Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Http www tenable com products nessus

29/11/2021 Client: muhammad11 Deadline: 2 Day

Background

Information Assurance is a successful research and development company that prides itself on superior medical and pharmaceutical products. Due to its achievements Information Assurance is gaining ground in the research and development industry. This has inadvertently attracted cyber criminals which have resulted in attacks to attempt the theft of intellectual property. The stolen intellectual property is then sold to Information Assurance competitors which led to false accusations in 2011. The company has suffered from vandalism of their corporate website and numerous Denial of Service attacks over a 9 month period. These cyber crimes have caused damage to the company’s image and degraded public trust.

In spite of the attacks on the company, Information Assurance has persevered and continues to flourish. The continuous improvement of research and development projects over the years has proven fruitful. In order to maintain momentum and carry on growth, Information Assurance heavily relies on its medical and pharmaceutical advancements. Though the company is currently breathing a sigh of relief, there is still fear of the possibility that valuable intellectual property may become compromised once more. Concern is raised as recent events of cyber theft claims one of Information Assurance’s top competitors who has been strong in the industry for over 40 years. Due to the increasing threat of cyber theft, Information Assurance is beginning to entertain the idea of improving security.

Addressing the Problem

Information Assurance is still a young company whose executives are hesitant in investing in a network security program. As technology advances and cyber attacks are becoming more common, falling behind in this sector of the company could result in great loss in the future. As a result of this, security holes create attack points and vulnerabilities for hackers to steal information, damage assets, and wreak havoc on the infrastructure. Implementing strong network security will greatly decrease attack vectors and vulnerabilities.

In particular, I advise performing a thorough vulnerability assessment that will provide enormous insight into the health of our corporate network. A vulnerability assessment defines, identifies, and classifies security holes in a network that requires attention (Rouse, 2016). Recommendations are then proposed to remedy any concerns discovered concluding the assessment. Once the updates are installed, another scan can be performed to ensure compliance is being met.

The assess, patch, and verify cycle is a standard method of addressing security issues in an organization, and is required by some outside groups (Rogers, 2011). Additionally, this security measure can be used to create trend reports which provide statistics for areas showing improvement and areas still needing improvement. It can also provide insight into post attacks where systems were compromised. Event correlation can show specifics on how the attack was carried out (Rogers, 2011). Using the right tool to carry out the assessment will ensure the best results and is vital in securing a network. A Vulnerability scanner would be a great addition to the security program in safeguarding the company network against cyber criminals.

Nessus

As stated before, choosing a competent security tool to assess your network for vulnerabilities is a very important thing to consider. One tool stands out in particular that I highly recommend. Nessus is a program developed by Tenable Network Security to scan networkable devices for vulnerabilities, compliance, threats, and configuration audits (Kamal, 2014). Many IT professionals in top organizations use Nessus due to its stability, practicality, consistency, and usability. Tenable supplies network security to more than a million customers and more than 20,000 corporate business worldwide (Flick, 2016). Businesswire.com reports “Tenable's customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors” (Flick, 2016). Contrary, hackers also use this tool to assess a network for attack vectors. Realizing this allows the administrator to understand the same techniques used by hackers and eliminate vulnerabilities before a hacker exploits them. Surveys conducted every three years by Sectools.org showed Nessus to be the number 1 vulnerability scanner in 2000, 2003, 2006, and 2009 (Rogers, 2011).

History

Nessus was a project initially ignited by an unfunded security researcher, Renaud Deraison, in 1998 to provide a free network security scanner (LeMay, 2005). This permitted the scanner to be open source allowing for security professionals to contribute to the program by leveraging their expertise. This changed on October 2005 as the company Tenable Network Security, co-founded by Renaud Deraison, moved to Nessus 3 making it a proprietary project (LeMay, 2005). The free registered versions were then removed from their database in 2008. Tenable does allow for a free home version for use on home networks.

