Network Visualization and Vulnerability Detection
Organizations create maps of network infrastructures and their components to present insight into the interconnections between their various locations, subnets, routers, switches, etc. It is important for these maps to be up to date because they are often used when troubleshooting network issues.
Vulnerability detection seeks to identify weaknesses in networks, applications and even software code. There are several network scanning tools that organizations use based on the specific requirements. In the organization for which I work, we use Synopsys for static code analysis, Veracode for dynamic code analysis and Nessus for vulnerability assessments on endpoints software. To troubleshoot network issues in the test lab, I have utilized Wireshark analyzer, and also Nmap to discover open ports and services. In planning network expansions with cross-functional teams, visualization maps have provided insight and clarity in the decision-making process.
Security professionals that use these tools must utilize them responsibly when securing the organization’s networks, and protecting the confidentiality, integrity and availability of the organization’s sensitive information. Ethically, security professionals should respect individuals’ privacy and avoid using these tools to gather sensitive information about them.
During the CSOL 570 class, I used several tools to conduct surveillance and reconnaissance labs. I am including my final class report which details some of the labs which I performed for this course.
Reflection
I tremendously enjoyed every moment in this class which encompassed hands-on learning about various vulnerability tools. At the inception of class, I built a Lab environment consisting of servers with varying Linux OS, within Oracle VirtualBox, in preparation for the lab exercises. Within this environment, I executed several labs exercises using various tools, some of which were new to me. The Kismet lab for identifying the SSID of active wireless Networks, presented some issues with attaching the USB wireless adapter but provided great insight and knowledge. Not only did I learn that my hidden SSID could be uncloaked with the Kismet tool, I also realized that some of my IoT devices had no embedded security.
Other labs that were completed are:
Used NMAP to identify open and listening ports on a Metasploitable VM. I have used NMAP numerous times before in troubleshooting network issues, so I was remarkably familiar with the tool.
Conducted a trade study between SolarWinds IP Monitor and Nagios Core. based on criteria such as ease of use, learning curve, does it have a GUI, and operating systems that it could run on. While both tools have some learning curve, I preferred SolarWinds IP Monitor over Nagios Core because, unlike Nagios Core, it uses SNMP to generate alerts, presented a graphical representation of the network topology and was easy to install.
Used Wireshark Analyzer to capture and examine IP packets and TCP segments from data flowing over the network. I was familiar with this tool because I have used it numerous times when troubleshooting issues on different networks.
Executed a trade study between Tenable Nessus and Rapid7 Nexpose. I must admit that there was some bias because I use Tenable Nessus regularly so there was no learning curve. However, Tenable Nessus is known for having the most CVE coverage in the industry and the lowest false-positives rate.
Conducted reconnaissance and exploitation on the Metasploit system from Kali Linux VM. This lab provided insight into the various Metasploit payloads and auxiliary modules which could be used to compromise a metasploitable system.
While this class introduced a variety of tools which could be used for troubleshooting, there would be a learning curve for any security professional to become proficient with them. When organizations seek to purchase vulnerability solutions, they examine a plethora of critical factors and seek answers for such questions as; Does it align with our budget? Is it scalable and would performance be compromised as we grow? How easy is it to use and does it present a user-friendly interface? How well does it integrate with our other tools? Are there a lot of false positives? Are there customizable reports that present clear insights into vulnerabilities and risk levels?
For most of these tools, I see their uses being employed more at a business unit level. Organizations would rather have a solution that includes several aspects of vulnerability management and even some automated features. Such a solution increases efficiency and reduces the time for troubleshooting because all the needed information could be extracted from a single platform.
As a security professional, it is my duty to use these tools for protecting the organization’s security infrastructure, adhering to all legal and regulatory requirements, and not for any personal gain. When conducting risk assessments, I am expected to evaluate the severity of vulnerabilities, and provide actionable recommendations,