Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Http www tenable com products nessus

29/11/2021 Client: muhammad11 Deadline: 2 Day

Background

Information Assurance is a successful research and development company that prides itself on superior medical and pharmaceutical products. Due to its achievements Information Assurance is gaining ground in the research and development industry. This has inadvertently attracted cyber criminals which have resulted in attacks to attempt the theft of intellectual property. The stolen intellectual property is then sold to Information Assurance competitors which led to false accusations in 2011. The company has suffered from vandalism of their corporate website and numerous Denial of Service attacks over a 9 month period. These cyber crimes have caused damage to the company’s image and degraded public trust.

In spite of the attacks on the company, Information Assurance has persevered and continues to flourish. The continuous improvement of research and development projects over the years has proven fruitful. In order to maintain momentum and carry on growth, Information Assurance heavily relies on its medical and pharmaceutical advancements. Though the company is currently breathing a sigh of relief, there is still fear of the possibility that valuable intellectual property may become compromised once more. Concern is raised as recent events of cyber theft claims one of Information Assurance’s top competitors who has been strong in the industry for over 40 years. Due to the increasing threat of cyber theft, Information Assurance is beginning to entertain the idea of improving security.

Addressing the Problem

Information Assurance is still a young company whose executives are hesitant in investing in a network security program. As technology advances and cyber attacks are becoming more common, falling behind in this sector of the company could result in great loss in the future. As a result of this, security holes create attack points and vulnerabilities for hackers to steal information, damage assets, and wreak havoc on the infrastructure. Implementing strong network security will greatly decrease attack vectors and vulnerabilities.

In particular, I advise performing a thorough vulnerability assessment that will provide enormous insight into the health of our corporate network. A vulnerability assessment defines, identifies, and classifies security holes in a network that requires attention (Rouse, 2016). Recommendations are then proposed to remedy any concerns discovered concluding the assessment. Once the updates are installed, another scan can be performed to ensure compliance is being met.

The assess, patch, and verify cycle is a standard method of addressing security issues in an organization, and is required by some outside groups (Rogers, 2011). Additionally, this security measure can be used to create trend reports which provide statistics for areas showing improvement and areas still needing improvement. It can also provide insight into post attacks where systems were compromised. Event correlation can show specifics on how the attack was carried out (Rogers, 2011). Using the right tool to carry out the assessment will ensure the best results and is vital in securing a network. A Vulnerability scanner would be a great addition to the security program in safeguarding the company network against cyber criminals.

Nessus

As stated before, choosing a competent security tool to assess your network for vulnerabilities is a very important thing to consider. One tool stands out in particular that I highly recommend. Nessus is a program developed by Tenable Network Security to scan networkable devices for vulnerabilities, compliance, threats, and configuration audits (Kamal, 2014). Many IT professionals in top organizations use Nessus due to its stability, practicality, consistency, and usability. Tenable supplies network security to more than a million customers and more than 20,000 corporate business worldwide (Flick, 2016). Businesswire.com reports “Tenable's customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors” (Flick, 2016). Contrary, hackers also use this tool to assess a network for attack vectors. Realizing this allows the administrator to understand the same techniques used by hackers and eliminate vulnerabilities before a hacker exploits them. Surveys conducted every three years by Sectools.org showed Nessus to be the number 1 vulnerability scanner in 2000, 2003, 2006, and 2009 (Rogers, 2011).

History

Nessus was a project initially ignited by an unfunded security researcher, Renaud Deraison, in 1998 to provide a free network security scanner (LeMay, 2005). This permitted the scanner to be open source allowing for security professionals to contribute to the program by leveraging their expertise. This changed on October 2005 as the company Tenable Network Security, co-founded by Renaud Deraison, moved to Nessus 3 making it a proprietary project (LeMay, 2005). The free registered versions were then removed from their database in 2008. Tenable does allow for a free home version for use on home networks.

