67%(3)2 out of 3 people found this document helpful
This preview shows page 6 - 10 out of 23 pages.
OpenVas is another open source security tool. OpenVas is a framework of not only various services but also tools that offer a comprehensive and powerful vulnerabilityscanning along with a vulnerability management solution (OpenVAS, n.d).Wireshark is another open source security tool that is the worlds first in rank and extensively used network protocol analyzer. Wireshark allows for the owner of the network to see what is happening on the network at a level that is microscopic (Wireshark· go deep, 2016).6
Operating Systems Security Policies Document ShellSecurity Threat Detection Security Tool AnalysisSnortSnort is one operating system security threat detection tool, created in 1998 by Martin Roesch who was the Sourcefire founder and the chief security architect at Cisco (Cisco, 2014). “Snort is an open source, rule-based, Intrusion Detection and Prevention System or IDPS that is able to perform real time analysis and packet logging on IP networks (Cisco, 2014).” Snort is a protocol analyzer and it allows for the user to indifferently find and or vigorously block differing types of probes and attacks. The Snort7
Operating Systems Security Policies Document Shellsoftware is able to perform protocol analysis, searching and or matching content, and is able to detect various attacks and or probes such as (“What is snort?,” 2016):“Stealth Port Scans (“What is snort?,” 2016)”“Operating System Fingerprinting Attempts (“What is snort?,” 2016)”“Buffer Overflows (“What is snort?,” 2016)”“Application Attacks (“What is snort?,” 2016)”Snort takes the advantages of signature, protocol, and anomaly based inspection methods and combines them in methods that deliver a flexible protection from malware attacks. There are three main benefits to Snorts open source development methodology (Cisco, 2014):Rapid Response: Protecting the environment from attacks that are quickly emerging by using Snort to not only customize but to also enforce the securityrules that were put in place.Greater Accuracy: Strengthens the security without the user having to do a thing. High Adaptability: The Snort system can be used as the infrastructure for developing a network security solution that is unique to the needs of the user/ company.Just like anything that has benefits, there are challenges that come along with it. With the networks today being very dynamic, being able to keep the systems up to date can be a challenge. The key to the security of the next generation is to create or use contextual awareness, the compiling of data by structure and behavior of the networks, applications, and users, which Snort was not programmed to do. Because of the deficiency of contextual awareness, it makes the trustworthy automation and swift threat assessment more of a challenge. Without the automation, sorting through the alerts in 8
Operating Systems Security Policies Document Shellorder to figure out which ones are relevant before being able to identify the risks that pose a legitimate threat has to be done manually (Cisco, 2014).