Network Security Tools Comparison - Case Study Example

? Network Security Report Network Security Tools Comparison Contents Introduction 3 Aim 3 Objective 3 Overview of Vulnerability scanners 3 Vulnerability scanners 4 GFI LANguard 4 Dragonsoft Vulnerability Manager 5 Discussion of Criteria 7 Comparison of Vulnerability scanners 8 Criteria 1 8 Criteria 2 10 Criteria 3 15 Criteria 4 20 Conclusion 23 After comparatively analysing GFI LANguard and DragonSoft Vulnerability Management (DVM), it is clear that each has its advantages and disadvantages. For instance, GFI Languard is superior while considering criteria 1 and 2. In this case, the superiority comes from the frequent updates on the vulnerabilities database and its easy setup in scan multiple hosts. While considering the third criteria, both tools had the ability to produce clear and high quality reports to enable the user to determine the vulnerabilities differing risk levels easily. Finally, criteria 4 produced separate advantages and disadvantages for each tool. In this regard, GFI LANguard proved to better when remediating vulnerabilities that required downloaded patches. On the other hand, DMV has an upper hand at remediating vulnerabilities that require adjustments to the system. 23 Evaluation 23 Reference 24 Introduction This report’s main rationale of is to create a responsiveness and understanding of a variety of tools essential to protect computer networks against attack. Aim The report aims to analyse comparatively two vulnerability scanners of a similar type. Objective The objectives of the report are: 1. To provide a brief overview of the two vulnerability scanners and their features accompanied by either diagrams or screenshots. 2. To provide a brief discussion of the criteria used to compare the two vulnerability scanners. 3. To provide a comparison of the two vulnerability scanners using the criteria discussed. 4. To provide a conclusion that summarises the relative strengths and weaknesses of the two vulnerability scanners. Overview of Vulnerability scanners The primary function of vulnerability scanners is to perform vulnerability assessment. In this regard, this helps to define, classify and categorize the vulnerabilities (security holes) of a computer, server, network or communications infrastructure. In performing their roles, these vulnerability scanners depend upon databases, which store essential information necessary to analyse vulnerabilities in a system (SearchToolQuality.com, 2006) Scanning vulnerabilities is crucial in securing a system or a network. In addition, it can identify weaknesses in the system or network that a potential attacker can use and effectively prepares the system or network against such attackers. For that reason, the fundamental objective of utilizing a vulnerability scanner is to discover recognized vulnerabilities and eradicate them prior to an attacker using them against the system or network (Bradley, 2004). According to SearchToolQuality.com (2006), an ideal vulnerability scanner should have the following capabilities: 1. Unfailing and an up-to-date database of vulnerabilities 2. Effective detection of definite vulnerabilities devoid of numerous erroneous positives 3. Ability to carry out compound scans simultaneously 4. Ability to execute trend analyses and present a comprehensible report of the results 5. Propose methods of getting rid of the exposed vulnerabilities In addition, Zorz (2011) pointed out the following significant factors to consider while deciding on the best vulnerability scanner for a precise need, which correspond with SearchToolQuality.com’s (2006) capabilities: Scalability – This implies that a tool should be able to cope with high workload when used by large or distributed networks. In effect, this corresponds with the third capability from SearchToolQuality.com (2006). Results accuracy – Since analysing, prioritising and remediating the security issues can be time consuming, it is essential to secure the network within the shortest timeframe. However, it is important to point out that some factors such as duplication or high false, a low detention rate, and definitions of vulnerabilities that are not up-to-date may inhibit the procedure of securing the network. In essence, this capability corresponds to the first and second capabilities from SearchToolQuality.com (2006). Remediation options – While a number of tools focus on the discovery of vulnerabilities and producing reports aimed at rectifying the vulnerabilities, other tools go further and provide an option of deploying the repairs to these vulnerabilities. This capability is similar to the fifth capability in SearchToolQuality.com (2006). Usability and reporting – A well-structures presentation of security status results, which is easy to follow, implies that user easily comprehends the security condition within the network. In effect, this capability corresponds with the fourth capability from SearchToolQuality.com (2006). Vulnerability scanners For the purposes of the comparative analysis, this report uses the GFI LANguard 9 and DragonSoft Vulnerability Manager Vulnerability scanners. GFI LANguard In recent times, GFI LANguard has increasingly become a forceful vulnerability scanning and remediation tool. The key features of this tool allow the user to initiate scans quickly, analyse reports of the scan, and deploy suggested remediation to vulnerable machines on the network all by the use of a single application (Stephenson, 2011a). The GFI LANguard tool installation process is quick and easy and contains quick, full, and custom scan options, provided through a well-organized and easy to use interface. In addition, the tool can be quite configurable with immense easy to change options available (Stephenson, 2011a). According to GFI Tool (2011), GFI LANguard performs the responsibility of a virtual consultant by presenting the user with an absolute description of the system or network set-up, providing risk analysis and helps the user maintain a secure network in a speedy and more effective manner. Figure 1 – Screenshot of GFI LANguard at start-up Dragonsoft Vulnerability Manager On the other hand, DragonSoft Vulnerability Manager is a simple tool that provides network scanning, vulnerability evaluation, centralized risk assessment, reports, and remediation. The simplicity of this tool allows users to carry out a number of different types of scans, which is due to the uncomplicated management interface that enables searching and locating vulnerabilities all through a system or network (Stephenson, 2011b). The simplicity nature of the tool extends to its straightforwardness in installation and navigation. Besides, the pre-configuration of the tool with a variety of policy templates allows users to carryout in-depth scanning immediately the installation is complete. Nevertheless, there is a possibility of configuring the policies to meet the specific requirements of a user (Stephenson, 2011b). According to Dragonsoft (2009), DragonSoft Vulnerability Management (DVM) is an optimal network solution to meet the management needs for securing vulnerability in medium to large businesses. In effect, the Security Scanner and Vulnerability Risk Management are the two basic features of the tool. To enable the user act quickly against potential threats in a network, the tools basic features have an effective network vulnerability probing capability and a central management platform. Figure 2 – Screenshot of DragonSoft Vulnerability Manager at start-up Discussion of Criteria The following set of criteria will form the basis of comparing the two tools as derived from the research findings in SearchToolQuality.com (2006) and Zorz (2011): Criteria 1: The tools reliability and accuracy depend upon its database for vulnerabilities since vulnerability scanners rely on the accuracy of the database to detect known vulnerabilities. Thus, failure to regularly update the database or there are errors in the database, or even on the updates, profoundly affects the efficiency of the tools. Criteria 2: The tools should be able to conduct multiple scans concurrently. In effect, a tool that scans one scans one system at a time will be more time consuming for the user. Criteria 3: The tools should be able to perform trend analyses and provide a clear report of the results. In effect, users will undoubtedly identify the disparate risk levels of certain vulnerabilities. Consequently, the user acts on the advanced risk vulnerabilities before attending to minor risk vulnerabilities. Criteria 4: The tools should provide methods of getting rid of the exposed vulnerabilities. This process allows easy and quick elimination of the vulnerabilities in the system or network by the user. However, the system or network may face an extended period of risk if the information of eliminating requires the user to have extra knowledge. Comparison of Vulnerability scanners Criteria 1 Figure 3 – Update feature for GFI Languard The screenshot above shows that GFI LANguard can easily update the tool for newer builds and more new database of vulnerabilities. In this case, the screenshot indicates that updates can be on a daily basis if so required. In effect, this feature is an essential one since new vulnerabilities require immediate repair. Thus, the failure to update the database regularly makes the tool fail to the new vulnerabilities. Figure 4 – Vulnerability database update news from Dragonsoft website On the other hand, the trial version of DragonSoft Vulnerability Management (DVM) cannot update like GFI LANguard. However, frequently updating DVM is crucial to enable the tool identify new vulnerabilities as depicted in Figure 4 above. Nevertheless, whereas updating of GFI LANguard occurs on a daily basis, DVM carrying out of updates on DVM is on a weekly basis. In effect, the daily updates enhance efficiency in GFI LANguard in the elimination and discovery of new vulnerabilities. Criteria 2 Figure 5 – Computer profiles for storing different computers logon details Figure 6 – Selecting target type to scan for vulnerabilities Figure 7 – Summary of scan results The screenshot in figure 5 above shows that GFI LANguard can allow the user to save the logon details of each computer. In this case, the tool can validate the administrative privileges of the remote host in scanning the corresponding system for vulnerabilities. In figure 6, the screenshot shows the functionality of the tool to allow diverse categories of target scanning ranging from a single computer to all computers within the same domain. On the other hand, the screenshot in figure 7 shows the summary of the results after the successful scanning of two computers by the tool. However, it is not easy to commence the scan of other computers on the network successfully. In this case, it is important to provide the login details for the computer first, as shown in figure 5. However, it is important to setup the other computer first in order for it to accept the login details from the remote host. In effect, it also grants the computer administrative rights. It is important to point out that the built-in user manual in the tool comes with the knowledge and procedures necessary for the setup. Figure 8 – Adding target computer(s) to scan Figure 9 – Local host’s information and vulnerabilities (computer with the tool installed) Figure 10 – Remote host’s information and vulnerabilities Figure 11 – User Manual of DragonSoft Vulnerability Management (DVM) DVM allows users to scan individual host or a range of hosts as shown in the screenshot in figure 8. Therefore, just like GFI LANguard, the tool can scan multiple hosts. On the other hand, the screenshot shown in figure 9 demonstrates the ability of the tool to discover the information and vulnerabilities of the local host with ease. While performing this role, the tool does not require login details. However, figure 10 shows the inability of the tool to scan information and vulnerabilities from the remote host properly without the login details. Figure 11 shows the user’s manual explanation for the need of administrative privileges in order to run proper audits on