Features

Nessus is flexible and compatible with many different types of networks. Comprehensive scans are able to be conducted with a range of operating systems such as Linux, Unix, FreeBSD, Cisco, Mac OS X, iOS, Android, Windows 7, 8, 10, and server 2003, 2008 and 2012 (Tenable, Nessus FAQ, 2016). iOS and Android mobile devices have the potential to compromise a network due to the concept of BYOD. These mobile devices are also able to be analyzed to ensure they comply with corporate standards (Tenable, Nessus FAQ, 2016).

Further, Nessus not only scans client systems and servers. Routers, switches, and firewalls can fall victim to cyber attacks giving power to a hacker (EC-Council, 2015). By profiling these network devices, it’s assured that the network will be properly suited to safeguard against outside threats. Continuing, virtualization offers many benefits such as cost, energy, application isolation, migration, and uptime. Nessus has the ability to be virtualized allowing it to take advantage of the mentioned benefits (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). Lastly, detailed scan reports are produced for review ensuring network polices are in compliance for all devices (Rogers, 2011).

It maintains network security by first running a powerful network mapping tool such as NMAP to scan for vulnerable services and open ports (Rogers, 2011). Assets are discovered on IPv4 and IPv6 networks either un-credentialed or credentialed (EC-Council, 2015). Where Nessus truly separates itself from other vulnerability assessment programs is it doesn’t assume server configurations which cause other vulnerability scanners to miss holes. Additionally, it allows for custom tests using the Nessus scripting language, provides daily updates minimizing the threat of zero day attacks, and presents the most applicable fix-action for patching systems (Wendlandt, 2007).

Options

Tenable offers three different options for Nessus to perform scans (Tenable, Nessus FAQ, 2016). Each tackle certain needs of our organization whether it is cost, capabilities, management, or reporting. Nessus has a home version that allows for users with personal devices and networks to receive full access to the plugin feeds. Nessus Professional includes the same features and plugin feeds as the home version, but this license is intended for business use which costs $2,190.00 a year (Tenable, Nessus Professional - Annual Subscription, 2016). Since the professional version is geared toward per-user systems in a small network, Nessus Manager or Nessus Cloud would be more fitting for the Information Assurance network.

Nessus Manager has a set of comprehensive management and collaboration functions that reduces the attack surface and eradicates vulnerability blind spots. It allows for the sharing of resources of multiple scanners, scan schedules, policies, and reports among users (Tenable, Nessus FAQ, 2016). This is a comprehensive set of attributes that allows uniformity throughout the network. Nessus Manager is administered on-site at the company itself which would allow me to have local administrative control. I would recommend virtualizing Nessus Manager with the Dell PowerEdge T630 server which costs $3,708.00 (Stevens, 2015). This server exceeds all hardware requirements and would allow for unlimited virtualization licenses with Microsoft Server Datacenter Edition. Virtual, classroom, or on-site training is available from Tenable at various prices ranging from free to hundreds of dollars (Tenable, Instructor-Led Training, 2016). Licensing is based on a per-host basis which could be an IP address or device. The license per device/IP address costs roughly $19 each. This equates to $43,187 for an annual subscription of 2273 devices that currently reside on Information Assurance’s network. The total for this option would be $46,895.

Nessus Cloud is a remote scanning service that verifies compliance and security for internet facing environments for both network and web applications (Tenable, Nessus FAQ, 2016). This eliminates the need for installing, administering, and maintaining the required equipment to secure the network, i.e. Nessus Manager. It combines the prevailing detection, scanning, and auditing features of Nessus’ broad collaborative capabilities of scanners and resources (Tenable, Nessus FAQ, 2016). Nessus Cloud is an Approved Scanning Vendor (ASV) solution for compliance to PCI DSS 11.2.2 (Tenable, Nessus FAQ, 2016). This option is fully supported throughout the US, so this could be an ideal solution for Information Assurance. Like Nessus Manager, Nessus Cloud charges by a per-host license and also costs $19 per host/IP address. This comes out to $43,187 for 2273 devices that currently reside on Information Assurance’s network. Training ranges from $425 to $1,100 depending on the level required (Tenable_Training, 2016). The savings for Nessus Cloud comes in the form of not requiring additional administrative support for the Nessus server and not purchasing additional hardware. Although, our organization could run into trouble if Tenable’s cloud network and service become interrupted.

