By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.

Slides:



Advertisements
Similar presentations
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Advertisements

Configuring Windows to run Dr.Web scanner remotely.
Armitage and Metasploit Penetration Testing Lab
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.
Offensive Security Part 1 Basics of Penetration Testing
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan
Vulnerability Analysis Borrowed from the CLICS group.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
The Business of Penetration Testing
IT:Network:Microsoft Applications
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
1 GFI LANguard N.S.S VS NeWT Security Scanner Presented by:Li,Guorui.
PCI requirements in business language What can happen with the cardholder data?
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Module 14: Configuring Server Security Compliance
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
Vulnerability Scan Assessment CS/IT 463 Bryan Dean Jonathan Ammons.
Raj Natarajan National Technology Specialist Microsoft Australia.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.
GCSC August Backup Exec Critical Vulnerability Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite Will be scanning from offsite soon Strongly.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Penetration Testing 101 (Boot-camp)
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.
VULN SCANNING Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
IT 463 – Scanning Assignment Shane Knisley Erik Bennett.
Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.
Alison Buben Jay Pataky COSC 316.  Main purpose: Penetration Testing ◦ Evaluating the security of a computer by simulating an attack ◦ Showing where.
Al Lilianstrom CD/LSC/SOS/ESG  Blocked?  Operating Systems  Baselines  Detection  TiSSUE  Compliance  Windows  OS/X  Questions.
Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.
Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products.
Tim Wostradowski, Ian Brophy, John Ang.  Project Conception  Developing the Idea  Refining the Method  Gathering the Data  From Data to Information.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Penetration Test Debrief
Backdoor Attacks.
Compliance with hardening standards
Network Exploitation Tool
Module 22 (Metasploit Introduction)
Common Operating System Exploits
Everything You Need To Know About Penetration Testing.
Nessus Vulnerability Scanning
Deployment timeline This template is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION.
Figure 6-4: Installation and Patching
Metasploit Assignment
Nessus Vulnerability Scan
Metasploit Analysis Report Overview
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Metasploit assignment – Arkadiy Kantor – Mis-5212
Penetration Testing & Network Defense
Empowering Security Communities
Presentation transcript:

By Bruce Ellis Western Governors University

Demonstrate the need for updating information systems Build security awareness Inform management of the risk Inform organizations of the potential consequences Most used operating system in the business industry

Failure to apply security patches Failure to update application/software Failure to upgrade operating systems Failure to provide continuous security assessments

UTILIZED BACKTRACK 4OPERATING SYSTEMS TESTED Tested security of Windows Operating Systems using tools from Backtrack 4 Nessus Metasploit Nmap Windows XP SP 1 Windows XP SP 3 Windows Vista Business Windows Server 2003

Scanned systems first using Nessus to find potential vulnerabilities, shares, user accounts, computer name etc. Scanned systems to find open ports Utilized metasploit to set payloads for potential vulnerabilities found using open ports.

Hacking and Penetration Results CRVMRVLRVOPF#VE Windows XP SP Windows XP SP Windows Vista00410 Windows Server CRV= Critical Risk Vulnerabilities MRV= Medium Risk Vulnerabilities LRV= Low Risk Vulnerabilities OPF= Open Ports Found #VE= Vulnerabilities Exploited

Milestones were met as predicted except for successful exploitation of Windows Vista Business

At the beginning of the testing phase there were problems exploiting Windows XP SP 1 due to lack of proficiency in metasploit. Finding detailed information on Backtrack 4 and use of metasploit.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.