the windows systems. This process is similar to the GFI LANguard’s although it does not provide the knowledge on how to setup or provide the login detail of the remote host. In addition, there are no settings found within the tool. In effect, this implies that it is easier to scan a multiple of hosts while using the GFI LANguard than the DVM. In this regard, the GFI LANguard provides every required detail important for setting up the tool properly while the setup for DVM appears too intricate. Criteria 3 Figure – GFI Languard network vulnerability summary report (1) Figure 13 – GFI Languard network vulnerability summary report (2) Figure 14 – GFI Languard network vulnerability summary report for printing The screenshots in figure 12 and 13 show the ability of GFI LANguard to provide a clear report for the results after the computers’ scanning process. In this case, there is a lucid depiction of the results obtained after scanning the computers with the different levels of vulnerability clearly shown. In addition, charts and diagrams help in clearly showing the amount of vulnerability in each system scanned. On the other hand, figure 13 also shows a list of the 10 topmost vulnerabilities in order for a quick remediation of these high vulnerabilities. Finally, figure 14 shows the capability of the tool to generate printable versions of the report essential to showing another individual involved in the process of remediating the vulnerabilities. Figure15 – DVM network vulnerability summary report (1) Figure 16– DVM network vulnerability summary report (2) Figure 17 – DVM network vulnerability summary report (3) The screenshots in figures 15, 16, and 18 indicate the ability of the DragonSoft Vulnerability Management (DVM) to generate xml reports. These reports manifestly demonstrate a synopsis of the vulnerability status of the system. In this case, diagrams and charts provide a list of top 10 vulnerabilities for the user. In addition, another produced list details the remediation of each of the identified vulnerability. In conclusion, the design of the DVM and the GFI LANguard is to create clear reports for the user to comprehend the vulnerability status of the systems. Criteria 4 Figure 18 – GFI Languard Patch Management (1) Figure 19 – GFI Languard Patch Management (2) Figure 20 – GFI Languard scan results details Figure 18 and 19 are screenshots that show the ability of the GFI LNAguard to download and deploy patches to the targeted systems and remediate the vulnerabilities easily. In this regard, this feature is beneficial since it enables the users patch the system quickly without the manually downloading and installation of each patch. However, figure 20 shows the user of the available vulnerabilities without providing the essential information and knowledge to remediate the vulnerability. In this case, this implies that it is not easy to remediate vulnerabilities that only simply require an adjustment. Figure 21 – DVM Links for downloading patches for the vulnerabilities Figure 22 – DVM Step-by-Step Solution for solving the vulnerabilities The screenshots in figure 21 and 22 shows the ability of DVM to present simple and clear instructions necessary for eliminating vulnerabilities in the system. Case in point, there is a systematic solution provided for vulnerabilities that require adjustments. In addition, there are links provided to download patches required to remediate vulnerabilities. Therefore, each of these tools has its advantages and disadvantages on remediating different types of vulnerabilities. However, GFI LANguard is better at remediating vulnerabilities that require a downloaded patch while the DVM is better for remediating vulnerabilities that only requires adjustments to the system. Conclusion After comparatively analysing GFI LANguard and DragonSoft Vulnerability Management (DVM), it is clear that each has its advantages and disadvantages. For instance, GFI Languard is superior while considering criteria 1 and 2. In this case, the superiority comes from the frequent updates on the vulnerabilities database and its easy setup in scan multiple hosts. While considering the third criteria, both tools had the ability to produce clear and high quality reports to enable the user to determine the vulnerabilities differing risk levels easily. Finally, criteria 4 produced separate advantages and disadvantages for each tool. In this regard, GFI LANguard proved to better when remediating vulnerabilities that required downloaded patches. On the other hand, DMV has an upper hand at remediating vulnerabilities that require adjustments to the system. Evaluation From this report, I have found out the importance of using vulnerability-scanning tools that are necessary for dealing with vulnerabilities. In addition, the report has enabled me identify the importance of regularly updating my systems in order to enable the system remediate new vulnerability. In effect, this will ensure that the systems and network are at a lower risk of attacks. Reference Bradley, T. 2004. Introduction to Vulnerability Scanning. Available at: http://netsecurity.about.com/cs/hackertools/a/aa030404.htm. [Accessed 16th Apr 2011]. DragonSoft. 2009. DragonSoft Vulnerability Management. Available at: http://www.dragonsoft.com/product/engDVM_01.php. [Accessed 19th Apr 2011]. GFI Tool. 2011. GFI LANguard. Available at: http://www.gfi.com/lannetscan. [Accessed 16th Apr 2011]. SearchSoftwareQuality.com. 2006. Vulnerability scanner. Available at: http://searchsoftwarequality.techtarget.com/definition/vulnerability-scanner. [Accessed 21st Apr 2011]. Stephenson, P. 2011a. GFI LANguard. Available at: http://www.scmagazineus.com/gfi-languard/review/3406/. [Accessed 16th Apr 2011]. Stephenson, P. 2011b. Cyberim Limited DragonSoft Vulnerability Management. Available at: http://www.scmagazineus.com/cyberim-limited-dragonsoft-vulnerability--management/review/3404/. [Accessed 19th Apr 2011]. Zorz, M. 2011. Vulnerability scanning and research. Available at: http://www.net-security.org/article.php?id=1568&p=1. [Accessed 21st Apr 2011]. Read More