Nessus Manager and Nessus Cloud both include a feature called Nessus Agents. Nessus Agents improve scan flexibility by making it easier to assess devices without the need of host credentials or devices that are offline (Tenable_Agents, 2016). It also facilitates large-scale simultaneous scans with minor network impact and quicker scan time (Tenable_Agents, 2016). Each network host will have the agent installed to provide constant compliance. Nessus Agents are especially affective in mobile applications where a user is constantly on the move. Lastly, Nessus Agents don’t support Windows XP, so there will be a price depression in the Nessus Cloud or Manager package (Garey, 2015).

Installation

Installing Nessus Manager on Information Assurance’s network is relatively easy. Tenable allows for various operating systems to run Nessus Manager such as Red Hat, Fedora, Suse, Ubuntu, Windows 7 and newer, and Mac OS X (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). The hardware would require at least a 2 dual-core processor that’s 2 GHz or faster, 2 GB of RAM (8 GB Recommended), and 30 GB of hard drive space (Tenable, Hardware Requirements, 2016). My experience involves installing Nessus Manager with Ubuntu on a virtual machine. The lab consists of the Nessus Manager and four hosts. I start by going to “http://www.tenable.com/products/nessus/select-your-operating-system” and downloading the newest version of Nessus Manager (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). I then confirm the integrity of the download with the MD5 checksum listed in the release notes. I continue by opening a terminal and executing “# dpkg -i Nessus-6.4.0-ubuntu1404_amd64.deb”. After installation I then start the nessusd daemon by executing “# /etc/init.d/nessusd start”. I then go to “https://4.79.179.64:8834/WelcomeToNessus-Install/welcome” to start the registration process by entering company information, activation code, and network information. This process needs to be completed within 6 hours for security reasons (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). Upon entering the Manager Host IP address, port, and key concluding the registration, I will then be connected to the Nessus network where plugins and engine updates will begin to download. The Nessus Manager server starts and I login with administrative credentials that were created during the registration process. From here I would configure policies, scan times, and hosts to scan.

Configuring the Nessus Cloud involves registering for an account where proxy, network, and company information would be entered (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). The activation code would also have to be supplied which will authorize use of the scanners. After logging in completing the registration, I would continue to configure policies, scan times, and hosts.

Scanning

After installing Nessus Manager on my virtual machine, I continue with configuration and scanning. I begin by entering “https://localhost:8834” into Firefox and logging into the home page. A policy needs to be created, so I click the “policy” tab, “new policy”, “advanced policy”, and fill in the necessary information. As I carry on through the “general settings”, “credentials”, “plugins”, and “preferences” menus, I make sure the applicable plugins are selected. Continuing, I select the “scans” tab to configure a new scan for the hosts to be scanned, and schedule a time to perform the assessment. Concluding the assessment, I click “local network” and review the scan report for alerts. Any affected hosts will then be patched and updated in relation to the results of the report. Scanning would be done at least weekly.

Conclusion

It’s evident that the Information Assurance corporate infrastructure is in need of a powerful security tool that will turn the tables on cyber attacks. Nessus proves to be the perfect addition to the security enclave that will greatly reduce vulnerabilities that plague our network. This vulnerability scanner monitors activities on the network and raises alarms when policies are violated and security concerns are discovered. It has flexibility in scanning for vulnerabilities in web applications, botnets, malware, DOS attacks, default configurations, and weak & default passwords on various devices (Tenable, Nessus FAQ, 2016). A few scanning solutions are available with Nessus, but I would recommend using the Nessus Cloud as it will help with reducing hardware and administration costs. Since scanning can be resource intensive on network devices, scans would be performed during non-peak hours, preferably the weekends, to limit network interruption for users. Lastly, as a note, the Microsoft Windows XP clients should be upgraded to windows 7 or newer as support has ended for Windows XP (Microsoft, 2016). Network security would also be improved. Thank you for your time and consideration.

