Background
Information Assurance is a successful research and development company that prides itself on superior medical and pharmaceutical products. Due to its achievements Information Assurance is gaining ground in the research and development industry. This has inadvertently attracted cyber criminals which have resulted in attacks to attempt the theft of intellectual property. The stolen intellectual property is then sold to Information Assurance competitors which led to false accusations in 2011. The company has suffered from vandalism of their corporate website and numerous Denial of Service attacks over a 9 month period. These cyber crimes have caused damage to the company’s image and degraded public trust.
In spite of the attacks on the company, Information Assurance has persevered and continues to flourish. The continuous improvement of research and development projects over the years has proven fruitful. In order to maintain momentum and carry on growth, Information Assurance heavily relies on its medical and pharmaceutical advancements. Though the company is currently breathing a sigh of relief, there is still fear of the possibility that valuable intellectual property may become compromised once more. Concern is raised as recent events of cyber theft claims one of Information Assurance’s top competitors who has been strong in the industry for over 40 years. Due to the increasing threat of cyber theft, Information Assurance is beginning to entertain the idea of improving security.
Addressing the Problem
Information Assurance is still a young company whose executives are hesitant in investing in a network security program. As technology advances and cyber attacks are becoming more common, falling behind in this sector of the company could result in great loss in the future. As a result of this, security holes create attack points and vulnerabilities for hackers to steal information, damage assets, and wreak havoc on the infrastructure. Implementing strong network security will greatly decrease attack vectors and vulnerabilities.
In particular, I advise performing a thorough vulnerability assessment that will provide enormous insight into the health of our corporate network. A vulnerability assessment defines, identifies, and classifies security holes in a network that requires attention (Rouse, 2016). Recommendations are then proposed to remedy any concerns discovered concluding the assessment. Once the updates are installed, another scan can be performed to ensure compliance is being met.
The assess, patch, and verify cycle is a standard method of addressing security issues in an organization, and is required by some outside groups (Rogers, 2011). Additionally, this security measure can be used to create trend reports which provide statistics for areas showing improvement and areas still needing improvement. It can also provide insight into post attacks where systems were compromised. Event correlation can show specifics on how the attack was carried out (Rogers, 2011). Using the right tool to carry out the assessment will ensure the best results and is vital in securing a network. A Vulnerability scanner would be a great addition to the security program in safeguarding the company network against cyber criminals.
Nessus
As stated before, choosing a competent security tool to assess your network for vulnerabilities is a very important thing to consider. One tool stands out in particular that I highly recommend. Nessus is a program developed by Tenable Network Security to scan networkable devices for vulnerabilities, compliance, threats, and configuration audits (Kamal, 2014). Many IT professionals in top organizations use Nessus due to its stability, practicality, consistency, and usability. Tenable supplies network security to more than a million customers and more than 20,000 corporate business worldwide (Flick, 2016). Businesswire.com reports “Tenable's customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors” (Flick, 2016). Contrary, hackers also use this tool to assess a network for attack vectors. Realizing this allows the administrator to understand the same techniques used by hackers and eliminate vulnerabilities before a hacker exploits them. Surveys conducted every three years by Sectools.org showed Nessus to be the number 1 vulnerability scanner in 2000, 2003, 2006, and 2009 (Rogers, 2011).
History
Nessus was a project initially ignited by an unfunded security researcher, Renaud Deraison, in 1998 to provide a free network security scanner (LeMay, 2005). This permitted the scanner to be open source allowing for security professionals to contribute to the program by leveraging their expertise. This changed on October 2005 as the company Tenable Network Security, co-founded by Renaud Deraison, moved to Nessus 3 making it a proprietary project (LeMay, 2005). The free registered versions were then removed from their database in 2008. Tenable does allow for a free home version for use on home networks.
