Advanced Research Cyber Security

1358 Words6 Pages
Due to the growth and success of Advanced Research our systems have recently become a target for hacking and cyber-attacks. As an organization we know of several attempts to steal the intellectual property of Advanced Research and sell the stolen properties to direct competitors. Beyond that we are all aware of the 2011 issues involving Advanced Research’s public website, website defacement and Denial of Service (DoS) attacks are common tactics of attackers. Also in today’s cyber climate it is well known that any organization, no matter the size or prestige, with a cyber-presence is vulnerable to attacks and exploits.
The fact is that Advanced Research needs to become proactive in our approach to cyber security. Simply put, the best way to defend our cyber property is to perform comprehensive vulnerability scans across all of our systems. It is my recommendation as the IT Manager that Advanced Research procures and implements the extensive use of Metasploit Framework products to safeguard its systems.
Overview of Metasploit Framework and Metasploit Pro
Metasploit Pro is the commercial version of the Metasploit Framework (MSF). MSF was originally conceived and founded by professional penetration tester HD Moore. Mr. Moore set out to build an open source platform that would provide “a consistent, reliable library of constantly updated exploits and offers a complete development environment for building new tools and automating every aspect of a penetration test”. (David Kennedy, 2011)
MSF, released to the public in 2003, offers basic functionality and uses a command-line for exploits. Because of the command-line structure of the environment, MSF is largely used by developers and researchers. The MSF command-line although useful, i...

... middle of paper ...

...011). Metasploit The Penetration Tester's Guide. San Francisco: No Starch Press.
Department of Homeland Security. (2014, March 7). Federal Information Security Management Act (FISMA). Retrieved from Homeland Security: http://www.dhs.gov/federal-information-security-management-act-fisma
Emmett Dulaney, M. H. (2012). CompTIA Network+, N10-005, Fourth Edition. Indianapolis: Pearson.
Kirsch, C. (2013, July 17). Comparing Editions: Metasploit Framework vs. Metasploit Pro. Retrieved from Metasploit Documents: http://community.rapid7.com/docs/DOC-2281
PCI Security Standards Council. (2014, March 7). PCI SSC Data Security Standards Overview. Retrieved from PCI Security Standards: https://www.pcisecuritystandards.org/security_standards/
Rapid 7. (2014, March 7). The Attacker's Playbook/metasploit. Retrieved from Metasploit Overview: http://www.rapid7.com/products/metasploit/

More about Advanced Research Cyber Security

Open Document