StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Trusted Computer System Evaluation Criteria for Nessus vs Wireshark - Essay Example

Cite this document
Summary
The essay "Trusted Computer System Evaluation Criteria for Nessus vs Wireshark" compares famous network protocol analyzers using special evaluation methodology. The first issue was the gradual expansion of necessities and the second issue is associated with the time of the evaluation process…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.7% of users find it useful
Trusted Computer System Evaluation Criteria for Nessus vs Wireshark
Read Text Preview

Extract of sample "Trusted Computer System Evaluation Criteria for Nessus vs Wireshark"

Full Paper Comparing Nessus and Wireshark Wireshark is considered to be at top of the list for network protocol analyzers. Wireshark not only provides vulnerability analysis, as its functionality can be resembled with “tcpdump.” It emphasizes protocols and represents data streams on the GUI. The major advantage that this tool has is the compatibility of operating systems, as it supports OS X, Windows, UNIX and Linux. Moreover, it also extensively supports Voice over IP that is a significant option for the organization, as international and corporate organizations use VoIP for communication purposes to save cost and at the same time deliver quality. Nessus, on the other hand, is used in more than 75,000 organizations around the globe and it is considered to be one of the world’s most popular vulnerability scanner (Ferguson, n.d.). However, the third version, i.e. version 3, has now been converted to a proprietary license as the scanning engine is still free and updates are also available after a week on a release. Hypothetical Scenario When Nessus is incorporated in a large enterprise, most probably, a government organization such as Department of Defense (DOD) networks, it will initiate a port scan and target the defined host or a network. After opening the port, it examines all the services that are running on the system or network and tests all the detected services against vulnerabilities defined in the Nessus vulnerability database (Kim, n.d.). As this tool can develop a testing platform for network resilience, the report generation is very comprehensive that is ideal for large enterprises. As it is an easy remote based vulnerability analysis tool, it can be best suited for large enterprises that are geographically dispersed in more than one continent (Kim, n.d.). Moreover, in an ideal scenario where corporate networks for large organizations contain many client/server architectures, Nessus will detect the clients and the server automatically when connected to the specific network at a specific location (Kim, n.d.). Network security professionals of a large enterprise can customize plugins, as per their requirements, as the tool has its own scripting language for defining methods to test and identify network for vulnerabilities (Kim, n.d.). The tool will penetrate within the corporate network and start scanning anonymous File Transfer Protocol (FTP) and for the client/server architecture, secure socket Layer (SSL) will provide an additional layer of security for report results. However, for false positive detection, a validity check is required on the reports from Nessus displaying vulnerabilities found. This process is time consuming and complex. Moreover, Nessus tool can also crash routers, firewalls, switches or another network resource on the network. For addressing this issue, plug-in must be tested prior to deployment. Yet, prevention of the crash of network resources and devices is not guaranteed. Wireshark, on the other hand, captures live data and evaluate protocols simultaneously on a corporate network, where data streams are big in size. Wireshark provides powerful features for analyzing network traffic coming from remote branches connected on a global scale, as it dissects traffic contents and represents it in a tree shape. For evaluating wireless connectivity, Wireshark possess a Frame Dissector window that represents frame statistics and contents of 802.11 MAC layer. As mentioned earlier, the data streams will be much bigger in size; as corporate organizations have hundreds of branches, Wireshark will narrow down the number of packets from those data streams by applying inclusive and exclusive filters. However, to successfully engage Wireshark for analyzing protocols, user must have protocol knowledge, and a major drawback for Wireshark to be used on an international scale is the absence of packets that are traveling on another subnet, i.e. another network. For a national level organization that is only located within the country, as sales reports from Burger King branches need to be submitted to the head office by the end of the day, Nessus provides transparency of source code to ensure no modification is carried out in the code. As a security engineer at Burger King, personnel can establish customized vulnerability checks and deploy them in the tool. These vulnerability checks are recognized by a large consortium that continues to make new checks. For an organization based at a local scale, budget is not an issue as the tool is free. Wireshark that is specialized in sniffing network issues at the initial level, Burger King can deploy this tool to potentially identify threats and vulnerabilities and resolve them before exploitation. For costs, Wireshark is categorized under General Public Licensing terms and conditions and it concludes less cost comparatively. For small medium enterprises comprising 20 to 30 nodes, both of these tools will be feasible. However, in terms of functionality, Wireshark will be more feasible as it focuses on network sniffing, as compared to Nessus that monitors live traffic. Criteria Creep The common criteria have addressed various problems as compared to other evaluation criteria that have failed to deliver. Although the common criterion is not flawless, as at the initial level, security objectives and protection profiles possess the same weakness similar to the Information Technology Security Evaluation Criteria (ITSEC) (Matt, 2006). The evaluation methodology of Trusted Computer System Evaluation Criteria (TCSEC) has two fundamental issues. The first issue was “criteria creep” or the gradual expansion of necessities that illustrates the evaluation classes for TCSEC (Matt, 2006). The findings of the evaluation highlighted the interpretation of the criteria for applying it to specific products, instead of publishing regular revisions for addressing the interpreted requirements. NCSC decided to construct a process of approvals for interpretations and publishing them in an informal supplement for the TCSEC (Matt, 2006). Likewise, occasionally the interpretations were more precise and focused as compared to the original necessities. As the time passes by, the list of these supplements increased and led to an expansion for the scope of individual criteria for TCSEC along with its interpretations. Consequently, a class C2 operating system is required for coping all the new requirements compared to a system that was evaluated previously (Matt, 2006). For evaluating new products under evaluation, new products will be put in an extra burden along with dissimilarity between baseline security enforcement for all C2 operating systems (Matt, 2006). However, there were many issues that were highlighted with associated dissimilarities, as it covered problems that need to be addressed by the security community and, hence, making more improved security products. Moreover, the second issue is associated with the time of the evaluation process as it consumed a lot of time (Matt, 2006). Likewise, the contributors of this issue are three factors. One of them is associated with the vendors as they misjudged the complexity of the evaluation and the vital collaboration with the evaluation teams. The procedures associated with evaluation management resulted in misconceptions and scheduling issues. Lastly, the motivation level was never too high to complete the evaluation (Matt, 2006). As a result, usually there were delays in the schedule by the vendors and evaluators (Matt, 2006). Likewise, additional work was imposed on the vendors and, on the other hand, evaluators were allocated to multiple evaluations and consequently, the schedule for a specific evaluation resulted in delays due to another vendor. The process of evaluation was time-consuming, so the product eventually became obsolete prior to the awarded ratings (Matt, 2006). Leading to the end of life for the TCSEC, government approved laboratories on a commercial level for evaluations for a fee. This initiative from the government resulted in a more structured approach that was not time consuming and the evaluation completion process took almost a year. References Ferguson, B. (n.d.). CompTIA network+ review guide: Exam: N10-005. Sybex. Kim, C. L. (n.d.). Fundamentals of network security firewalls & VPNs. Jones & Bartlett Publishers. Matt, B. (2006). Introduction to computer security. TBS. Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(“AN INTRODUCTION TO INFORMATION AND CYBER SECURITY Thesis”, n.d.)
AN INTRODUCTION TO INFORMATION AND CYBER SECURITY Thesis. Retrieved from https://studentshare.org/information-technology/1681358-an-introduction-to-information-and-cyber-security
(AN INTRODUCTION TO INFORMATION AND CYBER SECURITY Thesis)
AN INTRODUCTION TO INFORMATION AND CYBER SECURITY Thesis. https://studentshare.org/information-technology/1681358-an-introduction-to-information-and-cyber-security.
“AN INTRODUCTION TO INFORMATION AND CYBER SECURITY Thesis”, n.d. https://studentshare.org/information-technology/1681358-an-introduction-to-information-and-cyber-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Trusted Computer System Evaluation Criteria for Nessus vs Wireshark

