Network Security Assignment: Analysis of Phishing and Nessus Scanner

Verified

Added on 2019/11/26

AI Summary

This assignment delves into the realm of network security, addressing two key areas: phishing attacks and the Nessus vulnerability scanner. The first part of the assignment defines phishing as an email scam designed to steal sensitive information, often impersonating reputable sources. It explores various detection methods, including custom DNS services, link checking sites, and browser phishing lists. The second part focuses on Nessus, an open-source network scanner used to identify common vulnerabilities and exposures. The assignment highlights Nessus's modular architecture, comprising a centralized server for scanning and remote clients for administrator interaction. It outlines Nessus's capabilities, such as detecting security holes, missing patches, and simulating attacks, and mentions its compatibility with various operating systems. The assignment provides a comprehensive overview of these critical network security topics, offering insights into their functionalities and significance.

Running head: NETWORK SECURITY
NETWORK SECURITY
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2NETWORK SECURITY
Table of Contents
Question 1..................................................................................................................................3
Question 2..................................................................................................................................4
References..................................................................................................................................5

3NETWORK SECURITY
Question 1
Phishing is considered as an email scam which is designed mainly to retrieve the
sensitive information mainly focusing on the user of the internet. The most popular phishing
emails comes in designed in which it looks like the emails have originated from a reputable
source (Arachchilage, Love & Beznosov, 2016). Phishing scam are not only spread across the
field of email. Most of the activity related to it comes from job seekers face which is done
face to face via human to human interaction. Fake employers may seek to achieve the
information from the job seekers chat or phone, this is mainly done in way of appearing to be
impersonate a company which is legitimate.
There are different ways to detect the Phishing attack which may include:
1. Use of a custom DNS service
In order to access all the sites available over the internet a DNS resolution service is
required. The computer doesn’t know exactly where the site the user wants to access is
located, in such a situation it asks a DNS resolution service or that particular IP address. On
the other hand apart from the above service it can also do the task of a filter which is mainly
done on the content and phishing concerns (Shaikh, Shabut & Hossain, 2016).
2. Using of site to check links
In order to check whether a link is authenticated link or not, this can be achieved by
checking the link in a number of sites. These site can convey the test the link and convey the
message of whether the link contains any malware or phishing activity.
3. Using browsers phishing list
The browsers contains a phishing list. The browser checks the site the user is visiting with
the list to see whether it is a phishing site.

4NETWORK SECURITY
Question 2
Nessus can be considered as an open source network scanner which can be directly
related to the scanning of common vulnerabilities and exposures with relating it to cross
linking factor between compliant tools of security (Arambatzis, Lazaridis & Pouros, 2016). It
can be incorporate into a system in order to detect vulnerable activity over the world of
internet access. Nessus consist of a modular architecture which mainly consist of a
centralized servers that has a role of conducting a scanning operation and remote client that
mainly focus on the administrator interaction. The significant capability which can be
included in the Nessus include:
 Detection of holes in the security in remote and local hosts
 Detection of the security patches and updates that are missing
 Security audit schedule
 Compatibility with servers and computers which can be related to any size.
 Simulated attack on the prospective of vulnerability.
 Contained environment security testing execution (Antrobus et al., 2016).
The Nessus server is available currently for the Linux, UNIX and FreeBSD. The client is
mainly available for the window or UNIX based operating system. The administrator have
the power to include the NASL description of the vulnerable suspects in order to develop a
customized scanning operation.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5NETWORK SECURITY
References
Arachchilage, N. A. G., Love, S., & Beznosov, K. (2016). Phishing threat avoidance
behaviour: An empirical investigation. Computers in Human Behavior, 60, 185-197.
Arambatzis, T., Lazaridis, I., & Pouros, S. (2016, May). Modern Windows Server Operating
Systems Vulnerabilities. In The Third International Conference on Computer Science,
Computer Engineering, and Social Media (CSCESM2016) (p. 29).
Antrobus, R., Frey, S., Green, B., & Rashid, A. (2016, August). Simaticscan: Towards a
specialised vulnerability scanner for industrial control systems. BCS.
Shaikh, A. N., Shabut, A. M., & Hossain, M. A. (2016, December). A literature review on
phishing crime, prevention review and investigation of gaps. In Software, Knowledge,
Information Management & Applications (SKIMA), 2016 10th International
Conference on (pp. 9-15). IEEE.