Executive Proposal Project – Medical Solutions Systems (MSS)Daniel TouegCMIT 321University of Maryland University College?Executive Proposal Project for Security Testing Software Problem Definition at MSS Medical Solutions Systems is a medical research and development business that has accomplished immense accomplishments in the area of medical research.
This businesses accomplishments has caused itself to become susceptible for cyber-criminals to launch cyber-attacks on them. These cyber-criminals main objective is to rob intellectual belongings and data from research and then sell them to rival research corporations. The corporate network is believed to have become infiltrated from unwarranted sources and research data thieved on multiple occasions. There have been a few attacks that have resulted in vandalizing the businesses website utilizing denial of service attacks (DOS). Regardless of the countless attacks, Medical Solutions Systems has been in a position to grow immensely regarding the research and human resources division.
However, the business took a huge hit following a data breach that caused millions of losses in assets/information. Consequently, the business needs an affordable security testing technology that will assess the businesses infrastructure against the typical and serious risks that the business has to deal with. Network Security The sole motive of network security is to defend the business from data interception and theft, zero-day attacks, adware, spyware, identity theft, denial of service attacks (DOS), and other traditional Internet attacks. Network security also incorporates security elements consisting of: intrusion detection systems, firewalls, anti-spyware and anti-virus programs and virtual private networks (VPNs) that supply remote control to the businesses workforce and leading administrators. Utilizing these implements and procedures will assure the businesses network is the smallest amount susceptible to external attack vectors. Security Auditing Implements There are a lot of security auditing implements that supply procedures to safeguard a businesses network.
Some examples of implements include Nessus, Internet security systems, and Nmap. These implements supply indicators with the possibility of a virus or intrusion on a system. One implement incorporates every wanted characteristic that can evaluate the businesses network security and locate patches earlier than cyber-criminals can and it is called the Metasploit framework. The Metasploit framework has two variations, the Pro edition and the community version. The community variation is accessible for a trial run of 3000 days, which is a little over 8 years, although it has less features and functions in contrast to the Pro edition (Maynor, 2011). Benefits of the Metasploit Framework in Relation to Problem Solving at MSS The Metasploit framework is adaptable when it comes to all the various analysis’s and sweeps that it can accomplish.
The advantages of Metasploit are that it permits the integration of unalike penetration testing plug-ins or modules. The framework permits the penetration tester to include additional penetration testing implements like Nessus website vulnerability evaluation implements and network mapper (Nmap). The framework includes more than 500 payloads, 1000 various exploits, encoders and Nops that allow the penetration tester to conduct dissimilar attack types utilizing dissimilar attack vectors like penetration of a live machine, SQL injection, cross-site scripting, open ports using the network mapper and payloads to aid in having continuous backdoors on the controlled machines and stay undiscovered. The encoder’s primary role is to assure that the payloads are transported to their designated location. Nops assure that the payloads sizes are constant while attacks are occurring (Jaswal, 2014).
The cost of Metasploit Pro edition relies on the magnitude of the corporation. The cost varies between 10,000 to 15,000 dollars. The price of installment is complimentary while the Metasploit infrastructure puts the framework into place.
Also, there is an installation blueprint that is somewhat simple to adhere to. There are countless advantages that come from using the Pro edition. The framework scans and exploits for both traditional and custom web programs. These scans have the ability to supply a pivot into a database or venture deeper into every network incorporating Windows 2003 and 2008 servers, servers that are derived on IIS and apache supplied by Microsoft (Agarwal & Singh, 2013). Additional Advantages of Metasploit to MSS in comparison to Network Auditing The framework manages attacks that are derived on social engineering that incorporates duplication of webpages, phishing and malicious attachments that target at utilizing the human component in security that is at the bottom of the totem pole. Finally, the Metasploit framework is the sole penetration testing implement across the globe that supplies unconstrained access on a remote network via a compromised machine/system.
The Metasploit virtual private network (VPN) pivoting eludes the MSS firewalls and supplies encrypted access into the networks, including the Ethernet layer to check the businesses central network. This access allows penetration testers to manage network discovery implements. The implements are NeXpose vulnerability scanner via compromised network, for example, a situation where they are attached to the central network. Metasploit training is reasonably inexpensive since there are endless lessons that are accessible on the Internet.
Dissimilar websites supply lessons at a somewhat inexpensive cost for corporate customers/users. The majority of the modules are taught by the trainer which makes it simple to comprehend how to retain continuous backdoors on the compromised network, obtain access and administer scans. Utilizing the Metasploit framework will assure MSS that the zero-days and network weaknesses are found prior to cyber-criminals acquiring control of them.Table 1 A comparison of network security auditing toolsMetasploit Nessus Network MapperConducts a broad scope of scans containing port scanning and vulnerability assessments methods. Conducts vulnerability analysis methods on central business networks, web programs, and websites.
Conducts a broad scope of operating system (OS) fingerprinting and port scanning methods.It’s an open source and a business program but achieves the optimal network auditing across a broad scope of software in comparison to Network mapper and Nessus. Reasonably inexpensive but restricted when it comes to the quantity of vulnerability scans per session. It’s an open source implement but also conducts operating system (OS) fingerprinting detection scans and restricted scans ?ReferencesAgarwal, M.
, & Singh, A. ( 2013). Metasploit Penetration Testing Cookbook: Second Edition. Packt Publishing Ltd.Gorman, J. O.
, Kearns, D., & Aharoni, M. (2011). Metasploit: The Penetration Tester’s Guide.
No Starch Press.Jaswal, N. (2014). Mastering Metasploit. Packt Publishing Ltd.
Maynor, D. (2011). Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research. Elsevier.