Features

Nessus is flexible and compatible with many different types of networks. Comprehensive scans are able to be conducted with a range of operating systems such as Linux, Unix, FreeBSD, Cisco, Mac OS X, iOS, Android, Windows 7, 8, 10, and server 2003, 2008 and 2012 (Tenable, Nessus FAQ, 2016). iOS and Android mobile devices have the potential to compromise a network due to the concept of BYOD. These mobile devices are also able to be analyzed to ensure they comply with corporate standards (Tenable, Nessus FAQ, 2016).

Further, Nessus not only scans client systems and servers. Routers, switches, and firewalls can fall victim to cyber attacks giving power to a hacker (EC-Council, 2015). By profiling these network devices, it’s assured that the network will be properly suited to safeguard against outside threats. Continuing, virtualization offers many benefits such as cost, energy, application isolation, migration, and uptime. Nessus has the ability to be virtualized allowing it to take advantage of the mentioned benefits (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). Lastly, detailed scan reports are produced for review ensuring network polices are in compliance for all devices (Rogers, 2011).

It maintains network security by first running a powerful network mapping tool such as NMAP to scan for vulnerable services and open ports (Rogers, 2011). Assets are discovered on IPv4 and IPv6 networks either un-credentialed or credentialed (EC-Council, 2015). Where Nessus truly separates itself from other vulnerability assessment programs is it doesn’t assume server configurations which cause other vulnerability scanners to miss holes. Additionally, it allows for custom tests using the Nessus scripting language, provides daily updates minimizing the threat of zero day attacks, and presents the most applicable fix-action for patching systems (Wendlandt, 2007).

Options

Tenable offers three different options for Nessus to perform scans (Tenable, Nessus FAQ, 2016). Each tackle certain needs of our organization whether it is cost, capabilities, management, or reporting. Nessus has a home version that allows for users with personal devices and networks to receive full access to the plugin feeds. Nessus Professional includes the same features and plugin feeds as the home version, but this license is intended for business use which costs $2,190.00 a year (Tenable, Nessus Professional - Annual Subscription, 2016). Since the professional version is geared toward per-user systems in a small network, Nessus Manager or Nessus Cloud would be more fitting for the Information Assurance network.

Nessus Manager has a set of comprehensive management and collaboration functions that reduces the attack surface and eradicates vulnerability blind spots. It allows for the sharing of resources of multiple scanners, scan schedules, policies, and reports among users (Tenable, Nessus FAQ, 2016). This is a comprehensive set of attributes that allows uniformity throughout the network. Nessus Manager is administered on-site at the company itself which would allow me to have local administrative control. I would recommend virtualizing Nessus Manager with the Dell PowerEdge T630 server which costs $3,708.00 (Stevens, 2015). This server exceeds all hardware requirements and would allow for unlimited virtualization licenses with Microsoft Server Datacenter Edition. Virtual, classroom, or on-site training is available from Tenable at various prices ranging from free to hundreds of dollars (Tenable, Instructor-Led Training, 2016). Licensing is based on a per-host basis which could be an IP address or device. The license per device/IP address costs roughly $19 each. This equates to $43,187 for an annual subscription of 2273 devices that currently reside on Information Assurance’s network. The total for this option would be $46,895.

Nessus Cloud is a remote scanning service that verifies compliance and security for internet facing environments for both network and web applications (Tenable, Nessus FAQ, 2016). This eliminates the need for installing, administering, and maintaining the required equipment to secure the network, i.e. Nessus Manager. It combines the prevailing detection, scanning, and auditing features of Nessus’ broad collaborative capabilities of scanners and resources (Tenable, Nessus FAQ, 2016). Nessus Cloud is an Approved Scanning Vendor (ASV) solution for compliance to PCI DSS 11.2.2 (Tenable, Nessus FAQ, 2016). This option is fully supported throughout the US, so this could be an ideal solution for Information Assurance. Like Nessus Manager, Nessus Cloud charges by a per-host license and also costs $19 per host/IP address. This comes out to $43,187 for 2273 devices that currently reside on Information Assurance’s network. Training ranges from $425 to $1,100 depending on the level required (Tenable_Training, 2016). The savings for Nessus Cloud comes in the form of not requiring additional administrative support for the Nessus server and not purchasing additional hardware. Although, our organization could run into trouble if Tenable’s cloud network and service become interrupted.

