slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009 PowerPoint Presentation
Download Presentation
An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009

Loading in 2 Seconds...

play fullscreen
1 / 62

An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009 - PowerPoint PPT Presentation


  • 122 Views
  • Uploaded on

UCCSC 2009 - Focus on Security. An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009. Disclaimer. Don’t blame me if your workstation breaks or something bad happens to your network. Scientist Gone Bad - this is me!. Expectations.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009' - odette


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

UCCSC 2009 - Focus on Security

An Overview of Non-Commercial Software for Network Administrators

Doug Nomura

doug.nomura@gmail.com

June 16 2009

disclaimer
Disclaimer

Don’t blame me if your workstation breaks or something bad happens to your network

expectations
Expectations
  • General overview - Only have 60 minutes!
  • Focus will be on tools to help detect problems with your network
  • Two Hat Perspective
    • If you can use the tool, think how it can be used against you!
approach
Approach
  • Tool will be described
  • What the tool does
  • How can you use it
  • Advantages/disadvantages
topics to be covered
Topics to be covered
  • Data Mining 1A
  • Web 2.0
  • Kismet
  • OpenVAS
  • Metasploit
more topics
More Topics
  • NMap
  • Web Vulnerability Scanners
  • Pros and Cons of the free stuff
  • The Future
data mining 1a9
Data Mining 1A
  • Every network leaks or broadcasts information
  • What is allowable or acceptable by your organization?
  • This section will give examples of types of information being broadcast - allowable and sensitive
classic sources of data leaks
Classic Sources of Data Leaks
  • DNS & MX records
  • Technical forums
  • Job sites
google s advanced operators
Google’sAdvanced Operators
  • Reduce noise
  • Help to refine search
  • Operator:search term
  • Tutorial to advanced operators http://www.googletutor.com/google-manual/web-search/adding-advanced-operators/
operators
Operators
  • domain:ucdavis.edu
  • “Exact phrase”
  • Intitle: Look for phrase in page
types of information
Types of information
  • Personal information
  • Technical information
slide20

Text

Example of a technical google hack revealing Nessus Scan Reports

summary of google hacking
Summary of Google Hacking
  • Use Google to peruse your servers for sensitive information
  • Clean up your mess like old scan reports
  • Educate users about the danger of broadcasting information
the pros of google hacking
The Pros of Google Hacking
  • Find information you didn’t know was being broadcast
  • It’s cheap and works
the cons of google hacking
The Cons of Google Hacking
  • Someone may have found the information already
  • You may not find everything
  • Fear the Google cache!!!!!
references for google hacking
References for Google Hacking
  • See Johnny Long’s book - Google Hacking for Penetration Testers - ISBN-10 1597491764
  • Any questions - just send me an email
web 2 0
Web 2.0
  • Example: Twitter
  • Technical
    • Exploitation of code
  • Passive enumeration
    • Users careless of information being broadcast
solution
Solution
  • Identify types of data not be broadcast
  • Educate
    • Users need to be made aware there are people “watching.”
free tools
“Free” Tools
  • Many released under GNU/GPL
  • Range from simple to complex
  • Many have great support and documentation
kismet
Kismet
  • Detects presence of 802.11 APs
  • Sniffs traffic
  • IDS
  • kismewireless.net
kismet29
Kismet

Note error messages at bottom - ignore them

why use kismet
Why use Kismet?
  • Pen testing of APs
  • Seek out rogue APs
  • Survey and map 802.11 installation
  • Distributed IDS
kismet advantages
Kismet Advantages
  • Initial cost is free
  • Very powerful
  • Customizable
    • plugins
cons of kismet
Cons of Kismet
  • Interface
  • May require significant configuration
  • Incompatibilities
  • Long term cost could be high due to time spent configuring and tweaking apps
openvas
OpenVAS
  • Vulnerability Assessment
  • Based upon Nessus 2.2
  • Released under GNU/GPL
  • openvas.org
openvas38
OpenVAS
  • Runs well on Linux
  • Financially - free VA tool
  • Growing support for project
disadvantages
Disadvantages
  • Problems with some NVTs
  • Some difficulty non-linux platform
slide40

