AN INTRODUCTION TO INFORMATION AND CYBER SECURITY Thesis

AN INTRODUCTION TO INFORMATION AND CYBER SECURITY - Thesis slipNessus, on the other hand, is used in more than 75,000 organizations around the globe and it is considered to be one of the dry lands to the highest degree popular vulnerability s quarterner (Ferguson, n.d.). However, the third version, i.e. version 3, has now been converted to a proprietary license as the scanning engine is still free and updates are also acquirable after a week on a release.When Nessus is incorporated in a large enterprise, most probably, a government organization such as Department of Defense (DOD) net incomes, it will initiate a port scan and target the defined host or a entanglement. After opening the port, it examines all in all the function that are running on the system or network and tests all the detected services against vulnerabilities defined in the Nessus vulnerability database (Kim, n.d.). As this tool can develop a testing curriculum for network resilience, the report generation i s very comprehensive that is ideal for large enterprises. As it is an easy unconnected based vulnerability analysis tool, it can be best suited for large enterprises that are geographically dispersed in more than one continent (Kim, n.d.). Moreover, in an ideal scenario where corporate networks for large organizations inhibit many client/server architectures, Nessus will detect the clients and the server automatically when connected to the specific network at a specific location (Kim, n.d.). Network security professionals of a large enterprise can customize plugins, as per their requirements, as the tool has its own scripting language for defining methods to test and identify network for vulnerabilities (Kim, n.d.). The tool will penetrate within the corporate network and start scanning anonymous archive Transfer Protocol (FTP) and for the client/server architecture, secure socket Layer (SSL) will provide an additional form of security for report results. However, for false posi tive detection, a validity check is required on the reports from