Due to the growth and success of Advanced Research our systems have recently become a target for hacking and cyber-attacks. As an organization we know of several attempts to steal the intellectual property of Advanced Research and sell the stolen properties to direct competitors. Beyond that we are all aware of the 2011 issues involving Advanced Research’s public website, website defacement and Denial of Service (DoS) attacks are common tactics of attackers. Also in today’s cyber climate it is well known that any organization, no matter the size or prestige, with a cyber-presence is vulnerable to attacks and exploits. The fact is that Advanced Research needs to become proactive in our approach to cyber security.
Simply put, the best way to defend our cyber property is to perform comprehensive vulnerability scans across all of our systems. It is my recommendation as the IT Manager that Advanced Research procures and implements the extensive use of Metasploit Framework products to safeguard its systems.Overview of Metasploit Framework and Metasploit Pro Metasploit Pro is the commercial version of the Metasploit Framework (MSF). MSF was originally conceived and founded by professional penetration tester HD Moore. Mr. Moore set out to build an open source platform that would provide “a consistent, reliable library of constantly updated exploits and offers a complete development environment for building new tools and automating every aspect of a penetration test”.
(David Kennedy, 2011) MSF, released to the public in 2003, offers basic functionality and uses a command-line for exploits. Because of the command-line structure of the environment, MSF is largely used by developers and researchers. The MSF command-line although useful, i. .011). Metasploit The Penetration Tester’s Guide.
San Francisco: No Starch Press.Department of Homeland Security. (2014, March 7). Federal Information Security Management Act (FISMA). Retrieved from Homeland Security: http://www.dhs.
gov/federal-information-security-management-act-fismaEmmett Dulaney, M. H. (2012). CompTIA Network+, N10-005, Fourth Edition. Indianapolis: Pearson.Kirsch, C.
(2013, July 17). Comparing Editions: Metasploit Framework vs. Metasploit Pro. Retrieved from Metasploit Documents: http://community.rapid7.com/docs/DOC-2281PCI Security Standards Council.
(2014, March 7). PCI SSC Data Security Standards Overview. Retrieved from PCI Security Standards: https://www.pcisecuritystandards.org/security_standards/Rapid 7. (2014, March 7).
The Attacker’s Playbook/metasploit. Retrieved from Metasploit Overview: http://www.rapid7.com/products/metasploit/
