IT SECURITY

Introduction

IT security prevents the access of unauthorized persons or anything to the assets related to any organization such as computers, networks or data. By blocking the access of hackers, it maintains the confidentiality and the integrity of a firm. In this report, a brief description of the security tools provided, that is responsible for providing security to any organization. In this, features of security tools Nmap and Burpsuite discussed. In addition to these, the security tools also check for the intruders. Moreover, it authenticates the users and then grants access to them.

Installation and launch of security tools

Selected security tools are NMap and Burpsuite.

Tool 1: NMap

Pre-requisites

User must have the knowledge of sudo commands

User must be able to launch the command line prompt

Installation of NMap is very easy and straightforward. It just requires a single command [1].

Step 1

The very first step is to check whether NMap installed on the computer or not. If not installed then, by entering the following command, NMap can be installed on Linux.

Step 2

After the installation process is over, one can simply type y. This y will confirm that installation is successful [4]

Step 3

On completion of the installation process, one can check the version of NMap. The command required is –

The example above shows the version is 7.60.

Tool 2: Burp suite

Pre-requisite

The computer must have java installed in it [8].

Step 1

Burp Suite is a java application. Therefore, for running Burp suite, one must install java first. For installing java, one must the terminal and starts typing

Step 2

Now, download Burp Suite, which is suitable for the Linux environment. After downloading the Burp Suite Linux file, open the terminal and start typing there

Step 3

On the successful download of Burp Suite, finally, a setup wizard will appear [9]. There, one must click on the Next button.

Step 4

Click on the Next button.

Step 5

Again, click on the Next button.

Step 6

After that, click on the Finish button. This will help in the final installation of Burp Suite.

Step 7

For running the particular security tool, one must open the terminal and there start typing

Alternatively, can simply search for Burp Suite in the menu window, which is present at the upper left corner of Linux.

Features of security tools

NMap also termed as Network Mapper, is a free and open-source network scanner. It is responsible for discovering the network as well as auditing the security. With the help of packets, it discovers the hosts and services of the computer network.

Features of NMap

OS detection

This is important in order to determine the type of operating system running on the computer. In addition to that, it also identifies the characteristics related to the hardware of any network devices. This is done by using stack fingerprinting of TCP/IP. Nmap transmits a packet sequence of User datagram protocol as well as a Transmission control protocol to the specific host available remotely. It checks each reply practically. If it is unable to identify the type of OS and the conditions, then it provides a URL. This URL is useful in sending the fingerprints if the operating system is known to you. It is possible to detect the operating system if only one open as well as one closed TCP found. On failure, Nmap reattempts five times in order to detect the OS [2].

Discovering the host

This is a very important feature of NMap. NMap offers a variety of techniques for discovering the host. The main goal of this probe is to check which IP is currently active. In addition to it, it also reduces the set of internet protocol ranges into the list of currently active hosts. This is the first step in establishing the network. In the case of the unavailability of host discovery options, this sends Internet Control Message Protocol echo requests. Moreover, host discovery is very essential in scanning the local networks. For security auditing, more discovery probes are recommended. By default, it does the discovery of the host and after that performs scanning of the port.

Port scanning

A port scan is a series of messages in order to break into the computer to learn about computer network services. These services are associated with the port that needed to be scanned. This is mostly used with the network administrators as well as the IT security providers to snac the networks. There are various types of port scanning techniques done by Nmap [6]. They are

UDP scan

Here, NMap sends the User datagram protocol to the targeted host. If it replies, then that means the port is open. If it replies with an error that means the port is closed. Moreover, if the host does reply then that means that the packet blocked by the firewall. This scanning is very slow because it uses ICMP packets.

TCP SYN scan

NMap transfers the synchronized packet to the transmission control protocol port of the identified hosts. If that particular host responds with the synchronized- acknowledged packet, then that refers to open port but if a response with an RST packet that refers to a closed port. And if no reply is generated, the port blocked with some firewalls [10].

