It is hoped that these metrics will be valuable for any network administrator to acquire an absolute risk assessment value of the network. Probabilistic approach is then applied to calculate an overall security risk level of sub networks and entire network. This is achieved by electronically scanning the network using the vulnerability scanning tool (Nexpose) to identify the vulnerability level at each node classified according to the common vulnerability scoring system standards (critical, severe and moderate). In this paper, a method is devised to quantify the security level of IT networks. Currently, many research efforts are directed towards securing network further whereas, little attention has been given to the quantification of network security which involves assessing the vulnerability of these systems to attacks. Despite such attacks, the aim for network administrators is to enable these systems to continue delivering the services they are intended for. Keywords: Vulnerability Scanning risk assessment nessus OpenVAS Nmap scripting engineĪlong with the tremendous expansion of information technology and networking, the number of malicious attacks which cause disruption to business processes has concurrently increased. Novelty: Although there might be few other similar comparisons of vulnerability scanners in the literature, the main herein contribution is the provision of a practical and above all easily reproducible framework for small business enterprises to establish proper selection procedures of such security software without spending a lot of money for expensive testing infrastructure. Findings: The herein developed framework is shown to be efficient with regards to comparison and selection of candidate risk analysis software with easily accessed and affordable infrastructure. Method: The proposed methodology is based on developing a framework for suitable setup and usage of virtual machines making risk analysis practical and being capable of comparing different vulnerability scanners. Moreover, the purpose of this paper is to compare three of the most well-known free vulnerability scanners (Nessus, OpenVAS, Nmap Scripting Engine) with regards to how they can be used to systematise the process of Risk Assessment in an enterprise, based on the herein presented experimental evaluation framework involving virtual machine testing. The goal of this research report is to provide a practical comprehensive virtual machine based framework for assessing the performance of vulnerability scanners applied to such enterprises, focused to small and medium size ones towards a risk evaluation analysis. Objectives: Risk Management has been recognized as a critical issue in computer infrastructures, especially in medium to large scale organizations and enterprises. It is based on virtual machine vulnerability performance analysing and focuses on modelling and simulating the business environment of a small to medium size enterprise, extending significantly the scope and results of the authors preliminary study in (1), contributing the complete setup and framework risk assessment development and analysis. Although, there are other attempts in the literature (3)(4)(5)(6)(7) (8) to provide assessments of vulnerability scanners based on their features and characteristics, offering relevant comparison frameworks, the contribution of this paper lies in the development of a suitable comprehensive, practical and above all reproducible evaluation framework towards modelling and emulating enterprise environment risk assessment. (1,2) The aim of this report is first to provide a comprehensive framework for the vulnerability analysis assessment of small to medium size enterprises and, secondly, to analyze the free and open available vulnerability scanners in order to adopt the ideal ones as the base of creating such a stochastic model and based on its features to identify how this could potentially be elaborated.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |