The History Of The Web Vulnerability Scanners

Published Date: 02 Nov 2017

SEC-410

Nick Bennett

February 21, 2013

Table of Contents

Cover Sheet

1

Table of Contents

2

Overall Strategy

3-4

Security Related Recommendations

4

IDS Comparison

4-6

Web Vulnerability Scanner Comparison

6-7

Network Firewall Devices

7-8

Conclusion

8-9

References

10

Budget

11

Overall Strategy

When two companies of this magnitude merge together it is a very extensive process that can’t be worked through quickly. It takes a lot of time and planning in order to make sure that once the merge is complete that everything flows smoothly. But with this other company being difficult to work with it makes it hard for our consulting company to set things up in the best possible way. So our plan is to set things up in a very basic and standard way. This should enable both companies to merge together with more ease and then once things are settles make those slight alterations to better suit their needs.

Our plan is to implement 6 basic securities products or procedures. The first is going to be a security policy or a bundle of policies that will cover the company if any employee or outside entity is to try and damage the company. Polices help the company to insure that if something happens they have a way to handle the situation and it also helps to mitigate incidents from every occurring. The next thing we would do is a network audit to see where the company is vulnerable, at least from a network topology stand point. This will enable us to focus on areas of the network that need improvement or areas were we need to implement an appliance or tool that wasn’t there in the first place. After the network audit we would implement some the polices that we generated and put together some controls to put in place in order for the two companies to be able to access each other’s files without putting sensitive files at risk. Once all the polices and controls are in place we would put more up to date and secure network security devices in place to better protect both companies and all of the sensitive information. Those appliance would consist of an IDS appliance and sensors, host based firewalls, vulnerability scanners, along with other necessities. We will also put audit tools in place for the network administrator to view log files, examine network traffic, filter packets, and just take an overall look at the network to see if it’s running efficiently. Finally we are going to implement a network based firewall to compliment the host based firewalls, and also to help them to run more efficiently.

Security Recommendations

In my professional option the best way to connect the different sites together, along with to our central office, is to use a site to site, full VPN mesh topology. This will allow all of the companies to access each other’s networks along with their files. This set up will also help with failover since all sites are connected to each other; there is no single point of failure. If one connection goes down the packets just take an alternate tunnel to get to the destination. This is also a very cost effective solution, rather than using a WAN to connect to each site and then hop from site to site. That would make your network bandwidth degrade and your company’s efficiency would fall.

Another suggestion that I would make when merging the two companies is to rework any security related polices that are already in place. There shouldn’t be much need to rework any business process related polices since the overall functions of the business shouldn’t change, just the way the two companies interact with each other. When it comes to security you want both companies to be on the same page. You don’t want separate policies for each company that could cause confusion.

IDS Comparison

Every large scale companies like these needs to be very secure and have effective and efficient security appliances. One of the appliances would be an IDS, or an intrusion detection system. Some companies, if small enough, could use host based IDS’ in order to cut back on expenses. However with a company of this magnitude it’s crucial to have a physical appliance somewhere at the front of the network filtering packets as they come into the network. This is verify that the traffic coming into the network is safe and isn’t going to cause any damage to the network. We would like to present the company with two choices of IDS’ that we feel would meet their needs.

The first is the Cisco 4260 IDS. This is a top of the line intrusion detection system that if configured properly and maintained then it will provide ample protection for the network. The cisco 4260 delivers a comprehensive and pervasive security solution for combating unauthorized intrusions and it does this by utilizing high innovative and sophisticated detection techniques (Cisco Intrusion Detection, 2007). The techniques that this IDS uses are stateful pattern recognition, protocol parsing, heuristic detection, and anomaly detection. This appliance also includes sensors for crucial network devices such as switches, host based sensors, routers, and your firewall. Just to give you some technical specifications for this IDS it supports 1 gigabyte speeds, it does in line detection, it has promiscuous detection mode, supports both copper and fiber NICs, has redundant power, and it has 4 port NIC ports for redundancy and failover.

The next IDS we want to showcase is the Juniper IDS-800. Like the Cisco the Juniper also supports 1 gigabyte speeds. This IDS can support up to 1,000,000 sessions which makes it effective for large scale corporations with a lot of network connections. It uses 8 different stateful signatures and back door detection methods. Along with that the signature database is updated on a daily basis by Juniper (IDP800 Intrusion Detection, 2013). This IDS can operate in 3 different modes, sniffer, transparent, and mixed, in order to best suit the needs of your business. When dealing with sensitive customer information it’s key to have high availability on your network and this IDS can provide that. It also has 2 Ethernet interface ports for redundancy and failover. The only thing that really separates these two appliances is the price, with Cisco costing $2,954.00 and Juniper costing $23,813.99. In my professional opinion cisco would be the better choice because they have that reputation with successful security appliances, they offer a more cost effective product and they also have an extensive support system.

