Vulnerability Management Presentation to Stakeholders

profileChye_aislyn06
VMScanner_Taylor-Melton.docx

1

VM Scanner Background Report

April Taylor-Melton

CMIT 421 4520

21 Feb 2021

Introduction

Vulnerability management is significant for businesses. When a business experiences a cyber-attack, it risks losing customer trust and loyalty and incurring expensive litigation processes and government fines. Therefore, it is essential to prevent such occurrences in a business (Goel & Mehtre, 2015). In this paper, an assessment of Mercury USA will be conducted. The company used the Nessus vulnerability scanner to identify the vulnerabilities in the company. After the scan was completed, Mercury USA was issued the report indicating the vulnerabilities that it faces. In this paper, the analysis of the Nessus vulnerability report will be conducted. That will identify all the vulnerabilities that are identified in the report and their implications in the business. Effective mitigation strategies will also be discussed to come up with a plan that may be used to prevent the vulnerabilities from being exploited by the cyber attackers. That will safeguard the company's operations and data from cyber threats and cyber-attacks. When giving the recommendations, the business case will be considered. That entails what the CEO of Mercury USA requires to be done. It will also ensure that the mitigation strategies that have been given align with the company’s operations. Moreover, a recommendation on whether to purchase the Nessus vulnerability scanner will be given.

Part 1: Nessus Vulnerability Report Analysis

The Nessus vulnerability report should be sent to the management of Mercury USA so that they may see the vulnerabilities that were identified by the Nessus vulnerability scanner. However, the management of the company will not easily understand the report. Since it would be time-consuming for the IT manager to explain everything to the management of the company, it is integral to attach meaning before sending the report to the management. Explaining the report will make it easier for the company’s management to understand the Nessus vulnerability report. It will also let them understand the implications of the vulnerabilities that have been identified.

The tool’s output was effective. The Nessus vulnerability report covers all the workstations and servers at Mercury USA. That shows that the report is relevant to the company. It shows the information that the company was seeking. Although the report does not explain the issues identified, it is effective as it identifies all the vulnerabilities in the company’s system. The report is well organized and easy to interpret. It provides the four hosts executive summary at Mercury USA. The report arranges the issues that have been identified in five categories. The categories are critical, high, medium, low, and information. In this case, the vulnerabilities are represented by critical, high, medium, and low with critical being the most serious vulnerabilities and low being the less serious vulnerabilities.

The tool provides enough information for me as an analyst to use. As indicated above, the vulnerabilities are arranged in accordance with their seriousness and the threat that they pose to the company. That makes it easy to identify the most critical vulnerabilities in the business. Therefore, the most serious vulnerabilities in the business should be tackled before addressing the less serious vulnerabilities in the business. Therefore, the Nessus vulnerability report will be used to effectively identify all the vulnerabilities in the company based on their seriousness and the threat that they pose.

From the Nessus vulnerability report, the three most important vulnerabilities in the company’s system can be identified. The vulnerabilities are the most critical as they may lead to other vulnerabilities occurring in the company’s systems. Thus, when corrected, more vulnerabilities will be prevented from occurring. However, that does not indicate that the other vulnerabilities should not be dealt with. Due to the nature of seriousness and critical nature of some vulnerabilities, they have to be dealt with first.

The first important vulnerability that has been identified is “Unix operating system unsupported version detection.” That indicates that Unix operating system that is used by the company’s 192.168.1.30 host is no longer supported. The version of the Unix operating system runs on the remote host in the company. The lack of support indicates that there will be no more security patches that will be produced for the operating system. Thus, the operating system is likely to have security vulnerabilities. That poses a serious threat to the company as the security vulnerabilities may be exploited by cyber attackers. Therefore, the company should upgrade to a version of the Unix operating system that is supported.

The second important vulnerability is “Bind Shell Backdoor Detection.” That indicates that the remote host of the company may be compromised. If it is not compromised, it indicates that there are higher chances that it could be compromised. The vulnerability indicates that the shell listens to the remote port without the requirement of authentication (Tenable, n.d.). That may be exploited by an attacker and they may send the commands directly thus accessing the company’s system. The company should verify whether the remote host is compromised and then re-install the system to ensure that it is safe.

