Network Visualization and Vulnerability Detection
Introduction to Network Visualization and Vulnerability Detection
The Network Visualization and Vulnerability Detection class was intensely practical and applicable in its scope and content. Part of the reason for this is that networking and vulnerabilities exploited over the network are so ubiquitous in cybersecurity. A computer sitting in a secure facility without any network connection becomes a much more difficult target for an attacker. However, that computer is of little use in most situations except for limited applications for industrial and systems control. Instead, most computers require an always-on connection, and this is where cyber adversaries target systems. In this class, students were challenged to create a full virtualized lab environment to simulate attacks and scan for vulnerabilities. In addition, trade-off studies were performed on popular network visualization and vulnerability scanning systems to identify key decision points that should be factored into a solution purchasing decision. Two of these trade-off studies and the course final project have been included for reference in the ePortfolio below.
Reflection
This course was challenging and also quite practical in that the student practiced real-world network discovery and visualization as well as vulnerability scanning using a virtual lab network. This network was implemented using several virtual machines in either VirtualBox, VMware Fusion, or a similar virtualization tool. As such, a simple network could be observed, and the results of applications and command results could be recorded. Some of the commands that were used in the lab were ping, netstat, nmap, telnet, and SSH. Docker, Paessler Router Traffic Grapher, Wireshark, Rapid7 InsightVM, Metasploit, and Kismet applications were also used, tested, and reported on. The student was challenged to generate lab reports in such a way as another investigator could follow the steps taken and reported in the lab to achieve the same or similar results.
In addition to the lab-oriented assignments, trade studies (also known as trade-off studies) were performed on both network visualization and vulnerability scanning software. In both cases, the student was challenged to select software from one of the popular options in the marketplace, review the solution’s positives and negatives against competitors, and post the results in the form of a paper. I chose the Paessler Router Traffic Grapher (PRTG) and the Rapid7 InsightVM product as the trade study winners in the selected assignments. Each was chosen by a combination of factors including ease of use, feature set, efficacy, deployment model, and price. These assignments were a reminder of the challenges the cybersecurity professional faces when deciding on a solution for an organization. Budgets are always limited to some extent, and vendor marketing may obfuscate the reality of how fully featured or viable the solution would be for the specific customer. In addition, pricing is often closely guarded and held till the end of the buying cycle. One of the traits of the cybersecurity professional is the ability to separate the signal from the noise and lead the procurement of a solution that will satisfy the technical and financial considerations within an organization to achieve the desired cybersecurity outcome and air in providing the desired functionality and controls.
Another interesting consideration that surfaced during this course is the idea that many of the vulnerability scanning tools and packages do simulate a small and hopefully safe portion of the attack against a system in order to scan for its susceptibility. These tools must be used with care and discretion. This is especially the case in sensitive fields such as healthcare with medical devices and manufacturing with industrial control systems. In the case of sensitive systems, vulnerability scanning can adversely impact the system. In life safety applications, this impact is unacceptable. That said, generally speaking, the impact of not being aware of vulnerabilities and mitigating against them at the network level is typically greater, and as such, the cybersecurity professional must have network awareness and vulnerability management as two important tools in their professional toolkit.
The Network Visualization and Vulnerability Detection class was intensely practical and applicable in its scope and content. Part of the reason for this is that networking and vulnerabilities exploited over the network are so ubiquitous in cybersecurity. A computer sitting in a secure facility without any network connection becomes a much more difficult target for an attacker. However, that computer is of little use in most situations except for limited applications for industrial and systems control. Instead, most computers require an always-on connection, and this is where cyber adversaries target systems. In this class, students were challenged to create a full virtualized lab environment to simulate attacks and scan for vulnerabilities. In addition, trade-off studies were performed on popular network visualization and vulnerability scanning systems to identify key decision points that should be factored into a solution purchasing decision. Two of these trade-off studies and the course final project have been included for reference in the ePortfolio below.
Reflection
This course was challenging and also quite practical in that the student practiced real-world network discovery and visualization as well as vulnerability scanning using a virtual lab network. This network was implemented using several virtual machines in either VirtualBox, VMware Fusion, or a similar virtualization tool. As such, a simple network could be observed, and the results of applications and command results could be recorded. Some of the commands that were used in the lab were ping, netstat, nmap, telnet, and SSH. Docker, Paessler Router Traffic Grapher, Wireshark, Rapid7 InsightVM, Metasploit, and Kismet applications were also used, tested, and reported on. The student was challenged to generate lab reports in such a way as another investigator could follow the steps taken and reported in the lab to achieve the same or similar results.
In addition to the lab-oriented assignments, trade studies (also known as trade-off studies) were performed on both network visualization and vulnerability scanning software. In both cases, the student was challenged to select software from one of the popular options in the marketplace, review the solution’s positives and negatives against competitors, and post the results in the form of a paper. I chose the Paessler Router Traffic Grapher (PRTG) and the Rapid7 InsightVM product as the trade study winners in the selected assignments. Each was chosen by a combination of factors including ease of use, feature set, efficacy, deployment model, and price. These assignments were a reminder of the challenges the cybersecurity professional faces when deciding on a solution for an organization. Budgets are always limited to some extent, and vendor marketing may obfuscate the reality of how fully featured or viable the solution would be for the specific customer. In addition, pricing is often closely guarded and held till the end of the buying cycle. One of the traits of the cybersecurity professional is the ability to separate the signal from the noise and lead the procurement of a solution that will satisfy the technical and financial considerations within an organization to achieve the desired cybersecurity outcome and air in providing the desired functionality and controls.
Another interesting consideration that surfaced during this course is the idea that many of the vulnerability scanning tools and packages do simulate a small and hopefully safe portion of the attack against a system in order to scan for its susceptibility. These tools must be used with care and discretion. This is especially the case in sensitive fields such as healthcare with medical devices and manufacturing with industrial control systems. In the case of sensitive systems, vulnerability scanning can adversely impact the system. In life safety applications, this impact is unacceptable. That said, generally speaking, the impact of not being aware of vulnerabilities and mitigating against them at the network level is typically greater, and as such, the cybersecurity professional must have network awareness and vulnerability management as two important tools in their professional toolkit.