References EC-Council. (2015). Scanning Networks - Version 9. Flick, A. (2016, Jun 13). Tenable Network Security and ServiceNow. Retrieved Jun 25, 2016, from Business Wire: http://www.businesswire.com/news/home/20160613005120/en/Tenable-Network-Security-ServiceNow-Customers-Prioritize-Streamline Garey, D. (2015, Feb). Agent-Based Scanning in Nessus Manager. Retrieved Jun 26, 2016, from Tenable: http://www.tenable.com/blog/tenable-introduces-agent-based-scanning-in-nessus-manager Kamal, B. (2014). Network Scanning Using Nessus. Retrieved Jun 26, 2016, from InfoSec Institute: http://resources.infosecinstitute.com/network-scanning-using-nessus/ LeMay, R. (2005, Oct 7). Nessus security tool closes its source. Retrieved Jun 26, 2016, from Cnet: http://www.cnet.com/news/nessus-security-tool-closes-its-source/ Microsoft. (2016). Support for Windows XP ended. Retrieved Jun 26, 2016, from Microsoft: https://www.microsoft.com/en-us/WindowsForBusiness/end-of-xp-support Rogers, R. (2011, Oct 13). Chapter 1 - Vulnerability Assessment. Retrieved Jun 26, 2016, from Google Books: https://books.google.co.kr/books?id=3OiclLcGdTgC&dq=assess,+patch,+and+verify&source=gbs_navlinks_s Rouse, M. (2016). Vulnerability Analysis (Vulnerability Assesment) vulnerability analysis (vulnerability assess. Retrieved Jun 26, 2016, from TechTarget: http://searchmidmarketsecurity.techtarget.com/definition/vulnerability-analysis Stevens, A. (2015, Feb). Dell PowerEdge T630 review: A tower of updated server power. Retrieved Jun 26, 2016, from ZDNet: http://www.zdnet.com/product/dell-poweredge-t630-xeon-e5-2620v3-2-4-ghz-8-gb-300-gb/ Tenable. (2016). Hardware Requirements. Retrieved Jun 26, 2016, from Tenable: https://docs.tenable.com/nessus/6_7/index.htm#getting_started/hardware.htm%3FTocPath%3DGetting%2520Started%7CSystem%2520Requirements%7C_____1 Tenable. (2016). Instructor-Led Training. Retrieved Jun 25, 2016, from Tenable Network Security: http://www.tenable.com/education/instructor-led-training Tenable. (2016, Jun 3). Nessus 6.4 Installation and Configuration Guide. Retrieved Jun 26, 2016, from Tenable: http://static.tenable.com/documentation/nessus_6.4_installation_guide.pdf Tenable. (2016). Nessus FAQ. Retrieved Jun 26, 2016, from Tenable: http://www.tenable.com/products/nessus/nessus-faq Tenable. (2016). Nessus Professional - Annual Subscription. Retrieved Jun 26, 2016, from Tenable: https://store.tenable.com/index.php?main_page=product_info&cPath=1&products_id=94&zenid=6de72ce1186f2be14cea099d149b9b99 Tenable_Agents. (2016). Nessus Agents. Retrieved Jun 25, 2016, from Tenable Network Security: http://www.tenable.com/products/nessus/nessus-agents Tenable_Training. (2016). Nessus Training and Certification Bundles. Retrieved Jun 25, 2016, from Tenable Network Security: https://store.tenable.com/?main_page=index&cPath=20 Wendlandt, D. (2007). Nessus : A security vulnerability scanning tool. Retrieved Jun 26, 2016, from Carnegie Mellon School of Computer Science: http://www.cs.cmu.edu/~dwendlan/personal/nessus.html

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Ideas & Innovations
Engineering Solutions
Top Essay Tutor
Homework Master
Assignments Hut
Academic Master
Writer Writer Name Offer Chat
Ideas & Innovations

ONLINE

Ideas & Innovations

I am a professional and experienced writer and I have written research reports, proposals, essays, thesis and dissertations on a variety of topics.

$20 Chat With Writer
Engineering Solutions

ONLINE

Engineering Solutions

I have assisted scholars, business persons, startups, entrepreneurs, marketers, managers etc in their, pitches, presentations, market research, business plans etc.