Nessus Manager and Nessus Cloud both include a feature called Nessus Agents. Nessus Agents improve scan flexibility by making it easier to assess devices without the need of host credentials or devices that are offline (Tenable_Agents, 2016). It also facilitates large-scale simultaneous scans with minor network impact and quicker scan time (Tenable_Agents, 2016). Each network host will have the agent installed to provide constant compliance. Nessus Agents are especially affective in mobile applications where a user is constantly on the move. Lastly, Nessus Agents don’t support Windows XP, so there will be a price depression in the Nessus Cloud or Manager package (Garey, 2015).

Installation

Installing Nessus Manager on Information Assurance’s network is relatively easy. Tenable allows for various operating systems to run Nessus Manager such as Red Hat, Fedora, Suse, Ubuntu, Windows 7 and newer, and Mac OS X (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). The hardware would require at least a 2 dual-core processor that’s 2 GHz or faster, 2 GB of RAM (8 GB Recommended), and 30 GB of hard drive space (Tenable, Hardware Requirements, 2016). My experience involves installing Nessus Manager with Ubuntu on a virtual machine. The lab consists of the Nessus Manager and four hosts. I start by going to “http://www.tenable.com/products/nessus/select-your-operating-system” and downloading the newest version of Nessus Manager (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). I then confirm the integrity of the download with the MD5 checksum listed in the release notes. I continue by opening a terminal and executing “# dpkg -i Nessus-6.4.0-ubuntu1404_amd64.deb”. After installation I then start the nessusd daemon by executing “# /etc/init.d/nessusd start”. I then go to “https://4.79.179.64:8834/WelcomeToNessus-Install/welcome” to start the registration process by entering company information, activation code, and network information. This process needs to be completed within 6 hours for security reasons (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). Upon entering the Manager Host IP address, port, and key concluding the registration, I will then be connected to the Nessus network where plugins and engine updates will begin to download. The Nessus Manager server starts and I login with administrative credentials that were created during the registration process. From here I would configure policies, scan times, and hosts to scan.

Configuring the Nessus Cloud involves registering for an account where proxy, network, and company information would be entered (Tenable, Nessus 6.4 Installation and Configuration Guide, 2016). The activation code would also have to be supplied which will authorize use of the scanners. After logging in completing the registration, I would continue to configure policies, scan times, and hosts.

Scanning

After installing Nessus Manager on my virtual machine, I continue with configuration and scanning. I begin by entering “https://localhost:8834” into Firefox and logging into the home page. A policy needs to be created, so I click the “policy” tab, “new policy”, “advanced policy”, and fill in the necessary information. As I carry on through the “general settings”, “credentials”, “plugins”, and “preferences” menus, I make sure the applicable plugins are selected. Continuing, I select the “scans” tab to configure a new scan for the hosts to be scanned, and schedule a time to perform the assessment. Concluding the assessment, I click “local network” and review the scan report for alerts. Any affected hosts will then be patched and updated in relation to the results of the report. Scanning would be done at least weekly.

Conclusion

It’s evident that the Information Assurance corporate infrastructure is in need of a powerful security tool that will turn the tables on cyber attacks. Nessus proves to be the perfect addition to the security enclave that will greatly reduce vulnerabilities that plague our network. This vulnerability scanner monitors activities on the network and raises alarms when policies are violated and security concerns are discovered. It has flexibility in scanning for vulnerabilities in web applications, botnets, malware, DOS attacks, default configurations, and weak & default passwords on various devices (Tenable, Nessus FAQ, 2016). A few scanning solutions are available with Nessus, but I would recommend using the Nessus Cloud as it will help with reducing hardware and administration costs. Since scanning can be resource intensive on network devices, scans would be performed during non-peak hours, preferably the weekends, to limit network interruption for users. Lastly, as a note, the Microsoft Windows XP clients should be upgraded to windows 7 or newer as support has ended for Windows XP (Microsoft, 2016). Network security would also be improved. Thank you for your time and consideration.