Features
Nessus is flexible and compatible with many different types of networks. Comprehensive scans are able to be conducted with a range of operating systems such as Linux, Unix, FreeBSD, Cisco, Mac OS X, iOS, Android, Windows 7, 8, 10, and server 2003, 2008 and 2012 (Tenable, Nessus FAQ, 2016). iOS and Android mobile devices have the potential to compromise a network due to the concept of BYOD. These mobile devices are also able to be analyzed to ensure they comply with corporate standards (Tenable, Nessus FAQ, 2016).
Further, Nessus not only scans client systems and servers. Routers, switches, and firewalls can fall victim to cyber attacks giving power to a hacker (EC-Council, 2015). By profiling these network devices, it’s assured that the network will be properly suited to safeguard against outside threats. Continuing, virtualization offers many benefits such as cost, energy, application isolation, migration, and uptime. Nessus has the ability to be virtualized allowing it to take advantage of the mentioned benefits (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). Lastly, detailed scan reports are produced for review ensuring network polices are in compliance for all devices (Rogers, 2011).
It maintains network security by first running a powerful network mapping tool such as NMAP to scan for vulnerable services and open ports (Rogers, 2011). Assets are discovered on IPv4 and IPv6 networks either un-credentialed or credentialed (EC-Council, 2015). Where Nessus truly separates itself from other vulnerability assessment programs is it doesn’t assume server configurations which cause other vulnerability scanners to miss holes. Additionally, it allows for custom tests using the Nessus scripting language, provides daily updates minimizing the threat of zero day attacks, and presents the most applicable fix-action for patching systems (Wendlandt, 2007).
Options
Tenable offers three different options for Nessus to perform scans (Tenable, Nessus FAQ, 2016). Each tackle certain needs of our organization whether it is cost, capabilities, management, or reporting. Nessus has a home version that allows for users with personal devices and networks to receive full access to the plugin feeds. Nessus Professional includes the same features and plugin feeds as the home version, but this license is intended for business use which costs $2,190.00 a year (Tenable, Nessus Professional - Annual Subscription, 2016). Since the professional version is geared toward per-user systems in a small network, Nessus Manager or Nessus Cloud would be more fitting for the Information Assurance network.
Nessus Manager has a set of comprehensive management and collaboration functions that reduces the attack surface and eradicates vulnerability blind spots. It allows for the sharing of resources of multiple scanners, scan schedules, policies, and reports among users (Tenable, Nessus FAQ, 2016). This is a comprehensive set of attributes that allows uniformity throughout the network. Nessus Manager is administered on-site at the company itself which would allow me to have local administrative control. I would recommend virtualizing Nessus Manager with the Dell PowerEdge T630 server which costs $3,708.00 (Stevens, 2015). This server exceeds all hardware requirements and would allow for unlimited virtualization licenses with Microsoft Server Datacenter Edition. Virtual, classroom, or on-site training is available from Tenable at various prices ranging from free to hundreds of dollars (Tenable, Instructor-Led Training, 2016). Licensing is based on a per-host basis which could be an IP address or device. The license per device/IP address costs roughly $19 each. This equates to $43,187 for an annual subscription of 2273 devices that currently reside on Information Assurance’s network. The total for this option would be $46,895.
Nessus Cloud is a remote scanning service that verifies compliance and security for internet facing environments for both network and web applications (Tenable, Nessus FAQ, 2016). This eliminates the need for installing, administering, and maintaining the required equipment to secure the network, i.e. Nessus Manager. It combines the prevailing detection, scanning, and auditing features of Nessus’ broad collaborative capabilities of scanners and resources (Tenable, Nessus FAQ, 2016). Nessus Cloud is an Approved Scanning Vendor (ASV) solution for compliance to PCI DSS 11.2.2 (Tenable, Nessus FAQ, 2016). This option is fully supported throughout the US, so this could be an ideal solution for Information Assurance. Like Nessus Manager, Nessus Cloud charges by a per-host license and also costs $19 per host/IP address. This comes out to $43,187 for 2273 devices that currently reside on Information Assurance’s network. Training ranges from $425 to $1,100 depending on the level required (Tenable_Training, 2016). The savings for Nessus Cloud comes in the form of not requiring additional administrative support for the Nessus server and not purchasing additional hardware. Although, our organization could run into trouble if Tenable’s cloud network and service become interrupted.
