Trusted Computer System Evaluation Criteria for Nessus vs Wireshark - Essay Example

Full Paper Comparing Nessus and Wireshark Wireshark is considered to be at top of the list for network protocol analyzers. Wireshark not only provides vulnerability analysis, as its functionality can be resembled with “tcpdump.” It emphasizes protocols and represents data streams on the GUI. The major advantage that this tool has is the compatibility of operating systems, as it supports OS X, Windows, UNIX and Linux. Moreover, it also extensively supports Voice over IP that is a significant option for the organization, as international and corporate organizations use VoIP for communication purposes to save cost and at the same time deliver quality. Nessus, on the other hand, is used in more than 75,000 organizations around the globe and it is considered to be one of the world’s most popular vulnerability scanner (Ferguson, n.d.). However, the third version, i.e. version 3, has now been converted to a proprietary license as the scanning engine is still free and updates are also available after a week on a release. Hypothetical Scenario When Nessus is incorporated in a large enterprise, most probably, a government organization such as Department of Defense (DOD) networks, it will initiate a port scan and target the defined host or a network. After opening the port, it examines all the services that are running on the system or network and tests all the detected services against vulnerabilities defined in the Nessus vulnerability database (Kim, n.d.). As this tool can develop a testing platform for network resilience, the report generation is very comprehensive that is ideal for large enterprises. As it is an easy remote based vulnerability analysis tool, it can be best suited for large enterprises that are geographically dispersed in more than one continent (Kim, n.d.). Moreover, in an ideal scenario where corporate networks for large organizations contain many client/server architectures, Nessus will detect the clients and the server automatically when connected to the specific network at a specific location (Kim, n.d.). Network security professionals of a large enterprise can customize plugins, as per their requirements, as the tool has its own scripting language for defining methods to test and identify network for vulnerabilities (Kim, n.d.). The tool will penetrate within the corporate network and start scanning anonymous File Transfer Protocol (FTP) and for the client/server architecture, secure socket Layer (SSL) will provide an additional layer of security for report results. However, for false positive detection, a validity check is required on the reports from Nessus displaying vulnerabilities found. This process is time consuming and complex. Moreover, Nessus tool can also crash routers, firewalls, switches or another network resource on the network. For addressing this issue, plug-in must be tested prior to deployment. Yet, prevention of the crash of network resources and devices is not guaranteed. Wireshark, on the other hand, captures live data and evaluate protocols simultaneously on a corporate network, where data streams are big in size. Wireshark provides powerful features for analyzing network traffic coming from remote branches connected on a global scale, as it dissects traffic contents and represents it in a tree shape. For evaluating wireless connectivity, Wireshark possess a Frame Dissector window that represents frame statistics and contents of 802.11 MAC layer. As mentioned earlier, the data streams will be much bigger in size; as corporate organizations have hundreds of branches, Wireshark will narrow down the number of packets from those data streams by applying inclusive and exclusive filters. However, to successfully engage Wireshark for analyzing protocols, user must have protocol knowledge, and a major drawback for Wireshark to be used on an international scale is the absence of packets that are traveling on another subnet, i.e. another network. For a national level organization that is only located within the country, as sales reports from Burger King branches need to be submitted to the head office by the end of the day, Nessus provides transparency of source code to ensure no modification is carried out in the code. As a security engineer at Burger King, personnel can establish customized vulnerability checks and deploy them in the tool. These vulnerability checks are recognized by a large consortium that continues to make new checks. For an organization based at a local scale, budget is not an issue as the tool is free. Wireshark that is specialized in sniffing network issues at the initial level, Burger King can deploy this tool to potentially identify threats and vulnerabilities and resolve them before exploitation. For costs, Wireshark is categorized under General Public Licensing terms and conditions and it concludes less cost comparatively. For small medium enterprises comprising 20 to 30 nodes, both of these tools will be feasible. However, in terms of functionality, Wireshark will be more feasible as it focuses on network sniffing, as compared to Nessus that monitors live traffic. Criteria Creep The common criteria have addressed various problems as compared to other evaluation criteria that have failed to deliver. Although the common criterion is not flawless, as at the initial level, security objectives and protection profiles possess the same weakness similar to the Information Technology Security Evaluation Criteria (ITSEC) (Matt, 2006). The evaluation methodology of Trusted Computer System Evaluation Criteria (TCSEC) has two fundamental issues. The first issue was “criteria creep” or the gradual expansion of necessities that illustrates the evaluation classes for TCSEC (Matt, 2006). The findings of the evaluation highlighted the interpretation of the criteria for applying it to specific products, instead of publishing regular revisions for addressing the interpreted requirements. NCSC decided to construct a process of approvals for interpretations and publishing them in an informal supplement for the TCSEC (Matt, 2006). Likewise, occasionally the interpretations were more precise and focused as compared to the original necessities. As the time passes by, the list of these supplements increased and led to an expansion for the scope of individual criteria for TCSEC along with its interpretations. Consequently, a class C2 operating system is required for coping all the new requirements compared to a system that was evaluated previously (Matt, 2006). For evaluating new products under evaluation, new products will be put in an extra burden along with dissimilarity between baseline security enforcement for all C2 operating systems (Matt, 2006). However, there were many issues that were highlighted with associated dissimilarities, as it covered problems that need to be addressed by the security community and, hence, making more improved security products. Moreover, the second issue is associated with the time of the evaluation process as it consumed a lot of time (Matt, 2006). Likewise, the contributors of this issue are three factors. One of them is associated with the vendors as they misjudged the complexity of the evaluation and the vital collaboration with the evaluation teams. The procedures associated with evaluation management resulted in misconceptions and scheduling issues. Lastly, the motivation level was never too high to complete the evaluation (Matt, 2006). As a result, usually there were delays in the schedule by the vendors and evaluators (Matt, 2006). Likewise, additional work was imposed on the vendors and, on the other hand, evaluators were allocated to multiple evaluations and consequently, the schedule for a specific evaluation resulted in delays due to another vendor. The process of evaluation was time-consuming, so the product eventually became obsolete prior to the awarded ratings (Matt, 2006). Leading to the end of life for the TCSEC, government approved laboratories on a commercial level for evaluations for a fee. This initiative from the government resulted in a more structured approach that was not time consuming and the evaluation completion process took almost a year. References Ferguson, B. (n.d.). CompTIA network+ review guide: Exam: N10-005. Sybex. Kim, C. L. (n.d.). Fundamentals of network security firewalls & VPNs. Jones & Bartlett Publishers. Matt, B. (2006). Introduction to computer security. TBS. Read More