References EC-Council. (2015). Scanning Networks - Version 9. Flick, A. (2016, Jun 13). Tenable Network Security and ServiceNow. Retrieved Jun 25, 2016, from Business Wire: http://www.businesswire.com/news/home/20160613005120/en/Tenable-Network-Security-ServiceNow-Customers-Prioritize-Streamline Garey, D. (2015, Feb). Agent-Based Scanning in Nessus Manager. Retrieved Jun 26, 2016, from Tenable: http://www.tenable.com/blog/tenable-introduces-agent-based-scanning-in-nessus-manager Kamal, B. (2014). Network Scanning Using Nessus. Retrieved Jun 26, 2016, from InfoSec Institute: http://resources.infosecinstitute.com/network-scanning-using-nessus/ LeMay, R. (2005, Oct 7). Nessus security tool closes its source. Retrieved Jun 26, 2016, from Cnet: http://www.cnet.com/news/nessus-security-tool-closes-its-source/ Microsoft. (2016). Support for Windows XP ended. Retrieved Jun 26, 2016, from Microsoft: https://www.microsoft.com/en-us/WindowsForBusiness/end-of-xp-support Rogers, R. (2011, Oct 13). Chapter 1 - Vulnerability Assessment. Retrieved Jun 26, 2016, from Google Books: https://books.google.co.kr/books?id=3OiclLcGdTgC&dq=assess,+patch,+and+verify&source=gbs_navlinks_s Rouse, M. (2016). Vulnerability Analysis (Vulnerability Assesment) vulnerability analysis (vulnerability assess. Retrieved Jun 26, 2016, from TechTarget: http://searchmidmarketsecurity.techtarget.com/definition/vulnerability-analysis Stevens, A. (2015, Feb). Dell PowerEdge T630 review: A tower of updated server power. Retrieved Jun 26, 2016, from ZDNet: http://www.zdnet.com/product/dell-poweredge-t630-xeon-e5-2620v3-2-4-ghz-8-gb-300-gb/ Tenable. (2016). Hardware Requirements. Retrieved Jun 26, 2016, from Tenable: https://docs.tenable.com/nessus/6_7/index.htm#getting_started/hardware.htm%3FTocPath%3DGetting%2520Started%7CSystem%2520Requirements%7C_____1 Tenable. (2016). Instructor-Led Training. Retrieved Jun 25, 2016, from Tenable Network Security: http://www.tenable.com/education/instructor-led-training Tenable. (2016, Jun 3). Nessus 6.4 Installation and Configuration Guide. Retrieved Jun 26, 2016, from Tenable: http://static.tenable.com/documentation/nessus_6.4_installation_guide.pdf Tenable. (2016). Nessus FAQ. Retrieved Jun 26, 2016, from Tenable: http://www.tenable.com/products/nessus/nessus-faq Tenable. (2016). Nessus Professional - Annual Subscription. Retrieved Jun 26, 2016, from Tenable: https://store.tenable.com/index.php?main_page=product_info&cPath=1&products_id=94&zenid=6de72ce1186f2be14cea099d149b9b99 Tenable_Agents. (2016). Nessus Agents. Retrieved Jun 25, 2016, from Tenable Network Security: http://www.tenable.com/products/nessus/nessus-agents Tenable_Training. (2016). Nessus Training and Certification Bundles. Retrieved Jun 25, 2016, from Tenable Network Security: https://store.tenable.com/?main_page=index&cPath=20 Wendlandt, D. (2007). Nessus : A security vulnerability scanning tool. Retrieved Jun 26, 2016, from Carnegie Mellon School of Computer Science: http://www.cs.cmu.edu/~dwendlan/personal/nessus.html

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Ideas & Innovations
Engineering Solutions
Top Essay Tutor
Homework Master
Assignments Hut
Academic Master
Writer Writer Name Offer Chat
Ideas & Innovations

ONLINE

Ideas & Innovations

I am a professional and experienced writer and I have written research reports, proposals, essays, thesis and dissertations on a variety of topics.

$20 Chat With Writer
Engineering Solutions

ONLINE

Engineering Solutions

I have assisted scholars, business persons, startups, entrepreneurs, marketers, managers etc in their, pitches, presentations, market research, business plans etc.

