Vulnerability assessment using saint
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Vulnerability Assessment Using SAINT PowerPoint PPT Presentation


  • 29 Views
  • Uploaded on
  • Presentation posted in: General

Vulnerability Assessment Using SAINT. Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. [email protected] Outline. The Problem The First Solution The Second Solution Other Uses for SAINT What’s Next Conclusions. The Problem. Large network

Download Presentation

Vulnerability Assessment Using SAINT

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Vulnerability assessment using saint

Vulnerability AssessmentUsing SAINT

Jane Lemmer

Information Security Specialist

World Wide Digital Security, Inc.

[email protected]


Outline

Outline

  • The Problem

  • The First Solution

  • The Second Solution

  • Other Uses for SAINT

  • What’s Next

  • Conclusions


The problem

The Problem

  • Large network

    • 7 Class B subnets, over 20 Class C subnets

  • No central management

  • Some resistance to “outsiders”

  • How do we do a vulnerability assessment?


The first solution

The First Solution

  • The Scanning Tool

  • The Scanning Method

  • Results

  • Problems

  • Lessons Learned


The first solution1

The First Solution

The Scanning Tool

  • Conducted a comparison of several network based vulnerability assessment tools

    • Internet Security Scanner

    • Kane Security Analyst

    • SATAN

    • Nessus, and a few others


The first solution2

The First Solution

The Scanning Tool

  • Chose SATAN, with COAST extensions

    • free

    • fairly easy to use

    • sufficient for providing a first look at overall network vulnerability


The first solution3

The First Solution

The Scanning Method


The first solution4

The First Solution

Results

  • Lasted three weeks

  • Approximately 20,000 potential hosts interrogated

  • Found about 5,000 hosts with services

  • Inexpensive (almost automatic)


The first solution5

The First Solution

Problems

  • Took almost a month to process the results into a useable format

  • Missed many hosts (DHCP, hosts not in DNS, especially Linux boxes)

  • Organizational problems (results not getting to the right people)

  • Scapegoats for a host of network problems


The first solution6

The First Solution

Lessons Learned

  • DNS method is not finding all the hosts

  • SATAN is not current

  • Report generation takes too long

  • We need the following:

    • a new scanning tool

    • a new scanning method

    • a new reporting method


The second solution

The Second Solution

  • The Scanning Tool

  • The Scanning Method

  • Results

  • Problems

  • Lessons Learned


The second solution1

The Second Solution

The Scanning Tool

  • An updated version of SATAN

  • Added many new tests

  • Added a new attack level

  • Changed how vulnerable services are categorized

  • Works in firewalled environments

  • Identifies Windows boxes

  • Developed extensive tutorials for each vulnerable service

  • Developed an in-house tool to help with reports


The second solution2

The Second Solution

The Scanning Tool

  • The three “r” services (rlogin, rshell, rexec)

  • Vulnerable CGIs

  • IMAP vulnerabilities

  • SMB open shares

  • Back Orifice and NetBus

  • ToolTalk

  • Vulnerable DNS servers

  • rpc.statd service

  • UDP echo and/or chargen

  • IRC chat relays


The second solution3

The Second Solution

The Scanning Method


The second solution4

The Second Solution

Results

  • Lasted two months

  • Almost 500,000 potential hosts interrogated

  • Found many more hosts

    • approximately 7,000 boxes with services

    • approximately 4,000 boxes with no services

    • almost 8,000 Windows boxes

  • More costly (labor intensive)


The second solution5

The Second Solution

Problems

  • Scanning takes longer

  • Difficult to compare results with previous scan

  • Organizational problems (results still not getting to the right people)

  • Caused some problems with NT boxes

  • Still a scapegoat for network problems


The second solution6

The Second Solution

Lessons Learned

  • New method finds more hosts but takes longer

  • SAINT needs to be continually updated

  • Scanning can help improve the tool

  • Still need to work on reporting results


Other uses for saint

Other Uses for SAINT

  • SAINT gathers a lot of information that is not reported

    • used to produce a list of UNIX hosts by OS type

    • used to identify web servers

    • used to identify routers

  • Quick scans of a host or subnet


Other uses for saint1

Other Uses for SAINT

Investigating Incidents


What s next

What’s Next

  • Continue using SAINT for large scans

  • Supplement SAINT with more robust tools

  • Scans have led to development of an IRT

    • defining policy

    • defining standard security configurations

    • helping users secure hosts

    • developing centralized site for security information


Conclusions

Conclusions

  • SAINT is a useful tool for scanning large networks

  • Results give a good first look at how vulnerable you are

  • SAINT must be continually updated

    • better OS typing

    • better reporting

    • method to compare scan results


Contact information

Contact Information

  • World Wide Digital Security, Inc.

  • 11260 Roger Bacon Drive, Suite 400

  • Reston, VA 20910 USA

  • PHONE:+1 703 742-6604

  • FAX:+1 703 742-6605

  • http://www.wwdsi.com


  • Login