Course Recap

Quincey Jackson

CSOL-570-03-SP23: Network Visual/Vulnerability

Dr. McCready

February 27, 2023

Trade Studies

First Trade Study

For the first trade study conducted, my task was to select the best network visualization

tool. A 5-point Likert scale was used to determine which network visualization tool was most

useful. The best network visualization tool would be decided based on factors such as: having

real-time results from a reliable data monitoring system, being able to understand those results

with basic and advanced visualization reports, user-friendliness, and the cost of implementing the

new resource within the organization.The rating scale can be seen in Table 1 while the selection

criteria is listed in Table 2. It is important to point out that my 5-point Likert scale was flawed for

this first trade study conducted.

Table 1: Flawed Likert scale used to select between two candidates.

 Table 2: Rating scale that was used to analyze the two network visualization programs.

For Prometheus with Grafana the overall user experience was a positive one. One of the

best features of Prometheus with Grafana is the clean Grafana web interface that allows the user

to export Prometheus data to a graph, table or a more detailed visual aid. In regards to ease of

use, there was some confusion when it was time to sync Prometheus with Grafana. The two have

to be installed separately which caused some confusion and a delay. Additionally, the Grafana

Agent that is responsible for storing data to the cloud was very tricky to install. The cost to

download both services was free but for large Enterprises with 250 or more employees, there will

be a need to pay extra for cloud storage! All in all, Prometheus with Grafana was a very strong

candidate but would have been stronger if they were one complete package with less installation

troubles.

After the installation and configuration of Nagios, I was able to access the Nagios web

interface where reports, charts, graphs and other tools could be created with ease. The interface

was not as advanced as Grafana in terms of cosmetics, but graphs and logs were much easier to

create in Nagios Core than in Grafana. The Nagios Core program is a simple and powerful

interface. I experienced several installation errors and I had to install an entirely new virtual

machine in order to gain access to the two Network Visualization systems. While a lot of the
errors encountered were due to human error, it is important to point out that as a beginner, it was

much easier to work with Nagios Core than it was to work with Prometheus with Grafana.

Additionally,

Nagios was capable of creating visualizations for the data recovered from the network.

Lastly, the cost to implement Nagios in an organization that accommodates under 200 employees

was very competitive and reasonable. All in all, Nagios met the selection criteria.

Second Trade Study

For the second trade study conducted, the task was to select the best Network

Vulnerability Scanning tool for a small business with under 50 employees. The purpose of a

vulnerability scan is to identify weaknesses in computers, networks, or other targets that threat

actors may try to exploit and attack. An effective vulnerability scanning tool will not only inform

cyber professionals of their security posture but will also allow them to analyze the effectiveness

of their security measures. With the information gathered from the scanning tool, a network

administrator can improve a network's security posture through remediation.

Nessus Essentials and Openvas Greenbone Security Assistant were compared. Nessus

Essentials is the free version of Nessus Professional; a remote vulnerability scanning tool that

thoroughly scans a computer and alerts computer administrators of any vulnerabilities that threat

actors may use to exploit and attack the computer. Openvas Greenbone Security Assistant or

Openvas is a very similar vulnerability scanning tool with some of the same capabilities as

Nessus Essentials. The main factors in selecting a reliable vulnerability scanning tool to monitor

an organization's network were ease of use, cost of implementation, scan frequency, and

reporting capabilities. A 5-point Likert scale was used to determine which of the two

applications were best for a small business. The Likert scale can be seen in Table 3 while the
selection criteria are listed in Table 4. The vulnerability scanners being considered were given a

final score based on the selection criteria of 1-5 (1=low; 5=high).

Table 3: Rating scale that was used to analyze vulnerability scanning programs.

Table 4: Rating scale that was used to analyze vulnerability scanning programs.

Results

In terms of ease of use, Nessus’ newer interface made it much easier to navigate through

the application than with Openvas. For ease of use, Nessus was given a score of five and
Openvas was given a score of four due to the outdated web interface. In terms of cost, Openvas

was slightly better since a free version was offered and was given a five while Nessus was given

a four. It is almost important to point out that Nessus Essentials did not get the edge over

Openvas since there were key features missing in the free version. For scanning, Nessus was the

winner with five because of the open interface that allows users to carefully decide on what scan

to select for their system. Openvas received a four although there is a scan wizard that walks

users through the process. The outdated version of Openvas in comparison to Nessus essentials

was the leading factor in the rating for scanning. Lastly, in terms of reporting, Nessus Essentials

was given a five due to its straightforward exporting capabilities along with the visual aids that

are available with Nessus reports. Openvas was given a four, again due to an outdated dashboard

that is not as clear as the Nessus dashboard options. Figure one shows the ratings and final scores

for both tools that were tested.

Figure 1: Final Likert scale for Nessus vs Greenbone.