$24 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

This project is my strength and I can fulfill your requirements properly within your given deadline. I always give plagiarism-free work to my clients at very competitive prices.

$37 Chat With Writer
Homework Master

ONLINE

Homework Master

This project is my strength and I can fulfill your requirements properly within your given deadline. I always give plagiarism-free work to my clients at very competitive prices.

$23 Chat With Writer
Assignments Hut

ONLINE

Assignments Hut

I have written research reports, assignments, thesis, research proposals, and dissertations for different level students and on different subjects.

$36 Chat With Writer
Academic Master

ONLINE

Academic Master

I have worked on wide variety of research papers including; Analytical research paper, Argumentative research paper, Interpretative research, experimental research etc.

$27 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

What is the chemical formula for aluminum bromide - Briggs and stratton charging system diagram - Palisade creek co closing entries - Week 4 Art - Zappos com 2009 clothing customer service and company culture - Fin 571 week 3 individual assignment - What is standard test market - Childs shoe size conversion chart - Expected return without probability - Answers to cengage accounting homework chapter 11 - Elodea cell eukaryotic or prokaryotic - Assignment - A group of similar products that differ only in relatively minor characteristics is called - PROJECT OBSERVATION ASSIGNMENT: SOCIAL/EMOTIONAL DEVELOPMENT - Epidemiology Case 4 - A manager checked production records and found - Australian plastic profiles pty ltd - Significance of Narrative Essays in Academic Writing. - Project procurement management mainly involves - Mileage in kilometers conversion - Realpresence desktop user guide - FINAL COURSE PROJECT MOKUL - Example of a needs assessment paper - Over at the frankenstein place karaoke - Ebay trading api wsdl - Cisco cms recording license - The director of admissions at kinzua university - Intelligent traffic control system project report - Ncle perm internet banking - Chomsky normal form and greibach normal form - Film Study - What is the function of bandpass filter in a modulator - Wet cooling tower diagram - Paranoid personality disorder case study examples - Nestle ice cream in cuba case study - Died nios ac in result 2019 - What is an extraneous variable - Discussion - St martin's guide to writing 11th edition - Homeostasis amoeba sisters worksheet - Table tennis rules australia - Google analytics reporting api custom dimensions - Child psychologist sutherland shire - Fsr meaning in banking - Understanding Terms - Similarities between egypt and philippines culture - Mustang case study - Unethical behavior in physical therapy - Chapter 1, 2 and 3 summary in four sections - The first accented beat of a measure is called a - A new assignment - Customer complaint role play script - Osmoconformers survive changes in salinity by: - Homework - Sound intensity over distance - Two metal balls are the same size - Bill gates leadership style examples - Crisis intervention strategies 8th edition ebook - What is a flax dam - Psyc - Human impact on the environment poster - David sedaris me talk pretty one day summary - Information technology in Global Economy - Dq - The art of the commonplace - 3d plant cell model materials - 2 4 6 trinitrophenol picric acid - Master of education teacher librarianship csu - Boxing sponsorship letter sample - The futile pursuit of happiness - Is longchamp a luxury brand - Financial markets and institutions test bank free - I will wait country song - Greetings from bury park by sarfraz manzoor - Paper Due Tomorrow - Issa certified nutritionist final exam - Death has an appointment in samarra sufi legend - 1.Choose any one topic and write about 300 words, you should include Approach, Body, and Conclusion - Hangman game in c++ using array - Ti 89 cross product - Avast for mac 10.6 8 - Kembla copper pipe sizes - Qcaa unit plan template - Walden university nursing specialty comparison matrix - The central idea for your speech on use sunscreen - Colinton country cattery for sale - Littlefield game - Esa lámpara ya no prende. llama al , por favor. - Click clack moo cows that type persuasive writing - How is tesco influenced by stakeholders - Key concepts in cinema studies pdf - Last chance hospital case study answers - How to calculate nursing care hours - CIS450 Discussion Mod 2: - Halifax quality of life survey - Decentralized Organizations and Variance Analysis - Suppose you ve just inherited $10 000 from a relative - The extraordinary science of addictive junk food thesis statement - Green Dishwashing - Inter mkt