SCTP cookie ECHO scan

It is a much more advanced SCTP scan. If the port is open, the COOKIE ECHO chunks are dropped silently. ABORT message is sent if the port is closed. The main drawback of this scan is that it cannot differentiate between the open as well as the filtered ports.

Version Detection

This feature is mainly responsible for discovering the unauthorized as well as outdated applications. Version detection is important in order to determine the server. It generally interrogates the TCP or UDP port about the running services. NMap tries to determine the protocols related to the service as well as the name of the application and the version number [3].

Features of Burp Suite

Burp Suite is a tool, which is designed to test the security of application related to web.

Encoding-decoding

For encoding and decoding the data, Burp Suite uses a special type of decoder. The data are encoded in multiple formats. In addition to it, this also creates the digests related to the message.

Analysis of data randomness

In order to predict the data related to the application, a Burp sequencer needed. This allows collection as well as analysis of data effectively and easily. The tool is not always reliable and authentic.

Automation of attacks

Burp Scanner is a useful tool in checking the threats. This is a time-consuming task and hence requires supervision. Thus, Burp Intruder developed speeding the process by imposing attacks. This takes up the hypertext transfer protocol requests and as a result modifies the requests in a systematic way [9].

Differentiating site maps

The feature allows creating the difference between the two sites and reflects the main differences. This tool is available in both free as well as the professional version of the tool. For comparing the sites, burp checks each request of the first site and then matches the second site.

Critical analysis of each tool

Tool 1 NMap

Ease of use

Nmap offers a huge range of well-developed features for its users. Those who do not want to use Nmap from the sources, then the binaries also be used. Command-line, as well as the Graphical user interface, is also available for choosing the preference. In short, one can say that it is easy to use [2].

Performance

Nmap is very much effective in scanning the huge networks of machines. It can be used in any operating system efficiently. It is very fast in finding what is running on the network. Nmap uses the concept of algorithms and parallelism for fast scanning of the network.

Scalability

Version scanning in the case of Nmap is very straightforward and easy. This makes it fast, accurate and scalable. This is able to handle multiple targeted hosts at a time.

Availability

Nmap is free of cost and open source. It can be downloaded from any site. It can run on any platform like Windows or Linux. This has a positive impact on the budget of any organization.

Reporting and analytics

An organization can utilize this tool in finding the threats and vulnerabilities occurring in the network. In addition to it, this can also identify the servers, which are responsible for generating the security to the network. In addition to it, by using this tool, an organization can also provide security to the device. This can be achieved by identifying the networks.

Tool 2 Burp Suite

Ease of use

This tool is user-friendly. It is very easy to do testing of web applications. Anyone can start using the basic features of Burp Suite. Some advanced features require extra learning. Moreover, this tool is intuitive in nature [3].

Performance

The recent version of Burp Suite is creating problem in terms of performance. It is consuming a lot of memory. On completion of the scanning procedure, the usage of the central processing unit drops back to normal. Interceptions related to the proxy are also disabled in the newer version.

Scalability

In order to distribute the works and grow according to the organization’s needs, it helps the firm to use a scalable group of agents. Moreover, this tool also scheduled scans and as a result, makes a reply.

Availability

This is free of charge. One can download it easily from the Burp Suite community edition. There are many features included in it. Few features costs charge and require membership. Apart from this, one can also upgrade it anytime easily.

Reporting and analytics

Burp Suite is a famous tool, which is responsible in testing related to the security of the applications developed with the help of websites. An organization can use the Burp proxy to intercept the congestion between the targeted hosts and the browser [6]. Apart from this Burp spider can also be used to check the parameters and lists of URL for the given sites. It is also used to check the errors and crashes occurred in the network. Moreover, a firm can also use this tool to identify the intruders affecting and distorting the network of that firm.

Conclusion

In the modern era, cyber-attacks are more prominent to the society. In order to reduce these cyber attacks, there are many security tools developed. From the above study, a brief knowledge about the security tools are gained. Security tools are not required for providing security to the network but also for many more things. In order to conclude, one can say that these are also responsible for providing device management. These also provide access to the assets related to the network. In addition to that it is also responsible for improving the firewalls.

