Wednesday, October 5, 2011

VA-Scanner vulnerability assessment (VA)

  • nmap

Nmap Free Security Scanner For Network Exploration & Hacking

http://nmap.org/

  • Closed Port: If you send a SYN to a closed port, it will respond back with a RST.
Filtered Port: Presumably, the host is behind some sort of firewall. Here, the packet is simply dropped and you receive no response (not even a RST).
Open Port: If you send a SYN to an open port, you would expect to receive SYN/ACK.

http://www.madhur.co.in/blog/2011/09/18/filteredclosed.html

  • The six port states recognized by Nmap

open
An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network


closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable.Administrators may want to consider blocking such ports with a firewall

filtered
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically

https://nmap.org/book/man-port-scanning-basics.html
  • Metasploit integrates with Nexpose to verify vulnerabilities
https://www.metasploit.com/
  • Microsoft Baseline Security Analyzer 2.3
The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations.,
https://docs.microsoft.com/en-us/windows/security/threat-protection/mbsa-removal-and-guidance


  • Nessus is the most trusted vulnerability scanning platform for auditors and security analysts. Users can schedule scans across multiple scanners, use wizards to easily and quickly create policies, schedule scans and send results via email.
http://www.tenable.com/products/nessus/select-your-operating-system#tos 


  • Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux/Unix-based systems.

https://cisofy.com/lynis/

Unified Communications Systems

  • Microsoft Lync
Microsoft Lync Server (previously Microsoft Office Communications Server) is an enterprise real-time communications server, providing the infrastructure for enterprise instant messaging, presence, file transfer, peer-to-peer and multiparty voice and video calling, ad hoc and structured conferences (audio, video and web) and, through a 3rd party gateway or SIP trunk, PSTN connectivity.
http://en.wikipedia.org/wiki/Microsoft_Lync_Server
http://lync.microsoft.com/en-us/Pages/default.aspx

Business Intelligence

  • IBM Cognos
Cognos Business Intelligence software to gain a complete perspective of their business and to understand performance and Cognos Financial Performance Management to set targets and allocate the resources to achieve them
http://www-01.ibm.com/software/analytics/cognos/

  • SAP Business Objects
functionality that can streamline your business processes and help you manage your enterprise – so you can focus on sustainable growth.
http://www.sap.com/solutions/sapbusinessobjects/index.epx

  • Oracle Hyperion
In 2007, Oracle acquired Hyperion, a leading provider of performance management software.

After the acquisition, we introduced a new product family called Oracle Business Intelligence Enterprise Edition Plus.This integrated suite includes all of the Oracle and Hyperion reporting and analysis tool
http://www.oracle.com/us/corporate/Acquisitions/hyperion/index.html?origref=http://www.google.com/search?q=oracle+hyperion&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

In 2010, we released Oracle Business Intelligence 11g
http://www.oracle.com/us/corporate/press/143363


  • Oracle Essbase
Oracle Essbase is the industry-leading multi-dimensional online analytical processing (OLAP) server, providing a rich environment for effectively developing custom analytic and enterprise performance management applications
http://www.oracle.com/us/solutions/ent-performance-bi/business-intelligence/essbase/index.html


  • What is business intelligence?
Business intelligence (BI) simplifies information discovery and analysis, making it possible for decision-makers at all levels of an organization to more easily access, understand, analyze, collaborate, and act on information, anytime and anywhere
http://technet.microsoft.com/en-us/library/cc811595%28v=office.12%29.aspx


Business intelligence
Business intelligence (BI) is a set of theories, methodologies, architectures, and technologies that transform raw data into meaningful and useful information for business purposes

Business Intelligence is made up of an increasing number of components

    Multidimensional aggregation and allocation
    Denormalization, tagging and standardization
    Realtime reporting with analytical alert
    Interface with unstructured data source
    Group consolidation, budgeting and rolling forecast
    Statistical inference and probabilistic simulation
    Key performance indicators optimization
    Version control and process management
    Open item management
   
    Common functions of business intelligence technologies are reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining, predictive analytics and prescriptive analytics.
   
    Business intelligence and data warehousing
    Often BI applications use data gathered from a data warehouse or a data mart.
    A data warehouse is a copy of analytical data that facilitates decision support. However, not all data warehouses are used for business intelligence, nor do all business intelligence applications require a data warehouse.
   
http://en.wikipedia.org/wiki/Business_intelligence

  •  Qlikview
The QlikView Business Discovery platform delivers true self-service BI that empowers business users by driving innovative decision-making.
http://www.qlik.com/us/explore/products/qlikview

  • Birst
2-Tier BI and Analytics is a fundamentally new approach to enterprise BI. It leverages Birst’s unique 2-Tier BI and Analytics technology, which automatically unifies and refines all data across your enterprise, whether generated by de-centralized business users or centralized BI teams and systems.
https://www.birst.com/product/