Nessus Manager and Nessus Cloud both include a feature called Nessus Agents. Nessus Agents improve scan flexibility by making it easier to assess devices without the need of host credentials or devices that are offline (Tenable_Agents, 2016). It also facilitates large-scale simultaneous scans with minor network impact and quicker scan time (Tenable_Agents, 2016). Each network host will have the agent installed to provide constant compliance. Nessus Agents are especially affective in mobile applications where a user is constantly on the move. Lastly, Nessus Agents don’t support Windows XP, so there will be a price depression in the Nessus Cloud or Manager package (Garey, 2015).
Installation
Installing Nessus Manager on Information Assurance’s network is relatively easy. Tenable allows for various operating systems to run Nessus Manager such as Red Hat, Fedora, Suse, Ubuntu, Windows 7 and newer, and Mac OS X (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). The hardware would require at least a 2 dual-core processor that’s 2 GHz or faster, 2 GB of RAM (8 GB Recommended), and 30 GB of hard drive space (Tenable, Hardware Requirements, 2016). My experience involves installing Nessus Manager with Ubuntu on a virtual machine. The lab consists of the Nessus Manager and four hosts. I start by going to “http://www.tenable.com/products/nessus/select-your-operating-system” and downloading the newest version of Nessus Manager (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). I then confirm the integrity of the download with the MD5 checksum listed in the release notes. I continue by opening a terminal and executing “# dpkg -i Nessus-6.4.0-ubuntu1404_amd64.deb”. After installation I then start the nessusd daemon by executing “# /etc/init.d/nessusd start”. I then go to “https://4.79.179.64:8834/WelcomeToNessus-Install/welcome” to start the registration process by entering company information, activation code, and network information. This process needs to be completed within 6 hours for security reasons (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). Upon entering the Manager Host IP address, port, and key concluding the registration, I will then be connected to the Nessus network where plugins and engine updates will begin to download. The Nessus Manager server starts and I login with administrative credentials that were created during the registration process. From here I would configure policies, scan times, and hosts to scan.
Configuring the Nessus Cloud involves registering for an account where proxy, network, and company information would be entered (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). The activation code would also have to be supplied which will authorize use of the scanners. After logging in completing the registration, I would continue to configure policies, scan times, and hosts.
Scanning
After installing Nessus Manager on my virtual machine, I continue with configuration and scanning. I begin by entering “https://localhost:8834” into Firefox and logging into the home page. A policy needs to be created, so I click the “policy” tab, “new policy”, “advanced policy”, and fill in the necessary information. As I carry on through the “general settings”, “credentials”, “plugins”, and “preferences” menus, I make sure the applicable plugins are selected. Continuing, I select the “scans” tab to configure a new scan for the hosts to be scanned, and schedule a time to perform the assessment. Concluding the assessment, I click “local network” and review the scan report for alerts. Any affected hosts will then be patched and updated in relation to the results of the report. Scanning would be done at least weekly.
Conclusion
It’s evident that the Information Assurance corporate infrastructure is in need of a powerful security tool that will turn the tables on cyber attacks. Nessus proves to be the perfect addition to the security enclave that will greatly reduce vulnerabilities that plague our network. This vulnerability scanner monitors activities on the network and raises alarms when policies are violated and security concerns are discovered. It has flexibility in scanning for vulnerabilities in web applications, botnets, malware, DOS attacks, default configurations, and weak & default passwords on various devices (Tenable, Nessus FAQ, 2016). A few scanning solutions are available with Nessus, but I would recommend using the Nessus Cloud as it will help with reducing hardware and administration costs. Since scanning can be resource intensive on network devices, scans would be performed during non-peak hours, preferably the weekends, to limit network interruption for users. Lastly, as a note, the Microsoft Windows XP clients should be upgraded to windows 7 or newer as support has ended for Windows XP (Microsoft, 2016). Network security would also be improved. Thank you for your time and consideration.