References

[1] Mata, Nicholas, Nicole Beebe, and Kim-Kwang Raymond Choo. “Are Your Neighbors Swingers or Kinksters? Feeld App Forensic Analysis.” In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 1433-1439. IEEE, 2018. Available at: https://ieeexplore.ieee.org/abstract/document/8456068/

[2] Shah, M., Ahmed, S., Saeed, K., Junaid, M. and Khan, H., 2019, January. “ Penetration Testing Active Reconnaissance Phase–Optimized Port Scanning With Nmap Tool.” In 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET) (pp. 1-6). IEEE. Available at: https://www.researchgate.net/profile/Hamayun_Khan21/publication/332106262_Penetration_Testing_Active_Reconnaissance_Phase_-Optimized_Port_Scanning_With_Nmap_Tool/links/5cd27e5f299bf14d957e896d/Penetration-Testing-Active-Reconnaissance-Phase-Optimized-Port-Scanning-With-Nmap-Tool.pdf

[3] Varga, P., Plosz, S., Soos, G. and Hegedus, C., 2017, May. “ Security threats and issues in automation IoT.” In 2017 IEEE 13th International Workshop on Factory Communication Systems (WFCS) (pp. 1-6). IEEE. Available at: https://www.researchgate.net/profile/Pal_Varga/publication/317003655_Security_Threats_and_Issues_in_Automation_IoT/links/59f059190f7e9beabfc673bb/Security-Threats-and-Issues-in-Automation-IoT.pdf

[4] Subahi, A. and Theodorakopoulos, G., 2018, August. “ Ensuring compliance of IoT devices with their Privacy Policy Agreement.” In 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud) (pp. 100-107). IEEE. Available at: https://ieeexplore.ieee.org/abstract/document/8457999/

[5] Sanz, I.J., Lopez, M.A., Mattos, D.M.F. and Duarte, O.C.M.B., 2017, October. “ A Cooperation-Aware virtual network function for proactive detection of distributed port scanning.” In 2017 1st Cyber Security in Networking Conference (CSNet) (pp. 1-8). IEEE. Available at: http://www.gta.ufrj.br/ftp/gta/TechReports/SAMD17.pdf

[6] Zhou, W., Jia, Y., Peng, A., Zhang, Y. and Liu, P., 2018. “ The effect of iot new features on security and privacy: New threats, existing solutions, and challenges yet to be solved.” IEEE Internet of Things Journal, 6(2), pp.1606-1616. Available at: https://arxiv.org/pdf/1802.03110

[7] Taylor, C.R., Shue, C.A. and Najd, M.E., 2016, May. “ Whole home proxies: Bringing enterprise-grade security to residential networks.” In 2016 IEEE International conference on communications (ICC) (pp. 1-6). IEEE. Available at: https://par.nsf.gov/servlets/purl/10055771

[8] Puthal, D., Malik, N., Mohanty, S.P., Kougianos, E. and Yang, C., 2018. “ The blockchain as a decentralized security framework [future directions].” IEEE Consumer Electronics Magazine, 7(2), pp.18-21. Available at: http://www.smohanty.org/Publications_Journals/2018/Mohanty_IEEE-CEM_2018-Mar_The-Blockchain.pdf

[9] Sandberg, H., Amin, S. and Johansson, K.H., 2015. “ Cyberphysical security in networked control systems: An introduction to the issue.” IEEE Control Systems Magazine, 35(1), pp.20-23. Available at: https://ieeexplore.ieee.org/iel7/5488303/7011167/07011179.pdf

[10] Trappe, W., 2015. “ The challenges facing physical layer security.” IEEE Communications Magazine, 53(6), pp.16-20. Available at: https://www.researchgate.net/profile/W_Trappe/publication/278333755_The_Challenges_Facing_Physical_Layer_Security/links/56c49fd108aea564e304c194.pdf