Using Wireshark To Solve Real-World Network Problems

The paper "Using wireshark To Solve Real-World Network Problems" discusses the methodology for detecting threats on distributed networks presented by Zonglin, that consists of pattern detection for distributed network environment and also provides a network-wide correlation analysis.... Using wireshark To Solve Real-World Network ProblemsEncase provides a lot of features, as some of the features are to analyze files that are targeted to files stored on systems....
3 Pages (750 words) Essay

Computer Networks Issues

Specifically designed norms have be laid down in the form of layered architecture with the description of the devices used for connectivity at each and every layer in order for the system to work efficiently and without any difficulty. … Local area networks are very essential to let the work going for any kind of organization, then may it be a software development firm or a bank, or any other organization, which requires a large number of computers connected to each other for easy data transfer....
7 Pages (1750 words) Essay

Project Management Computer Systems

… A major advantage of this version is that the information is collectively available online for combined decision making and better evaluation of project tasks and their status to boost up the speed of under-level projects by clearly identifying risk factors with the help of graphical data presentation.... However, evaluation is not only the single criterion for software evaluation besides it also depends upon the methods, training, tools(software), execution map, assessment course and other significant componentsCompanies experience...
14 Pages (3500 words) Essay

Secure Computer System

In the essay “Secure Component system” the author classifies the occurrences as an incident or disaster.... hellip; The author states that a computer security incident can be a result of a computer virus, a system intruder, other malicious code, sabotage from an insider or an outsider.... Using a Microsoft XP or 2000 system, open Internet Explorer.... How can these tabs be configured to provide: a) content filtering, and b) protection from unwanted items like cookies Some actions that Microsoft XP or 2000 system allows a user to do in order to configure content, filtering and protection from unwanted items like cookies are 1....
2 Pages (500 words) Essay

HCI Design Project Usability Evaluation Criteria

This paper aims to provide an elaboration of the evaluation criteria by reviewing articles and literature on two major usability evaluation criteria namely; Heuristic evaluation and usability testing.... Jacob Nielsen is considered the father of Heuristic evaluation criteria.... According to Nielsen, the main goal of the heuristic evaluation criteria is to identify the problems that are associated with the design of a user interface....
5 Pages (1250 words) Research Paper

How to Use Wireshark to Capture a Packet Trace

In this report “How to use wireshark to Capture a Packet Trace” the author will assess wireshark technology-based application with respect to its overall technological working, operations, history and mainly for the Linux based services administration.... hellip; The author states that wireshark technology is a network protocol analyzer system.... Additionally, the wireshark has the optimistic and dominant characteristic collection and is the world's most well-liked application of this sort....
12 Pages (3000 words) Assignment

Cloud Computing System for Anglia Cloud

… Cloud computing system for Anglia CloudIntroductionThis paper is a report for the board of Anglia Cloud explaining the idea, benefits and dangers of cloud computing as well as recommendations of computers, printers, broadband internet connection, Cloud computing system for Anglia CloudIntroductionThis paper is a report for the board of Anglia Cloud explaining the idea, benefits and dangers of cloud computing as well as recommendations of computers, printers, broadband internet connection, network hardware, and network topology suitable for the system....
5 Pages (1250 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us