References EC-Council. (2015). Scanning Networks - Version 9. Flick, A. (2016, Jun 13). Tenable Network Security and ServiceNow. Retrieved Jun 25, 2016, from Business Wire: http://www.businesswire.com/news/home/20160613005120/en/Tenable-Network-Security-ServiceNow-Customers-Prioritize-Streamline Garey, D. (2015, Feb). Agent-Based Scanning in Nessus Manager. Retrieved Jun 26, 2016, from Tenable: http://www.tenable.com/blog/tenable-introduces-agent-based-scanning-in-nessus-manager Kamal, B. (2014). Network Scanning Using Nessus. Retrieved Jun 26, 2016, from InfoSec Institute: http://resources.infosecinstitute.com/network-scanning-using-nessus/ LeMay, R. (2005, Oct 7). Nessus security tool closes its source. Retrieved Jun 26, 2016, from Cnet: http://www.cnet.com/news/nessus-security-tool-closes-its-source/ Microsoft. (2016). Support for Windows XP ended. Retrieved Jun 26, 2016, from Microsoft: https://www.microsoft.com/en-us/WindowsForBusiness/end-of-xp-support Rogers, R. (2011, Oct 13). Chapter 1 - Vulnerability Assessment. Retrieved Jun 26, 2016, from Google Books: https://books.google.co.kr/books?id=3OiclLcGdTgC&dq=assess,+patch,+and+verify&source=gbs_navlinks_s Rouse, M. (2016). Vulnerability Analysis (Vulnerability Assesment) vulnerability analysis (vulnerability assess. Retrieved Jun 26, 2016, from TechTarget: http://searchmidmarketsecurity.techtarget.com/definition/vulnerability-analysis Stevens, A. (2015, Feb). Dell PowerEdge T630 review: A tower of updated server power. Retrieved Jun 26, 2016, from ZDNet: http://www.zdnet.com/product/dell-poweredge-t630-xeon-e5-2620v3-2-4-ghz-8-gb-300-gb/ Tenable. (2016). Hardware Requirements. Retrieved Jun 26, 2016, from Tenable: https://docs.tenable.com/nessus/6_7/index.htm#getting_started/hardware.htm%3FTocPath%3DGetting%2520Started%7CSystem%2520Requirements%7C_____1 Tenable. (2016). Instructor-Led Training. Retrieved Jun 25, 2016, from Tenable Network Security: http://www.tenable.com/education/instructor-led-training Tenable. (2016, Jun 3). Nessus 6.4 Installation and Configuration Guide. Retrieved Jun 26, 2016, from Tenable: http://static.tenable.com/documentation/nessus_6.4_installation_guide.pdf Tenable. (2016). Nessus FAQ. Retrieved Jun 26, 2016, from Tenable: http://www.tenable.com/products/nessus/nessus-faq Tenable. (2016). Nessus Professional - Annual Subscription. Retrieved Jun 26, 2016, from Tenable: https://store.tenable.com/index.php?main_page=product_info&cPath=1&products_id=94&zenid=6de72ce1186f2be14cea099d149b9b99 Tenable_Agents. (2016). Nessus Agents. Retrieved Jun 25, 2016, from Tenable Network Security: http://www.tenable.com/products/nessus/nessus-agents Tenable_Training. (2016). Nessus Training and Certification Bundles. Retrieved Jun 25, 2016, from Tenable Network Security: https://store.tenable.com/?main_page=index&cPath=20 Wendlandt, D. (2007). Nessus : A security vulnerability scanning tool. Retrieved Jun 26, 2016, from Carnegie Mellon School of Computer Science: http://www.cs.cmu.edu/~dwendlan/personal/nessus.html