Creating a Persuasive Presentation for VM Process Using Nessus

Project Scenario

Project Scenario :

Based on your VM Scanner Background Report, your boss Judy feels you are ready to pitch your idea to executive management. She would like you to prepare a presentation that will persuade management to implement a VM process and purchase the commercial vulnerability scanner Nessus as a key component of that VM process.

Instructions:

Using your two previous deliverables and the Nessus scan report from Project 2, create a five- to 10-slide presentation that will persuade management to implement a VM process and purchase the commercial vulnerability scanner Nessus as a key component of that VM process. 

Remember to be clear about what action you are recommending. Executive management will want to understand not only what you discovered, but also what you propose as a solution. The company’s leaders will want to know what decisions they need to make based on your findings. Give them the actionable information they need to decide.

You will provide voice annotation for all slides in the following format: 

• five to 10 slides maximum; limit bullets to no more than six per slide
• voice annotation for every slide (excluding the reference slide)
• a reference slide with one to two quality sources

Use the Presentation to Management Template. In the template, you will see specific instructions in the document. Delete the instruction text before you submit your project.

The following evaluation criteria aligned to the competencies will be used to grade your assignment:

• 2.2: Employ a format, style, and tone appropriate to the audience, context, and goal.
• 3.3: Integrate appropriate credible sources to illustrate and validate ideas.
• 1.3: Explain the significance of the issue or problem.
• 3.2: Describe the implementation of controls.
• 8.1: Recognize the process to obtain approval from the business process owner.
• 2.1: Evaluate vendor recommendations in the context of organization requirements.

Introduction

The majority of companies place a strong emphasis on protecting their own safety by the use of various software programmes that scan and analyse the threat they are experiencing. As a result, corporations are putting more emphasis on doing vulnerability scanning, which is critical in ensuring that enterprises are aware of the vulnerabilities inside their sectors. Regular vulnerability scanning, but at the other hand, has been advised in order to ensure that almost all parts of the company's network are protected against compromise. Scanners are widely utilised and may be found across an organization's network, where they can be used to enhance the network and build up a productive atmosphere for employees. There is a variety of vulnerability scanning technologies that a company may use, including Nikto2, Vulnerability scanners, OpenSCAP, and Arachni, amongst many others, that can be implemented [1]. In addition to the previously stated penetration test, there is a Nessus security feature, which has been found to be more sophisticated and speedier when it comes to checking the security of a company. The background report generated by VM Scanner in accordance with Nessus security vulnerabilities in the business will be the topic of the article.

Part 1: Nessus Vulnerability Report Analysis

The Nessus vulnerability scanner is the most often used among the many available system vulnerabilities. A de facto industry norm vulnerability scanning tool, it is widely used by security practitioners in enterprises. Any security professional in a company may utilize it because of its intuitive interface, quick updates, and intelligence. Not only that, but users also praise the tool's affordability. A wide range of detection methods are available, and the numerous plugins are known to provide appropriate protection in an organization [2]. To make the report understandable to everyone in an organization, it's important to clarify the details that are included in it. Using the dashboard, you can see how much data was gathered throughout the testing phase. It is important to note that they indicate the organization's perceptions of dangers and the prospective steps it should take to protect itself against such threats in addition, the risks are classed into critical, high, medium, and low threats.

Instructions

This degree of categorization is critical since it aids in the development of a more effective solution. Information on noncompliance and installation evaluation may be found in the Nessus vulnerability report as well. To achieve an efficient security measure, it outlines the steps that should be performed. The system's output provides additional information that may be used by an organization to strengthen its security procedures [3]. The information may be straightforward to comprehend since it classifications as critical, high, intermediate, or low danger. The reporting information provided by the tools allows a network administrator to concentrate on Mercury USA's most critical vulnerabilities.

The utility provides information on what's occuring on the various hosts and how to fix it. A number of security holes exist inside the Mercury USA system. System upgrades, SMB installation and conformance with trusted rules and best practices are among the security flaws that have been discovered. The study, on the other hand, outlines the steps that must be followed right now in order to address the security concerns.