The third important vulnerability is a security update for the Microsoft Windows SMB server. The company has an available security update that it has not installed. That may pose a threat to the company as the security vulnerabilities may be exploited by attackers. Therefore, the company should update its Microsoft Windows SMB.

As indicated above, the report provides enough information to address and remediate the three most important vulnerabilities. Although the report does not indicate the solutions directly, they may be formulated by understanding the vulnerabilities and what they entail.

WhatsApp Image 2021-02-17 at 08.58.10

Part 2: Business Case

Although the company faces several critical vulnerabilities, it is in a better position. That is because the vulnerabilities that have been identified can be easily corrected. Additionally, they may not be used directly by attackers to attack the company. But if not corrected, they may lead to attacks that may lead to loss or expose of business-critical information and customers’ information. That is evident as most of the vulnerabilities require updates that have not been done. That considered, the company should always update its systems when updates are made available. That will ensure that the vulnerabilities in the company are minimized and the security is heightened.

Based on the vulnerabilities that have been identified in the Nessus vulnerability report, some vulnerabilities may lead to adversary threats that might lead to exfiltration of the company’s data or ransomware being used against a company. A black hat hacker might try to use the remote hosts to access the company. Several critical vulnerabilities have been identified in the remote hosts operating systems. The vulnerabilities would enable a black hat hacker to access the company without being noticed. For instance, a black hacker may use a bind shell that does not require authentication to access the company’s data. Additionally, SMB signing is not required, and it shares unprivileged access. That would be used by attackers to hold the company’s data for ransom or exfiltrate the company’s data. That indicates that the company should come up with mitigation strategies and implement them as soon as possible.

Part 3: Nessus Purchase Recommendation

The overall features of the Nessus vulnerability report are adequate for technical professionals. The report identified the vulnerabilities that have been identified in a company’s systems and categorizes them in the order of their seriousness in a company. Technical professionals would use such data as it simplifies their work of identifying the vulnerability and determining its seriousness. The Nessus report is understandable by the management. However, the members of the management team that do not have knowledge of IT processes should be explained to understand what the vulnerabilities entail. That is because the report s written in IT terms.

Nessus vulnerability professional costs depend on the period that a company buys to use the tool. It is available for sale for periods of one year, two years, and three years. The cost for a year is $3.458, the cost of two years is $6765, and the cost of three years is $8621. The tool may come in a standard format or an advanced format with an extra cost (Tenable, 2020). The cost of the tool is fair as it warrants its support, efficacy, and usability. Nessus vulnerability assessment tool may help Mercury USA comply with the regulatory and standards by enabling the company to identify its vulnerabilities and coming up with mitigation strategies. That will ensure that the company develops strong security for its systems. Therefore, I would recommend the Nessus vulnerability assessment tool for Mercury USA. It would be effective for the business and it will help in reducing its vulnerabilities.

Conclusion

According to the Nessus vulnerability report, the company has several vulnerabilities. Most of the vulnerabilities are present as a result of the company not updating its systems. Such vulnerabilities may be exploited by attackers to access the company’s critical business data and the customers’ data. That may result in loss of customer trust and incurring a lot of costs in the litigation processes and government fines. Nessus vulnerability assessment tool is easy to use and effective for a business. Thus, Mercury USA should buy the assessment tool. It will enable them to deal with the vulnerabilities that they face thus, heightening the security of the company. Purchasing the Nessus vulnerability assessment tool is effective to the organization, employees, and management as it will ensure that the employees work effectively with assured security in the systems. It will also enable the managers to come up with effective mitigation strategies and security policies thus protecting the company from cyber threats and attacks.

References

Goel, J. N., & Mehtre, B. M. (2015). Vulnerability assessment & penetration testing as a cyber defence technology. Procedia Computer Science57, 710-715.

Tenable. (2020, July 13). Nessus professional. Tenable®. https://www.tenable.com/products/nessus/nessus-professional

Tenable. (n.d.). Bind shell Backdoor detection. Tenable® - The Cyber Exposure Company. https://www.tenable.com/plugins/nessus/51988