1 / 13

Computer Security Workshops

Computer Security Workshops. Module 3 - Vulnerability Assessment. Vulnerability Assessment. Attack Overview Gathering Information / Fingerprinting Vulnerability Assessment Attempt Exploit Defender Fix Vulnerabilities To prevent exploits. Vulnerability Assessment Tools.

ranit
Download Presentation

Computer Security Workshops

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security Workshops Module 3 - Vulnerability Assessment

  2. Vulnerability Assessment • Attack Overview • Gathering Information / Fingerprinting • Vulnerability Assessment • Attempt Exploit • Defender • Fix Vulnerabilities • To prevent exploits

  3. Vulnerability Assessment Tools • Collected Set of Tools for Determining Possible Security Holes • Components • Port scanning • Additional checks on ports for: • Software packages actually running • Versions of those packages • Possible vulnerabilities on these combinations • Vulnerability database to support above • Possibly other components • Check for weak passwords • Check for general patch levels • Etc.

  4. Example • Going beyond port scanning • Port scanning may find port 21 listening, ftp • OS fingerprint – Linux 2.2 kernel • Service query – identifies ftp as wu-ftpd version 2.4.2 • What specific vulnerabilities does wu-ftpd 2.4.2 have?

  5. Where To Position Vulnerability Assessment Tools? • Don’t want them on bastion hosts, firewalls • Could be used against you • Safer but less useful in secure zones • Best may be to install on laptop • Connect to DMZ, insecure zone, secure zone when needed • Disconnect when not being used

  6. Vulnerability Assessment Tools • Linux • Nessus • Windows • Nessus 3.0 for Windows • Microsoft Baseline Security Analyzer • LanSpy

  7. Nessus • Probably most well-known vulnerability assessment tool • Uses nmap for initial port scanning • Two-level architecture • Server: runs scans • Client: control scans, view reports • http://www.nessus.org

  8. Nessus Structure • Uses plug-ins to abstract vulnerability tests • Tests further grouped into families • Uses accounts for authorization • Can configure through running server interactively • as opposed to running server in daemon state

  9. Nessus Notes • Plugins tab • Be careful with enabling all plugins • Dangerous plugins can interrupt or even crash services on ports

  10. Nessus results • Good graphical interface • Listing of findings with recommendations • Examples: http://www.nessus.org/demos

  11. Nessus for Windows 3.0 • Nessus 3.0 • Currently supported Windows product • Same client/server structure • Vulnerability database customized for Windows environments • http://www.nessus.org/nessus/

  12. Microsoft Baseline Security Analyzer • Program that analyzes a Windows system for vulnerability • Analyzes in several areas • OS and related utilities - patch levels • Accounts – password content and expiration • Services – whether unneeded services present • Utility security settings (e.g. IIS, SQL Server) • Etc. • Start/Programs/Microsoft Baseline Security Analyzer

  13. Other Microsoft Tools • Sysinternals Tools • http://www.sysinternals.com • Now part of Microsoft • Many interesting and useful security tools for Windows • Sysinternals Tools Examples • Autoruns – Start/Programs/sysinternals/autoruns.exe • Process Explorer – Start/Programs/sysinternals/procexp.exe • Other • CurrPorts – much information on services using ports – Start/Programs/CurrPorts

More Related