assessing vulnerabilities n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Assessing Vulnerabilities PowerPoint Presentation
Download Presentation
Assessing Vulnerabilities

Loading in 2 Seconds...

play fullscreen
1 / 17

Assessing Vulnerabilities - PowerPoint PPT Presentation


  • 129 Views
  • Uploaded on

Assessing Vulnerabilities. ISA 4220 Server Systems Security. James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology Solutions. Assessing Vulnerabilities. Footprinting Enumeration Vulnerability Scanning Exploitation Reporting.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Assessing Vulnerabilities' - mingan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
assessing vulnerabilities

Assessing Vulnerabilities

ISA 4220 Server Systems Security

James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE

Sr. Security Analyst

Cincinnati Bell Technology Solutions

assessing vulnerabilities1
Assessing Vulnerabilities
  • Footprinting
  • Enumeration
  • Vulnerability Scanning
  • Exploitation
  • Reporting

http://www.sans.org/reading_room/whitepapers/auditing/conducting-penetration-test-organization_67

enumeration
Enumeration
  • Host and Service Enumeration
    • Port Scanning (nmap, scanline)
    • SNMP Scanning (Solarwinds, onesixtyone, snmpenum.pl)
    • NetBIOS Scanning (browsat, net view, nbtscan)

http://www.jedge.com

network mapper nmap
Network Mapper (nmap)
  • Latest stable version is 5.51.
  • More than a port scanner
    • Service and OS Identification
    • Traceroute
    • Nmap Scripting Engine
      • 177 scripts for vulnerability discovery, windows enumeration, fuzzing, & more.
      • Write your own!
  • Additional tools: Zenmap GUI, Ndiff, Ncat, & Nping.

http://nmap.org/book/man.html

nmap reporting
Nmap Reporting
  • Nmap generates three file types (nmap, gnmap, xml)
    • results.nmap: log file that is the same as the screen output (with verbose turned off)
    • results.gnmap: output for each host found is placed on one line so grep can be used for simple shell script parsing.
    • results.xml: used for advanced report generation and loading into a database.

http://www.jedge.com/wordpress/?p=220

scanline
Scanline
  • Simple, free, standalone Windows port scanning executable.
    • Requires no installation
    • Perfect for upload to a compromised machine to scan internally.
    • Conducts banner grabbing for port identification.
    • Runs slow, output is horrible, shows only if a port is open, and no advanced features.
  • Formally created by Foundstone Tools now owned by McAfee.

http://www.mcafee.com/us/downloads/free-tools/scanline.aspx

solarwinds snmp sweep
Solarwinds SNMP Sweep
  • Part of the commercial Engineer’s Toolset (starting at $1390).
    • You will have to ask your company Networking group very nicely if you can use one of the licenses.
    • Very easy to use GUI tools for SNMP scanning and analysis.
    • MS Excel compatible reporting features.

http://www.solarwinds.com/products/toolsets/

open source snmp scanning
Open Source SNMP Scanning
  • Nmap
    • Look for open UDP port 161
  • onesixtyone
    • Community string dictionary attack
  • snmpenum.pl
    • Obtain detailed host information for Windows, Linux, and Cisco

http://www.jedge.com/docs

nessus
Nessus

http://cgi.tenable.com/nessus_4.4_installation_guide.pdf

http://cgi.tenable.com/nessus_4.4_user_guide.pdf

  • Formally open source vulnerability scanner. The product went closed source with version 3.0 but was still free for commercial use. Now with version 4.0 you have to obtain a license to use the product for commercial purposes.
  • The current version, Nessus 4.4, is still free for educational purposes and home use.
nikto
Nikto
  • Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.
  • Latest version is 2.1.4 (2.20.2011)
  • Video for integrating Nikto with Nessus
    • http://www.cirt.net/node/86

http://www.cirt.net/

w3af web application attack and audit framework
w3af: Web Application Attack and Audit Framework
  • The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
  • Open Source alternative to commercial tools HP Web Inspect, IBM Appscan, Acunetix, and Burp Suite.

http://w3af.sourceforge.net/

reporting
Reporting
  • Most scanners include their own report generation. However, even for expensive commercial tools, the reports generated include a mountain of information. No IT staff will read a 100-200 page report on the application or database vulnerabilities.
  • Most scanners allow you to export the report information in XML format. You can then parse the information, load it into a database, and generate your own reports.

http://php.net/manual/en/book.xml.php

parsing xml with perl or php
Parsing XML with Perl or PHP
  • XML can be parsed with your favorite scripting or programming language (Perl, PHP, Python, Ruby, Java, etc).
    • I’m sure you can do this with windows scripting languages but I know NOTHING about this.
  • Examples will be given in Perl and PHP.

http://en.wikipedia.org/wiki/XML

parsing xml with perl or php1
Parsing XML with Perl or PHP
  • Linux, Apache, MySQL and PHP, Perl, or Python (LAMP) creates an environment for custom report generation.
  • Many virtual images/appliances exist allowing an easy way to get the environment you need to process XML output.
    • Turnkey LAMP Appliance
      • http://www.turnkeylinux.org/lamp

http://www.jedge.com/wordpress/?page_id=62

turnkey lamp appliance
Turnkey LAMP Appliance
  • Download the Vmware Appliance from the Turnkey website.
  • Open the appliance in the free VMWare Player or Virtualbox.
  • When the image boots it will ask to set the system root password and the MySQL root password.
  • The image will then assist you in configuring network access.
helpful links
Helpful Links!

Using Nmaphttp://www.youtube.com/watch?v=Bn36zoApLm4Using Nessushttp://www.youtube.com/watch?v=3RgOtjv4v8EUsing Metasploithttp://www.youtube.com/watch?v=RxyD0F38WYghttp://www.irongeek.com/i.php?page=videos/msfpayload-msfencoder-metasploit-3-3http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter-payload-executableTop 100 Network Security Toolshttp://sectools.org/

Mischttp://www.packetstormsecurity.orghttp://vulnerabilityassessment.co.ukhttp://www.jedge.com

contact
Contact
  • James A. Edge Jr.
  • Email: james.edge@jedge.com
  • Web: http://www.jedge.com