vulnerability assessment using saint
Download
Skip this Video
Download Presentation
Vulnerability Assessment Using SAINT

Loading in 2 Seconds...

play fullscreen
1 / 22

Vulnerability Assessment Using SAINT - PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on

Vulnerability Assessment Using SAINT. Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. [email protected] Outline. The Problem The First Solution The Second Solution Other Uses for SAINT What’s Next Conclusions. The Problem. Large network

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Vulnerability Assessment Using SAINT' - malcolm-reynolds


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
vulnerability assessment using saint

Vulnerability AssessmentUsing SAINT

Jane Lemmer

Information Security Specialist

World Wide Digital Security, Inc.

[email protected]

outline
Outline
  • The Problem
  • The First Solution
  • The Second Solution
  • Other Uses for SAINT
  • What’s Next
  • Conclusions
the problem
The Problem
  • Large network
    • 7 Class B subnets, over 20 Class C subnets
  • No central management
  • Some resistance to “outsiders”
  • How do we do a vulnerability assessment?
the first solution
The First Solution
  • The Scanning Tool
  • The Scanning Method
  • Results
  • Problems
  • Lessons Learned
the first solution1
The First Solution

The Scanning Tool

  • Conducted a comparison of several network based vulnerability assessment tools
    • Internet Security Scanner
    • Kane Security Analyst
    • SATAN
    • Nessus, and a few others
the first solution2
The First Solution

The Scanning Tool

  • Chose SATAN, with COAST extensions
    • free
    • fairly easy to use
    • sufficient for providing a first look at overall network vulnerability
the first solution3
The First Solution

The Scanning Method

the first solution4
The First Solution

Results

  • Lasted three weeks
  • Approximately 20,000 potential hosts interrogated
  • Found about 5,000 hosts with services
  • Inexpensive (almost automatic)
the first solution5
The First Solution

Problems

  • Took almost a month to process the results into a useable format
  • Missed many hosts (DHCP, hosts not in DNS, especially Linux boxes)
  • Organizational problems (results not getting to the right people)
  • Scapegoats for a host of network problems
the first solution6
The First Solution

Lessons Learned

  • DNS method is not finding all the hosts
  • SATAN is not current
  • Report generation takes too long
  • We need the following:
    • a new scanning tool
    • a new scanning method
    • a new reporting method
the second solution
The Second Solution
  • The Scanning Tool
  • The Scanning Method
  • Results
  • Problems
  • Lessons Learned
the second solution1
The Second Solution

The Scanning Tool

  • An updated version of SATAN
  • Added many new tests
  • Added a new attack level
  • Changed how vulnerable services are categorized
  • Works in firewalled environments
  • Identifies Windows boxes
  • Developed extensive tutorials for each vulnerable service
  • Developed an in-house tool to help with reports
the second solution2
The Second Solution

The Scanning Tool

  • The three “r” services (rlogin, rshell, rexec)
  • Vulnerable CGIs
  • IMAP vulnerabilities
  • SMB open shares
  • Back Orifice and NetBus
  • ToolTalk
  • Vulnerable DNS servers
  • rpc.statd service
  • UDP echo and/or chargen
  • IRC chat relays
the second solution3
The Second Solution

The Scanning Method

the second solution4
The Second Solution

Results

  • Lasted two months
  • Almost 500,000 potential hosts interrogated
  • Found many more hosts
    • approximately 7,000 boxes with services
    • approximately 4,000 boxes with no services
    • almost 8,000 Windows boxes
  • More costly (labor intensive)
the second solution5
The Second Solution

Problems

  • Scanning takes longer
  • Difficult to compare results with previous scan
  • Organizational problems (results still not getting to the right people)
  • Caused some problems with NT boxes
  • Still a scapegoat for network problems
the second solution6
The Second Solution

Lessons Learned

  • New method finds more hosts but takes longer
  • SAINT needs to be continually updated
  • Scanning can help improve the tool
  • Still need to work on reporting results
other uses for saint
Other Uses for SAINT
  • SAINT gathers a lot of information that is not reported
    • used to produce a list of UNIX hosts by OS type
    • used to identify web servers
    • used to identify routers
  • Quick scans of a host or subnet
other uses for saint1
Other Uses for SAINT

Investigating Incidents

what s next
What’s Next
  • Continue using SAINT for large scans
  • Supplement SAINT with more robust tools
  • Scans have led to development of an IRT
    • defining policy
    • defining standard security configurations
    • helping users secure hosts
    • developing centralized site for security information
conclusions
Conclusions
  • SAINT is a useful tool for scanning large networks
  • Results give a good first look at how vulnerable you are
  • SAINT must be continually updated
    • better OS typing
    • better reporting
    • method to compare scan results
contact information
Contact Information
  • World Wide Digital Security, Inc.
  • 11260 Roger Bacon Drive, Suite 400
  • Reston, VA 20910 USA
  • PHONE: +1 703 742-6604
  • FAX: +1 703 742-6605
  • http://www.wwdsi.com
ad