A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.

Slides:

Advertisements

Similar presentations

Ethical Hacking Module VII Sniffers.

Advertisements

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Man in the Middle Attack

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

Database Encryption. Encryption: overview Encrypting Data-in-transit As it is transmitted between client-server Encrypting Data-at-rest Storing data in.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

Network Attacks Mark Shtern.

Computer Security and Penetration Testing

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

SSH Secure Login Connections over the Internet

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

What we are going to talk about? New Version of Canape Released at Ruxcon What is the VMware ESXi management protocol? In Canape: – MitM – Traffic Parsing.

Mobile and Wireless Communication Security By Jason Gratto.

JMU GenCyber Boot Camp Summer, Network Sniffing Sometimes it is possible observe/record traffic traveling on a network Network traffic may contain.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

Wireless Security: A Search for Public and Secure Wireless networks Kory Kirk.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Network Security: Lab#4-2 Packet Sniffers J. H. Wang Dec. 2, 2013.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Wireless Networking & Security Greg Stabler Spencer Smith.

CIS 450 – Network Security Chapter 5 – Session Hijacking.

CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

CHAPTER 9 Sniffing.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Wireless Security A lab that actually works! Anne Hewitt Oscar Salazar A lab that actually works! Anne Hewitt Oscar Salazar.

Module 10: Windows Firewall and Caching Fundamentals.

MIS Week 9 Site:

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

Security Operations Chapter 11 Part 3 Pages 1279 to 1309.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

By Collin Donaldson Man in the Middle Attack: Password Sniffing and Cracking.

Final Project: Advanced Security Blade IPS and DLP blades.

Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Teaching Security of Internet of Things in Using RaspberryPi Oliver Nichols, Li Yang University of Tennessee at Chattanooga Xiaohong Yuan North Carolina.

Hacking Windows.

Project CTF Yeganeh Safaei Arizona State University

CSCE 548 Student Presentation By Manasa Suthram

Penetration Testing: Concepts,Attacks and Defence Stratagies

Working at a Small-to-Medium Business or ISP – Chapter 8

Penetration Test Debrief

Linux Networking Tools

Secure Software Confidentiality Integrity Data Security Authentication

Network Exploitation Tool

Switch Concepts and Configuration Part II

Advanced Penetration testing

Exploiting Metasploitable

CS4622: Computer Networking

Intro to Ethical Hacking

Virtual Private Networks

Metasploit Analysis Report Overview

Cyber Operation and Penetration Testing Online Password Cracking Cliff Zou University of Central Florida.

Traffic Analysis– Wireshark Simple Example

Operating System Security

Engineering Secure Software

Hush Smart Baby Monitor Exploit

Presentation transcript:

A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd

Overview Goal: To discover security vulnerabilities in order to ensure user privacy and data integrity Testing Environment Project structure Tools used Vulnerabilities found

Testing Environment Utilized the Kali Linux operating system running within virtualbox The test machine is located within the network, not attacking from outside

Enumeration Enumeration is the act of acquiring information about a network and it’s clients. Information to gather: Open ports Running services Operating system versions Unencrypted Packets Sample of tools: Nmap Wireshark Metasploit Sparta

Evaluation Using the information gathered from Enumeration to search for possible exploits Basic vulnerabilities: Default settings Default passwords Well known security flaws Metasploit Large database of confirmed security flaws Integration of multiple tools To be used for common flaws Manual evaluation For vulnerabilities specific to the Unix Lab

Exploitation Confirming and measuring severity of vulnerabilities Record what level of access was given by the vulnerability Information about exploit will help repair the issue Sample of tools to use: Metasploit Custom Python Hydra Ettercap

Vulnerabilities Found No authentication needed to mount network drives No defense against arp poisoning Misconfiguration for LDAP sending all information in plain text All NFS traffic could be viewed in plain text using Wireshark All keystrokes made during a VNC session are transmitted in plain text Using Scapy library, a Python script was made to search packets.

ARP Poisoning Man in the Middle attack Allows the attacker to capture packets going to and coming from the target Main tool used: Ettercap This attack made several others possible

ARP Poisoning

ARP Poisoning

NFS Network drives can be mounted by an attacker’s machine simply by changing it’s IP address After performing an ARP poisoning attack, file contents can be seen in network traffic. Both Vulnerabilities can be solved using Kerberos to provide authentication and encryption

LDAP All LDAP authentication was communicated over plain text Ettercap has a built in functionality to handle this vulnerability This was solved by configuring LDAP to utilize encryption for authentication

VNC Utilizing ARP Spoofing, all keystrokes are communicated over plain text After observing the pattern for network traffic, the process could be automated To avoid this vulnerability, the user can tunnel through SSH

Other Attempts Password attacks with Hydra PostgreSQL with Metasploit Utilized an extensive password list for a multithreaded dictionary attack PostgreSQL with Metasploit Searched for misconfigurations and default passwords

Questions?