Vulnerability assessment using saint
Download
1 / 22

Vulnerability Assessment Using SAINT - PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on

Vulnerability Assessment Using SAINT. Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. [email protected] Outline. The Problem The First Solution The Second Solution Other Uses for SAINT What’s Next Conclusions. The Problem. Large network

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Vulnerability Assessment Using SAINT' - malcolm-reynolds


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Vulnerability assessment using saint

Vulnerability AssessmentUsing SAINT

Jane Lemmer

Information Security Specialist

World Wide Digital Security, Inc.

[email protected]


Outline
Outline

  • The Problem

  • The First Solution

  • The Second Solution

  • Other Uses for SAINT

  • What’s Next

  • Conclusions


The problem
The Problem

  • Large network

    • 7 Class B subnets, over 20 Class C subnets

  • No central management

  • Some resistance to “outsiders”

  • How do we do a vulnerability assessment?


The first solution
The First Solution

  • The Scanning Tool

  • The Scanning Method

  • Results

  • Problems

  • Lessons Learned


The first solution1
The First Solution

The Scanning Tool

  • Conducted a comparison of several network based vulnerability assessment tools

    • Internet Security Scanner

    • Kane Security Analyst

    • SATAN

    • Nessus, and a few others


The first solution2
The First Solution

The Scanning Tool

  • Chose SATAN, with COAST extensions

    • free

    • fairly easy to use

    • sufficient for providing a first look at overall network vulnerability


The first solution3
The First Solution

The Scanning Method


The first solution4
The First Solution

Results

  • Lasted three weeks

  • Approximately 20,000 potential hosts interrogated

  • Found about 5,000 hosts with services

  • Inexpensive (almost automatic)


The first solution5
The First Solution

Problems

  • Took almost a month to process the results into a useable format

  • Missed many hosts (DHCP, hosts not in DNS, especially Linux boxes)

  • Organizational problems (results not getting to the right people)

  • Scapegoats for a host of network problems


The first solution6
The First Solution

Lessons Learned

  • DNS method is not finding all the hosts

  • SATAN is not current

  • Report generation takes too long

  • We need the following:

    • a new scanning tool

    • a new scanning method

    • a new reporting method


The second solution
The Second Solution

  • The Scanning Tool

  • The Scanning Method

  • Results

  • Problems

  • Lessons Learned


The second solution1
The Second Solution

The Scanning Tool

  • An updated version of SATAN

  • Added many new tests

  • Added a new attack level

  • Changed how vulnerable services are categorized

  • Works in firewalled environments

  • Identifies Windows boxes

  • Developed extensive tutorials for each vulnerable service

  • Developed an in-house tool to help with reports


The second solution2
The Second Solution

The Scanning Tool

  • The three “r” services (rlogin, rshell, rexec)

  • Vulnerable CGIs

  • IMAP vulnerabilities

  • SMB open shares

  • Back Orifice and NetBus

  • ToolTalk

  • Vulnerable DNS servers

  • rpc.statd service

  • UDP echo and/or chargen

  • IRC chat relays


The second solution3
The Second Solution

The Scanning Method


The second solution4
The Second Solution

Results

  • Lasted two months

  • Almost 500,000 potential hosts interrogated

  • Found many more hosts

    • approximately 7,000 boxes with services

    • approximately 4,000 boxes with no services

    • almost 8,000 Windows boxes

  • More costly (labor intensive)


The second solution5
The Second Solution

Problems

  • Scanning takes longer

  • Difficult to compare results with previous scan

  • Organizational problems (results still not getting to the right people)

  • Caused some problems with NT boxes

  • Still a scapegoat for network problems


The second solution6
The Second Solution

Lessons Learned

  • New method finds more hosts but takes longer

  • SAINT needs to be continually updated

  • Scanning can help improve the tool

  • Still need to work on reporting results


Other uses for saint
Other Uses for SAINT

  • SAINT gathers a lot of information that is not reported

    • used to produce a list of UNIX hosts by OS type

    • used to identify web servers

    • used to identify routers

  • Quick scans of a host or subnet


Other uses for saint1
Other Uses for SAINT

Investigating Incidents


What s next
What’s Next

  • Continue using SAINT for large scans

  • Supplement SAINT with more robust tools

  • Scans have led to development of an IRT

    • defining policy

    • defining standard security configurations

    • helping users secure hosts

    • developing centralized site for security information


Conclusions
Conclusions

  • SAINT is a useful tool for scanning large networks

  • Results give a good first look at how vulnerable you are

  • SAINT must be continually updated

    • better OS typing

    • better reporting

    • method to compare scan results


Contact information
Contact Information

  • World Wide Digital Security, Inc.

  • 11260 Roger Bacon Drive, Suite 400

  • Reston, VA 20910 USA

  • PHONE: +1 703 742-6604

  • FAX: +1 703 742-6605

  • http://www.wwdsi.com


ad