$24 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

This project is my strength and I can fulfill your requirements properly within your given deadline. I always give plagiarism-free work to my clients at very competitive prices.

$37 Chat With Writer
Homework Master

ONLINE

Homework Master

This project is my strength and I can fulfill your requirements properly within your given deadline. I always give plagiarism-free work to my clients at very competitive prices.

$23 Chat With Writer
Assignments Hut

ONLINE

Assignments Hut

I have written research reports, assignments, thesis, research proposals, and dissertations for different level students and on different subjects.

$36 Chat With Writer
Academic Master

ONLINE

Academic Master

I have worked on wide variety of research papers including; Analytical research paper, Argumentative research paper, Interpretative research, experimental research etc.

$27 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Week 2 - Nhbc foundation depth calculator - SOCW 6111 - The body shop international plc 2001 - How is heinz ketchup made - Structured analysis of competing hypotheses - Dilemma - Organisational features functional skills - Ethics cahn 6th edition pdf - Trap karaoke raleigh the ritz december 7 - Assignment 2: Gang Stories - Final exam - Cathode ray oscilloscope youtube - Bargaining power of buyers in clothing industry - Hostess seating rotation chart - What was robinson's purpose for writing to the mayor - Jews for jesus australia - Stages in service innovation and development - CLC - Evidence-Based Practice Project: Intervention Presentation on Diabetes - Domain and range of square root functions worksheet - Working at heights swms nsw - Virtual fetal pig dissection worksheet - Mythbusters who gets wetter worksheet answers - Week 8 Crisis intervention - 1022 - Law Dissertation Help - Www pearsonhighered com go student data files - Which of the following statements typifies defined contribution plans? - Evaluating Organizational Change Write the paper in 8–10 pages, using APA format. - Pm asmnt5 - Similarities between academic and nonacademic writing - Kastle meyer test advantages and disadvantages - Reverse return piping diagram - What time is 12 55 am - Binomial theorem on ti 84 - Response to question-social work - Northcentral university dissertation proposal template - Java program to calculate commission - Gettysburg - Klipsch rb 61 vs rb 61 ii - Speech Analysis - Mrs icarus full poem - 7 pool table room size - Objective vs projective tests - The process of initially recording a business transaction is called - Conflict resolution paper example - American bureau of shipping abs singapore - Mcdonalds hume hwy liverpool - Cacl2 k2co3 net ionic equation - Essay persuasive outline - Module 1 Essay - Dna replication illustration worksheet - Centre of pressure experiment discussion - Woman in black chapter summary - Assignment 3 - Ballarat health services psych services - Configure chap authentication on s0 0 0 - BUSINESS ACCOUNTING - Should everyone go to college they say i say questions - Final - Ethical Hacking.3 papers (200-250 words) - Total language plus samples - Convection experiment with candle - Staples double sided printing - Acid and metal reaction experiment - Art - Evo boiler fault codes - Which are appropriate editors for writing shell scripts - Hither and thither gift guide - Mean absolute deviation forecasting example - Mcgraw hill connect unlimited attempts - Http www hhmi org biointeractive virus explorer - 130 short answer - Job enrichment in hrm - Rn hours per patient day - Beta management company case excel - Henke's med math dosage calculation preparation and administration 8th edition - Quiz - Ionic and covalent bonds lab report - Mississippi item sampler frankenstein answers - Week 7 Discussion Forum - Hsc business studies paper - Average sat scores for athletes - The backward pass in project network calculations determines the - Describe the major threats in doing business in global markets - Wk6 assign 6053 - Global and Online Marketing Strategy Presentation - Analyzing sources on the indian removal act answer key - Advantages and disadvantages of health information technology - How many strings of eight uppercase english letters are there - Repairs in trial balance - Chemistry Lab - Equivalent units of production weighted average method - Language and linguistics ppt - Semester Goals- "Feeling Paper" - Vitamin a has a molar mass of 286.4 - IOP 460: Organizational Cultures, Discussion Response (1) - +91-8306951337 love marriage specialist astrologer IN Faridabad - Greatest common monomial factor examples with answers - Case application 2 not sold out