Vulnerability Management Development Paper Example

Introduction

Vulnerability is being defined as a weak spot in the network which in one way or the other can be exploited by a security threat. The unaddressed vulnerabilities result to the potential risks which in turn causes the Windows Updates and Web server to fail (Kim, Chen & Lindeman, 2015). In addition to that there are other risks which are associated with vulnerability which are inclusive of data loss. Therefore, before one starts to search about the networks it is advisable to review where and how Vulnerabilities can be found.

Description of the Results

Some of the key actions which needs to be taken in order to identify Vulnerabilities are as follows:

• Understanding the common attacks - It is a fact that attacks within the network comes in many different ways. Most of the time, attackers are not aware of people they are attacking though there are examples of networks or organisation which are precisely the main target Haber & Hibbert, 2018). In this case, what is necessary is to learn various methods used in compromising computers together with networks which gives the required clue to proceed.
• Inventory the Vulnerabilities - The first step in this action is fully establishing of the potential vulnerabilities. It requires taking the special attention in order to identify everything which seems to be not common concerning network. .
• Use of the Vulnerability Skimming or Scanning devices - There are many tools which exists when it comes to check the prevailing state of the network. These kinds of the tools usually checks for ports which are open, software which are unpatched together with other weaknesses. Some of the above mentioned risks attacks specific machines while they can still cause defect to the whole network. If the case discussed above happens, Microsoft usually offers one important tool known as Baseline security analyser. This special tool checks for the total updates as well as configuring common errors for the Microsoft products (Bailey, 2018). Furthermore, there is another popular scanning program kwon as Nmap which scans all threats which might lead to risk.
• Assessing the risks - different vulnerabilities within the network usually represents the potential costs in both time and money .These costs helps in exploiting vulnerabilities which in tur aids a lot to determine the kind of the risk being involved. As it is commonly known, risk assessment is the combination of quantifying threat cost as well as qualifying odds of the attack. Therefore it is necessary to determine the own tolerance for the risk depending with the circumstances.

The analysis of what these possible threats seems to take advantage of vulnerabilities

The patron information - Having the patron data being compromised is not accepted in any network. What needs to be done is designing the network and implement security in order to minimize the identified risk. However, the risk cannot be reduced completely but it can be drastically reduced at low levels.

The slow Internet connection - When there is sharing of network connection among people there is usually increase of cost in order to effect the speed of that sharing. This is being achieved through purchasing the complex network which monitors the equipment and provides some level of restriction (Bailey, 2018). This is because shared network has higher tolerance of showing slow internet connection periodically. Another aspect of solving this issue of slow internet connection is through developing or hosting an individual website, online catalogue as well as the email server which in one way or the other requires more stable internet connections.

The comparison of OpenVAS and Nessus

The comparison of OpenVAS and Nessus is being done in various aspect which involves performance basis which in turn brings the factor of advantage and weakness. Also, there is also assessing their performance in different type of vulnerabilities for example network staff.

To start the comparison, the obvious one is that Nessus is being highly commercialized which means it is a paid software whereas OpenVAS is not commercialized. In aspect of performance, Nessus can be said that it has more professional function which apart from just identifying vulnerabilities, it also goes extra mile to give suggestions on what to go about them and how to fix them completely (Holik, Horalek, Marik, Neradova & Zitta, 2014, November). On the other hand OpenVAS s just an open source and it is free of charge which does not suggest solution to the identified vulnerabilities.

In the issue of identifying vulnerabilities both yields different outcomes as well as showing varied vectors of attack. Therefore in comparing which one to prefer, Nessus seems to be more superior when it comes to identifying threats and also fixing them.

Descriptions of exploits for your vulnerabilities.

In order to deal with any vulnerability, there is need of first exploiting it and then suggest better way of managing them. The steps which are involved exploiting vulnerability includes identifying it, classifying it, evaluating it as well as mitigating it (Bukowski, 2019). If all this process are being carried in a systematic way, they lead to fully exploitation of vulnerability which later leads to fully managing of the vulnerability. This will increase the chances of dealing with risks which affects the function ability of the network.

References

Bailey, B. (2018). Reducing the Software Risk in Ground Systems.

Bukowski, L. (2019). Assessment Operational Risk and Dependability of Logistic Networks-Application Examples. In Reliable, Secure and Resilient Logistics Networks (pp. 215-253). Springer, Cham.

Haber, M. J., & Hibbert, B. (2018). Vulnerability Management Development. In Asset Attack Vectors (pp. 125-163). Apress, Berkeley, CA.

Holik, F., Horalek, J., Marik, O., Neradova, S., & Zitta, S. (2014, November). Effective penetration testing with Metasploit framework and methodologies. In Computational Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp. 237-242). IEEE.

Kim, Y., Chen, Y. S., & Linderman, K. (2015). Supply network disruption and resilience: A network structural perspective. Journal of operations Management, 33, 43-59.