Metasploit

  • Security Framework identifies vulnerabilities and exploits them
  • Intended for penetration testing and research
  • Customizable
  • metasploit.org
metasploit
Metasploit

Text

Command line interface of Metasploit

metasploit42
Metasploit

Example vulnerability to be used on Windows 2000 machine

metasploit43
Metasploit

Selection of exploit

metasploit44
Metasploit

Access has been achieved on remote machine

metasploit advantages
Metasploit Advantages
  • Growing community of users
  • Growing documentation
  • Runs well on most flavors of *nix
  • Excellent tool to identify and exploit vulnerability
metasploit disadvantages
Metasploit Disadvantages
  • Do not expect all exploits nor may be up to date with latest exploits
  • Lack of logging or reports
  • Machine running Metasploit can be compromised
  • This is a very dangerous tool and may violate policy at your institution. Use on test network
nmap network mapper
NMap - Network Mapper
  • Sends raw IP packets to specific host, or a range of hosts
  • Determines OS, version, open ports, identifies potential vulnerability
  • nmap.org
slide48
NMap
  • Network administrators and other IT folk responsible for network based assets
  • Pen testers and other security folk
slide49
NMap

Loki:/Users/Doug root# nmap -sV 192.168.1.1-25

Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-14 23:56 PDT

Interesting ports on 192.168.1.1:

Not shown: 998 closed ports

PORT STATE SERVICE VERSION

23/tcp open telnet Cisco telnetd (IOS 6.X)

443/tcp open ssl/http Cisco PIX Device Manager

MAC Address: 00:08:21:3A:29:B2 (Cisco Systems)

Service Info: OS: IOS; Device: firewall

Interesting ports on 192.168.1.2:

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

21/tcp open ftp tnftpd 20061217

22/tcp open ssh OpenSSH 5.1 (protocol 1.99)

548/tcp open afp Apple AFP (name: Feline; protocol 3.2; Mac OS X 10.4/10.5)

MAC Address: 00:0D:93:32:D0:26 (Apple Computer)

Service Info: Host: Feline.local

Interesting ports on 192.168.1.4:

Not shown: 999 closed ports

PORT STATE SERVICE VERSION

5009/tcp open airport-admin Apple AirPort admin

MAC Address: 00:03:93:1F:01:65 (Apple Computer)

Interesting ports on 192.168.1.6:

Part of a Nmap scan report

strengths of nmap
Strengths of NMap
  • Large base of support from user and developer community
  • Mature product
  • Fast and versatile scanner
  • Extremely stable. Install and go!
weaknesses of nmap
Weaknesses of NMap
  • Some scans seem to be intrusive
  • Some scans have crashed hosts being scanned
web vulnerability scanners
Web Vulnerability Scanners
  • GNU/GPL World
  • Singular in purpose
    • Paros
  • Stagnant
    • Nikto
web vulnerability scanners53
Web Vulnerability Scanners
  • Singular purpose tools usually check for a single type of vulnerability (i.e. XSS, SQL injection). You would have to have a lot of different GNU/GPL tools to encompass all possible vulnerabilities
web vulnerability scanners54
Web Vulnerability Scanners
  • Some projects become stagnant or die due to core developers ability to devote time to project
advantages of the free apps
Advantages of the “free” apps
  • Initial cost is low
  • Some projects have a community of support
  • Documentation
  • A potentially powerful tool rivaling commercial tools
advantages of free apps
Advantages of “free” apps
  • Use older hardware
    • Great for that older machine collecting dust
disadvantages57
Disadvantages
  • Project stability
  • UI issues
  • Application stability
  • Speed of development
  • Upgrades may be challenging
  • Geek Factor
geek factor
Geek Factor

100

Geek

Factor

0

100

“cost”

what to do
What to do?
  • Define your needs
  • Determine stability and viability of project
  • Be willing to invest time
  • Be diligent
the future
The future
  • Greater and easier exploitation of Web 2.0
    • You must educate your users about the dangers
  • Handhelds will be both targets and attackers