1. This question must be answered in your own words. However, when you use the words of others in any answers, you must use quotation marks and attribute the source right there following APA style recommendations. Also be sure to cite references right there using APA style when you paraphrase the words of others.
2. This is an open-book. You may use any resources in addition to the textbook, such as other books, articles, and the Web. The questions require research beyond the text, lecture notes, and conferences.
3. Adequate answers for the entire examination should run approximately 9 double-spaced pages (3 pages per question) with one-inch margins and 12-point font.
4 . Answers will be evaluated on the following criteria: relevance and correctness of content, clarity and logical flow, spelling, grammar, and proper citations/bibliography.
Question 1 This question is on Vulnerability Analysis as discussed in INFA670 Session 4.
The vulnerability analysis, in practical terms, is to find what software and services are running in your enterprise, whether various systems and applications in your enterprise are properly patched, and whether they are configured correctly and, as the name indicates, what vulnerabilities exist in various infrastructure components and applications and the significance of the vulnerabilities discovered.
For this exercise, assume that you are a security officer for a large networked enterprise consisting of thousands of IP addresses (hosts, servers and devices) running thousands of services and applications on those machines.
Discuss in detail one vulnerability analysis tool that is suitable for this (deployment) environment.
Justify to your CTO or CIO why the tool you have selected is appropriate for this environment from the perspectives of: . Mapping: Determining what is running where .
Ability to identify versions and patches (or lack of them) of software.
Vulnerability Analysis (both false positive and false negative aspects should be considered).
Usability.
Performance (Is it taking a whole day to run? Or is it bringing down a system?) .
Cost You may consider one of the tools discussed in the Section 4 Discussion Forum such as SAINT (Security Administrator's Integrated Network Tool), beyondtrust Retina suite of products, and Tenable Network Security Nessus (and their derivatives).
You have the liberty to consider open source or free products such as OpenVAS.
You may also consider products not discussed in the class. (You may decide you need a suite of tools. That is fine too.) State your assumptions/restrictions about the tool clearly.
For example, the tool could not be employed beyond the firewall. Another example is the type of privilege the tool needs to have in order to be successful.