Web Vulnerability Scanners

All businesses that are serious about security need to look at all applications available on the market to see which ones they need to make their company as secure as possible. In our opinion on of those applications is a web vulnerability scanner. There are a large collection of them out there in the market it’s just choosing which one will suite your company the best and go well with your budget. The two we are going to look at is the Qualys Scanner and the Nessus.

The Qualys scanner is a wonderful product that allows you to have a unified dashboard that has comprehensive views of scans, results, and reports. This will allow you to look at everything at once and not look in several different places for the same information. This product also allows you to discover, catalog, and scan web applications. This is good for a company that may have off site employees that need to use web applications that are based at the central site or if that company uses web applications for day to day tasks. Qualys will create reports for you in encrypted PDF format so that only authorized personnel can access that data. This product uses authenticated scanning and identifies HTML login page, and it also monitors your network session. You also have the option to configure or personalize your scans to best fit your needs or to try and find something particular.

The next scanner we have is the Nessus. This scanner is markets itself as very easy to use. It has a HTML5 interface which means that if you have a web browser then you can easily access your interface and it’s easy to use, which means it’s efficient and effective. Nessus allows you to discover network based and local vulnerabilities. A plus to Nessus is that it performs configuration and compliance auditing. When it comes to security you want to be able to audit everything so that you can analyze what when wrong, who did what, and how to prevent it in the future. Nessus can also integrate with patch management systems so that you can do everything at once. A risk that affects a lot of people is botnets and DDoS, and with this product you can detect and monitor botnet activity.

In my professional opinion the Qualys is the best option for a web vulnerability scanner. It’s a bit more expensive than the Nessus but it seems like a better overall product and as far as function and effectiveness.

Network Firewall Devices

Every company large and small should have some kind of firewall. The firewall will help to filter out any network traffic that doesn’t belong, along with protecting employees from themselves. A good firewall can make that difference between having a secure network and having someone steal all of your customer’s data.

The first firewall we are going to dive into is the Cisco Adaptive Security Appliance or the Cisco ASA 5585x. This is a large scale firewall, and therefore it comes with a hefty price tag. However with that price tag you get a handful of useful processes. This firewall has IDS, VPN, anti-virus, anti-spyware, and anti- phishing features along with its complex firewall capabilities. This product is very scalable for business growth. The Cisco ASA 5585x has a multi-processor architecture to enable higher performance to help minimize the costs. This product offers a security manager, which is just centralized management interface to allow you to manage all the security appliances that are working with it. Along with that it can integrate with other essential network security appliances. One of the biggest perks is that it delivers high availability for high resiliency, with 10,000 VPN sessions and 350,000 other connections.

The next firewall is the Barracuda NG F600. This product doesn’t carry the hefty price tag like the Cisco does, yet it does all the same features. Since I’ve never personally used this product I can’t say that it works better than the Cisco, however all the information on this product does make it seem like the best alternative. This particular firewall supports 4.7 Gbps speeds as well as 950 Mbps VPN speeds with IPsec supported. The IPS system contained within this appliance supports 1316 Mbps speeds. The Barracuda can support up to 300,000 sessions, a bit less than the Cisco but for the price difference, I would say it’s not a bad deal. The Barracuda uses intelligent traffic control which uses link aggregation and failover, dynamic traffic prioritization, and web traffic regulation. It’s also configured for WAN compression and WAN optimization, so that you can utilize all of your bandwidth. This product also has a centralized management system, which in today’s business world, if you don’t have that you are behind. The Barracuda in my opinion is the best option over the Cisco that is unless you want to bundle all your Cisco appliances in order to strike a deal with Cisco. Either way you go I believe that your network will be quite secure.

Conclusion

If you implement everything that we’ve touched on in this layout then your network should be able to handle the merger and during the merging process your network should stay secure, with little to no intrusions. Going back to the beginning, policies are key and without them employees are able to run free without thought of consequence. It’s very important to give your employees a guide to live by, almost like laws for the business. This will protect your business, but more importantly it will protect your customers and make them feel safer when doing business with your company. Then you need to have solid reliable network security appliances in place, accompanied by a stable network infrastructure. If you combine all of these things together you can honestly say that you are doing due care and due diligence.