Virtualized Test Lab Architecture

After failing to download the necessary virtual machines through the VirtualBox, I

decided to try another route. I purchased an application called Parallels. This application allows

Apple computers to run multiple virtual machines at once.Virtual Lab was outdated and was

more confusing to work with than Parallels Pro.

Kali Linux Installation

After installing Parallels, I was able to begin adding virtual machines. I installed Kali

Linux to the Parallels machine. This install took some time but it completed the full install.

Please see figures two and three for reference.

Figure 2: Successful installation.

 Figure 3: Kali Linux fully installed.

Installing Metasploitable 2

The second step was to use the link provided to install Metasploitable 2 to Parallels!

When attempting to create a new Virtual Machine in Parallels, the file is installed using the

Metasploitable 2.vmx file. After about 10 minutes, Metasploitable 2 was fully installed!

Configuring DHCP for Virtual Machines

 The last step was to reconfigure the DHCP for Parallels. I created a pool of 20 IPv4

addresses in the Parallels desktop. It is important to point out that settings were adjusted so that

the networks were Host-Only networks and I lost all connection to the web browser in each

virtual machine installed.

Figure 4: Configuring a DHCP for Parallels Desktop

Network Diagram of Added Virtual Machines

A network diagram was created to display the new Virtual Lab environment created. It is

important to point out that there were other Virtual Machines added to Parallels. The two that

were used the most were Kali Linux and Metasploitable 2.

Security Toolkit

Throughout the course, there were many tasks that required special applications. A table

has been added below to describe each security tool that was used.

Application Name Description Ease of Use Where to Find

Nagios Core Nagios Core is a Easy Kali Linux; Ubuntu

network visualization VM
tool that creates
graphs and
visualizations of
network traffic.

Wireshark Wireshark is very Medium Kali Linux VM

helpful with
understanding the
network traffic that a
server experiences.
Nessus Essentials A remote Medium Kali Linux VM
vulnerability
scanning tool that
thoroughly scans a
computer and alerts
computer
administrators of any
vulnerabilities that
threat actors may use
to exploit and attack
the computer.

Metasploit Metasploit Easy Kali Linux VM

Framework framework has tools
that you can use to
test security
vulnerabilities,
enumerate networks,
execute attacks, and
evade detection. A
powerful tool that can
be used to exploit
vulnerabilities in a
program.

Kismet Kismet is an Easy Mac OSX

open-source 802.11
layer 2 wireless
network and device
detector that aids
cyber security
professionals with
wifi signal
intelligence. From
knowing exactly
when and how
someone is
connecting to the
internet, to knowing
the exact manufacture
of the equipment
being
used to access the
web.
Surveillance and Reconnaissance Processes

Terminal Commands

Command Description Command

Determine the operating system on a /etc/os-release

computer or network!

Determine the IP address of a computer or ip a

network. ifconfig

Determine the ports that are open on a nmap IP Address

computer.

Find the IP address of a website last visited. ping IP Address

How to perform a Brute Force attack on the auxiliary (scanner/telnet/telnet_login) >run

open Telnet port in Metasploitable 2.

Lessons Learned and Final Thoughts

Every lab was very useful for my cybersecurity professional skills. Starting in week one,

I had to navigate through installation errors and several different troubleshooting techniques to

be able to finally find success with Parallels Pro. In module two, I was able to perform a trade

study on two very interesting network visualization tools. I learned how to read graphs generated

by the programs. The trade study allowed me to experiment with graphs and understand the

vulnerabilities that were found in my virtual lab. Module three allowed me to understand the

security processes that take place when websites are visited. I was able to understand the
handshake process and encryption methods of secure sites from financial institutions and other

secure websites.

Module four allowed me to use two vulnerability scanners to test my network. The

Nessus vulnerability scanner scanned the virtual lab and generated a detailed report that

explained each vulnerability and gave them a severity score. Module five taught me how to

exploit those vulnerabilities with several different methods. I used the brute force method to

exploit the very vulnerable Metasploitable 2 network. Module six was very interesting as well. I

was able to eavesdrop on the over 80 SSIDs and had information on nearly 800 devices within

range of my network monitor. Module six also brought light to the different types of attacks that

can take place when a person’s network information is known. From Mac address spoofing to

packet spoofing, I learned what a hacker could do with network information.

 References

Asrodia, P., & Sharma, V. (2013). Network monitoring and analysis by packet sniffing method.

International Journal of Engineering Trends and Technology (IJETT), 4(5), 2133-2135.

Joshi, A., Kale, S., Chandel, S., & Pal, D. K. (2015). Likert scale: Explored and explained.

British journal of applied science & technology, 7(4), 396.

Marquez, C. J. (2010). An analysis of the ids penetration tool: Metasploit. The InfoSec

Writers Text Library, Dec, 9.