model
view Define an SNMP MIB view
R2(config)#snmp-server community ?
WORD SNMP community string
R2(config)#snmp-server community cisco ?
<1-99> Std IP accesslist allowing access with this community string
<1300-1999> Expanded IP accesslist allowing access with this community
string
WORD Access-list name
ipv6 Specify IPv6 Named Access-List
ro Read-only access with this community string
rw Read-write access with this community string
view Restrict this community to a named MIB view
<cr>
R2(config)#snmp-server community cisco ?
<1-99> Std IP accesslist allowing access with this community string
<1300-1999> Expanded IP accesslist allowing access with this community
string
WORD Access-list name
ipv6 Specify IPv6 Named Access-List
ro Read-only access with this community string
rw Read-write access with this community string
view Restrict this community to a named MIB view
<cr>
R2(config)#snmp-server community cisco rw
R2(config)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.3 YES manual up up
FastEthernet1/0 unassigned YES unset administratively down down
FastEthernet1/1 unassigned YES unset administratively down down
Type a Name for the SNMP Credential >
select the SNMP type: Version 1, 2c and 3 > type the Community String
(configure the same on the device) > click Save > click Next. You can
test if SNMP is working by clicking Test Credential.
Create a Windows WMI and VMWare Credentials if being used to gather more info.
Click Add a New Subnet > type the Subnet
Address and Subnet Mask > click Add > click Next.
Type a Scan Name > leave the default
settings unchecked > click Next.
You can create a
Custom schedule or in this case I just chose Yes, run the discovery now (Once) > click
Next.
A Network Discovery Summary page is displayed. Click Discover to start mapping the network.
The Solarwinds NTM was able to discover nodes such as Cisco, Linux and Windows machines. The same function can be done using Zenmap under Kali Linux Applications > 01 - Information Gathering > zenmap. Perform first a scan on the 192.168.1.0/24 and go under Topology > Fisheye to display the network map.
No comments:
Post a Comment