Week 8: Testing…Testing…

Hey everyone! This past week I began testing some networks of my own using Nessus Essentials, a very handy pentesting tool. There are many different parts of it that make my work easier to complete. For example, for every vulnerability found in any tested networks, Nessus provides a very detailed explanation of what those vulnerabilities are, giving me more to work with when analyzing my findings. Nessus also uses the CVSS (Common Vulnerability Scoring System, assesses the severity of computer system security vulnerabilities) to divide each found vulnerability into categories, ranging from Info (no vulnerability, just minor information) to Critical (very severe vulnerability, can be catastrophic if exploited). Nessus can also generate reports after each test gets completed.

As I was saying, I began testing some networks. The results were rather varied for every test that I did. On the one hand, some tests revealed plenty of vulnerabilities ranging from Info to Critical, while others reveal a much smaller amount of vulnerabilities, those tests revealing vulnerabilities ranging from Info to Medium. Analyzing these will help me understand how effective pentesting is depending on the size and type of networks I am working with. For now, though, I am continuing my testing and adding everything that I have discovered to my final paper.