security tools l.
Skip this Video
Loading SlideShow in 5 Seconds..
Security Tools PowerPoint Presentation
Download Presentation
Security Tools

Loading in 2 Seconds...

play fullscreen
1 / 19

Security Tools - PowerPoint PPT Presentation

  • Uploaded on

Security Tools. CS-480b Dick Steflik. CACLS. Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files. CACLS. cacls /T /E /G administrator:F d:\users\*.*

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Security Tools' - wynona

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security tools

Security Tools


Dick Steflik

  • Windows NT, W2000, XP
  • Displays or modifies access control lists (ACLs) of files
  • cacls /T /E /G administrator:F d:\users\*.*
    • Cacls will add Full Control for the adminsitrator account all files and subfolders in the Users folder of the D:\ drive.
  • cacls /T /E /R Everyone d:\users
    • Cacls will remove all permissions for the 'Everyone' group in all files and subfolders in the Users folder of the D:\ drive.
  • Be sure to use the /E switch when you are just making modifications to a specific account or group. Without the /E switch, your settings will replace the current security with only what is specified.

Of course anything done using CACLS could also be done through the GUI.

  • Name Server Lookup
  • Windows NT, W2000, Linux, UNIX
  • used to resolve Internet names to IP addresses
  • default (no parameter) returns default name server address (windows) ; on Linux/UNIX enters conversational mode allowing lookups until you quit
  • Tracert (windows) ; traceroute (Linux/Unix)
  • used to display all of the routers between two communicating Internet hosts
  • options:
    • -d don’t resolve addresses to host names
    • -h (m) max number of hops to search for target
    • -j (hostlist) loose source route along the host list
    • -w (timeout) wait (timeout) msec for each reply
  • LINUX version of traceroute
  • requires superuser authority
  • GUI application
  • Send an ICMP echo request message to a specific host
  • plat form differences
    • Linux - no parameters, sends repeated /continuous requests until terminated
    • Windows - -t switch send continuous pings
    • Unix (most) -s switch sends continuous pings
ws ping security analysis tool
WS-Ping – Security Analysis Tool
  • COTS (common Off The Shelf) IPSwitch
  • Verify connectivity to a particular device on your network
  • Quantitatively test data connections between your computer and a remote system
  • Trace the path to a network host or device
  • Obtain information on host names and IP addresses
  • Scan your network and list devices and network services
  • View summary information about a network host or device including the official hostname, IP address, and contact information (from the Whois database)
  • View Simple Network Management Protocol values as well as Windows network domains, hosts, and workstations
  • Search information (such as user's full names and e-mail addresses) available through LDAP
ws ping
  • Features tools for :
    • Ping - Click to Enlarge Ping - Use Ping to determine if a network device is reachable.
    • Traceroute - Use traceroute to trace the path to a network host or device.
    • Throughput - Click to Enlarge Throughput - Use Throughput to test the data speed on a connection with a remote host.
    • Lookup - Use Lookup to obtain information on host names and IP addresses.
    • Info - Use the Info tool to view summary information about a network host or device.
    • Whois - Use Whois to obtain information on names from the Network Information Center.
    • Finger - Use finger to obtain information about a user or host (if supported on the remote host).
    • SNMP - Use the SNMP tool to view Simple Network Management Protocol values.
    • Scan - Use Scan to scan your network and list devices.
    • WinNet - Use the WinNet tool to view your Windows Network domains, hosts, and workstations.
    • LDAP- Use the LDAP tool to search for names and information available through LDAP.
    • Time - Use the time tool to query multiple time servers or to synchronize your local system clock.
    • Quote - Use Quote to view quotations from a Quote server.
    • HTML - Use the HTML tool to help you efficiently debug your Web site.
  • Security Administrators Tool for Analyzing Networks
    • web based
  • Ten years old
  • Open Source (
  • Rational for SATAN is explained at :
  • There are a number of SATAN derivatives:
    • SAINT Scan Engine – Saint Corporation
    • SANTA
  • SATAN recognizes several common networking-related security problems, and reports the problems without actually exploiting them.
  • For each type or problem found, SATAN offers a tutorial that explains the problem and what its impact could be.
    • The tutorial also explains what can be done about the problem: correct an error in a configuration file, install a bugfix from the vendor, use other means to restrict access, or simply disable service.
problems found by satan
Problems Found by SATAN
  • NFS file systems exported to arbitrary hosts
  • NFS file systems exported to unprivileged programs
  • NFS file systems exported via the portmapper
  • NIS password file access from arbitrary hosts
  • Old (i.e. before 8.6.10) sendmail versions
  • REXD access from arbitrary hosts
  • X server access control disabled
  • arbitrary files accessible via TFTP
  • remote shell access from arbitrary hosts
  • writable anonymous FTP home directory
  • Vulnerability Scanner
    • Nessus development Team
    • plug-in based
      • Finger Abuses
      • Windows
      • Backdoors
      • Gain a shell remotely
      • CGI abuses
      • Remote file access
      • RPC
      • Firewalls
      • FTP
      • SMTP
      • Gain root remotely
      • NIS
      • DOS
      • Miscellaneous
  • Client Server architecture
  • plug-ins are for the server, client is for administration and analysis
  • creates reports in HTML, LaTeX, ASCII, and XML
    • including graphs