I am writing this memo to inform you that it is my professional opinion that the network in need to a dull vulnerability assessment. There are three tools that I believe would be a good tit tort penetration testing on this network. They are MAP, Nesses and Metalloid. I have added brief, yet detailed, descriptions to the three automated penetration testing tools that are on the market. I believe they all have their pros and cons and will explain the capabilities and costs associated with all three in this memo. MAP
We will write a custom essay sample
on Risk memo or any similar
topic specifically for you
MAP is used to scan for open ports, identify services, and identify the operating system that the machine utilizes. This allows data that is extracted to be used to perform more direct vulnerability assessments, MAP is not known to be a vulnerability scanner as other tool in the industry are. It is a stealthier tool than most. Meaning, it is a much quicker and more quiet than other tools. MAP utilizes the Three Way sync n sync/scan sack The handshake helps with fire walking. Fire Walking Is how a scanner determines the movement of a packet from an entrusted external host to a trusted host.
This helps to determine which ports are open and what type of packets can travel to the Internal host. This program helps with what and how many computers are on a network. It allows you to determine what services are running on a given machine. It allows you to find corresponding exploits for all systems. What Is most attractive about MAP Is Its price – FREE. The only associated cost with this automated tool Is the training needed to run It effectively. Pros: MAP Is continuously update. It was written by a security professional.
It Is a solid port scanner with numerous capableness beyond what may be needed. Dwellers IP addresses stealthy SO and application version detection Command line availability The scans are very aggressive and not quiet The scans hostility may crash the system NESSES Nesses is a vulnerability scanner. It identifies vulnerabilities. One of the best features of the Nesses isthere can be several Nesses servers on the network that will report too main server. Nesses can be very complex, but with the right training, it is worth using. The use of a Nesses scanner will encourage defense productivity.
Page 2 Risk memo Essay
Patch can be done on a regular bases end the vulnerabilitieswill not exist unnoticed. Unfortunately, it will not exploit vulnerabilities. Nesses installation is very simple. After installation and before the actual penetration test, Nesses is used to make a vulnerability assessment. Since Nesses is not used for port scanning and fire walking, MAP is can be used to has a very important role in penetration testing. The cost of Nesses is free for personal use; however, the cost can be approximately $1300/year. Pros: Scanning is free Reports patching effectiveness Cons:
The user interface is not friendly Is very hostile on the network METALLOID The exploiting of the vulnerabilities is where Metastasis’s role begins. After MAP scans for ports and collects information, Nesses scans the vulnerabilities and Metalloid completes the automated penetration testing process by exploiting the vulnerabilities. It is one of the most useful exploit tools available on the market. This tool develops and executes exploit code against targeted machines. Metalloid is also able to assess vulnerabilities before exploiting them.
Because of the amount of Seibel vulnerabilities, metalloid can not do every part of penetration testing on its own. However, it does have the world largest database for known exploits. The cost of this framework is free. Metalloid does have a Pro edition which has a price tag of over $10,000. Training is mandatory for this tool due to the amount of practice needed. Pros: Can test against all operating system. Constant updating Cons: Needs to be used in a controlled manner to prevent issues. Which tool best fits our environment? It is my professional opinion that not only one tool should be used to test the network.
All three of the tools that I have introduced would be a responsible choice. They all have their pros and cons. Furthermore, they all work will together to perform a complete penetration test that will provide the most accurate results for the police station.. If we were to choose only one tool, I would suggest MAP. However, I will conclude with a recommendation of using multiple automated tools, whether it be the three that I have suggest or others. The intentions are to protect the network and using a suite of tools will be most beneficial considering the circumstances. Respectfully,See More on Nessus