Part 2: The Business Case

For host 10.253.182.57 Microsoft's security features have not been updated in a significant way. Security updates offer multiple advantages in the fight against both performance and cyber threats. It is possible to add new features and remove outdated software features, as well as to fix and remove computer bugs, by updating the program. Software flaws are a favorite target for hackers. These are flaws in the operating system that they can take advantage of by writing malicious code to target specific security holes. Hackers can gain access to encrypted data and computer systems once malware has been installed on the host's computer. Mercury USA's computer systems can be protected by a simple security update.

Host 192.168.1.10 suffers from a high severity vulnerability in its windows security system. These vulnerabilities can be taken advantage by hackers who utilize well-drafted code packets to gain access to the system.  Host 192.168.1.25 on the other hand, has facilities, which are shared through the network and can be accessed if one has the right credentials. In any case, attackers may find themselves with these credentials; they have read and write permissions to confidential information. Host 192.168.1.30 suffers from critical security issues. First, bind door shell detection highlights the system shell is listening on a remote port on the host without need of authentication. If an attacker connects to the port, he or she may be able to send commands directly. The system also has weakness in its random generator making some encryptions keys common that can be deciphered using brute force attack.  Lastly, the system NFS shares is compromised that attacker may be able to read and write to the remote host.

Part 1: Nessus Vulnerability Report Analysis

The inability to keep Microsoft Security capabilities up to date is the root of the organization's information difficulties. A level of security updates causes a wide range of problems, including the most serious ones. Microsoft security patches are vital for protecting a company from cyberthreats and are well-known for their many advantages. New features may be added and those which are no longer needed can be removed [4]. Among the most important facts regarding upgrading is that it leads to a system's repair. For host 192.168.1.30, the Bind door shell detection can be mitigated by ensuring that the remote host has not been compromised and if necessary, reinstall the system. Secondly, weak encryption keys should be mitigated by regeneration of all OpenVPN, SSL and SSH key materials. Finally, NFS configuration on remote host should be redone and authentication required to allow shares by remote hosts.

Vulnerabilities in a company's security allow hackers to take advantage of the system's weak spots. Operating system flaws are to blame for a number of the issues that have been raised. As a result of malware, hackers can steal critical host data or gain access to that of an organizations information system to access both irreversible and momentary data. Mercury USA's vulnerabilities may be addressed by implementing a strategy or enabling Microsoft security updates that secure the company's computer systems [5]. The many security flaws have been addressed. The company should take into account the importance of enabling security upgrades that will repair all of the computer system's patch management. Newer features that are more efficient and better able to protect against current threats may be added via regular updates. As a result, the business will be able to deal with security issues.

The report generated by Nessus vulnerability solution plays a critical function in a company since it scans the whole information system to discover flaws. Specifically, Mercury USA must therefore prioritize the acquisition of the technology needed to discover vulnerability, given its significance and the role it plays in doing so. Security professionals will need the tool to understand what they need to do in order to protect the organization's operational systems. A data system's vulnerabilities can be assessed using the tool's various features. After scanning for weaknesses, the Nessus tool provides helpful suggestions and remedies. Additional features include detection performance that are well-known for providing the extra protection needed by Mercury USA's systems [6]. Mercury USA should keep in mind that Nessus is a critical tool for identifying security flaws in a company and addressing them.

Cybersecurity is an important component in ensuring that a company does not have any vulnerability. As a result, Nessus should be implemented by Mercury USA in order to assist uncover frequent security concerns that need immediate action in order for the informational system to function properly. Besides that, the report generated by this instrument is crucial. As a result, it will guarantee that the organization's choices are focused on enhancing security via the proper means [7]. As an added benefit, the application allows security professionals to narrow their attention to vulnerabilities that are commonly overlooked inside an organization. A feasibility study is needed to determine the security requirements of the company before acquiring the instrument.

In conclusion, the tool is critical and provides a company with a variety of scanning advantages. It guarantees that the company is able to recognize its short comings and come up with the perfect solutions to such problems. A key function of this tool is highlighting critical concerns in order to keep the company secure. The Nessus tool offers a variety of qualities that make it a vital tool for vulnerability scanning and finding security concerns that need to be resolved. So, the tool helps in making better judgments on how to address security risks in a business. SMB configurations and best practices were identified by the programme, which was critical in determining the requirement for Microsoft security upgrades and SMB configuration.