Improving internal vulnerability scanning and optimal positioning of the vulnerability scanner in the internal network

Abstract

The art of vulnerability scanning is an integral part of any organization's internal network security, and it cannot be underestimated. It is vital to use a dependable vulnerability scanner and carefully select the most appropriate one for the task. This thesis seeks to gain a profound understanding of Sanoma Media's internal network and subsequently enhance its vulnerability scanning capabilities by first comprehending the different Tenable products. After acquiring a firm understanding of the various products, the Nessus Scanner was chosen based on Sanoma's business requirements. With the scanner in hand, the optimal location for it had to be carefully determined. To achieve this, several scenarios were developed, and a combination of factors from the business, technical, and financial perspectives were used to select the most effective scenario for implementation within the internal network. The implementation of the selected scenario involved meticulous setup of the scanner, from both a hardware and software perspective. This thesis also presents an analysis of the Host Discovery Scan and Basic Network Scan results, alongside a security analysis of the Basic Network Scan. Furthermore, it offers a detailed explanation of the selected scenario, including the parameters that were carefully determined before the implementation process commenced. Finally, the thesis outlines future work that needs to be undertaken, including the challenges that were encountered during the practical portion of the study.