Degree Name

MS (Master of Science)

Program

Computer and Information Science

Date of Award

5-2005

Committee Chair or Co-Chairs

Qing Yuan

Committee Members

Phillip E. Pfeiffer IV, Steven L. Jenkins

Abstract

This thesis describes challenges encountered during a year-long effort to improve the security of the 3,300 node administrative computer network at East Tennessee State University. The key remediation strategies used included employing the vulnerability scanner Nessus to profile the network, analyzing the scan results, and attempting to remove the most critical vulnerabilities found. The project succeeded in decreasing known “high” criticality vulnerabilities on campus by 26.1%, and confirmed four standard observations about the challenges of network administration:

  • Vulnerability scanning is a lengthy task best performed in parallel and supported by automated data analysis.
  • Securing a network is like trying to hit a moving target, due to an ever-increasing proliferation of networked hosts, services enabled by default install and lists of vulnerabilities to address.
  • Failures of common sense are still among the primary threats to network security.
  • Failing to retain management support for the security hardening process can jeopardize the project.

Document Type

Thesis - Open Access

Copyright

Copyright by the authors.

Share

COinS