The Web And Vulnerability Scanners

Published Date: 02 Nov 2017

Intrusion Detection System

It is important that the networks are protected. One of the key elements of protection is being vigilant against threats or attacks. This is why one or more intrusion detection systems are necessary. Using an intrusion detection system to notify the system administrator of various important activities based on anomalies or signatures, we can increase our awareness of problems in addition to filtering them. Attacks that may occur can be distributed denial of service attacks that have the ability to cripple operations and critical business processes, targeted attacks on the network, and even employee abuse. By using a combination of host based intrusion detection and network based intrusion detection, we can properly monitor relevant network activity throughout. When an event occurs, the specifics of the event will then determine what actions are taken, how it is escalated, and who is made aware of the intrusion. This system allows us to constantly improve the security of the network. For the primary intrusion detection hardware, I chose the Juniper Networks IDP-800. The system offers comprehensive signature based support for its detection definitions. This includes application signatures, and constant updating of stateful detection against Trojans, worms, spyware, and other malware at a zero-day speed which is important for combatting cutting edge exploits as quickly as possible. The system uses its Unified Access Control infrastructure, which works with active directory and LDAP servers to manage users and applications. The extra application and user based functionality that Juniper systems offer can be extremely useful when monitoring a specific scope of traffic is important.

Web and Vulnerability Scanners

One of the most important steps required for implementing a successful security plan is to test your work. One of the tools that allow us to do this is vulnerability scanners. A vulnerability scanner is designed to evaluate a network for known weaknesses and exploits. In conjunction with trained penetration testing professionals, vulnerability scanners are used to probe the network for weak points and provide a synopsis which can then be used by an analyst as a starting point. For this purpose I have chosen Tenable Nessus, as it is a well-established, comprehensive vulnerability scanner. It has been around since 1998 and has grown tremendously along the way until it has gone from completely open source, to proprietary. Nessus still offers free services for home networks, but requires a license for enterprise applications. Nessus is one of the most popular tools available for good reason, and has been estimated to be used by more than 75,000 organizations. Nessus is feature packed, and can be used for a swath of purposes ranging from scanning for vulnerabilities from a hacker’s perspective, to verifying password strength. Other uses include checking configuration settings of the system such as obvious incorrectly configured settings, or missing patches. You can even write your own plugins in the embedded scripting language to suit your needs. One of the most convenient features of Nessus is that it uses a web interface to conduct scans. This makes the tool extremely versatile within or outside of a given network. Scans are completely customizable, allowing testers to specify their own definitions and policy based parameters. The output is presented in a user-friendly way, which allows a tester to evaluate any aspect of the results based on their specific needs.

Firewall

The first and most relevant line of defense to any network is the hardware firewall. A hardware firewall is a dedicated device used for filtering traffic on a network. For perimeter defense, the firewall is the most important piece of hardware on a network, because it controls the greatest point(s) of entry from letting malicious traffic in or out. Firewall filtering rules today range from very simplistic to very complicated. Along with advances in technology, firewalls have to become more and more sophisticated to keep up. In addition to firewalls needing to continue to be as secure as possible, it is also important that a company’s needs are met in regards to services and operations that are needed in order for them to function efficiently. The more sophisticated the firewall, the more integrated support and features it should have for other services and devices on the network such as routers, intrusion detection systems, and virtual private network interfaces, and so on. Because of these considerations, I have selected the Cisco ASA 5500 series firewalls because of their industry leading hardware firewalls and integration. Some examples of integrated features are as follows. Advanced threat detection built in, highly secure remote access, botnet and distributed denial of service protection, and granular control of applications with behavior-based controls. The second reason why this hardware is a good choice is that it is extremely scalable to a business’s needs. The Adaptive Security Appliance system can be used in medium to large sized businesses without issue. The products include standalone appliances for branch offices, midsize businesses, and enterprise data centers alike. This solution fits a broad range of applications.

Conclusion

In conclusion, we can clearly see that there are solutions available for most IT project needs. Many services and products are engineered with the concept of scalability, security, and integration in mind. In any business that has the opportunity or expectation of growth, a scalable infrastructure is essential, not only in the scope of hardware specifications but also in terms of infrastructure and policy change. The IT world and the networks that exist within them are a constantly changing environment in which individuals must plan for the future as much as they regulate and control the present. In the technology field, standards are constantly evolving and being shaped by the needs of the user. As time goes on, these standards will become more uniform, and more secure by nature as the personnel responsible for implementing them become more educated about the multitude of hardware, software, protocols, policies, and standards surrounding them. The digital world is a newly introduced facet of our world that has the most enormous potential for growth our civilization has ever seen, and we are only at the forefront of its development. There will always be a solution for our needs. It is up to us to define what that is going to be.

Budget

Cisco ASA 5500 series firewall - $3,300

Juniper IDP-800 intrusion detection and prevention appliance - $8,500

Tenable Nessus network vulnerability scanner - $1,200 per license, per year