Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.

Slides:

Advertisements

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.

Transmission Control Protocol (TCP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.

CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim

1 Reading Log Files. 2 Segment Format

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Port Scanning CT1406 lab#5.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

CS155: Computer and Network Security Programming Project 3 – Spring 2008 Craig Gentry, Naef Imam, Arnab Roy {cgentry, nimam, Thanks.

Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Computer Security and Penetration Testing

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

ITIS 6167/8167: Network Security Weichao Wang. 2 OS detection through TCP/IP fingerprint DNS and its security.

Ana Chanaba Robert Huylo

SCSC 555 Frank Li.  Port scanning  Port-scanning tools  Ping sweeps 2.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.

Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.

1 Chapter 1 OSI Architecture The OSI 7-layer Model OSI – Open Systems Interconnection.

CIS 450 – Network Security Chapter 3 – Information Gathering.

--Harish Reddy Vemula Distributed Denial of Service.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Linux Networking and Security

Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.

 network appliances to filter network traffic  filter on header (largely based on layers 3-5) Internet Intranet.

Chapter 2 Scanning Last modified Determining If The System Is Alive.

CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.

Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

Slide #1 CIT 380: Securing Computer Systems TCP/IP.

DoS/DDoS attack and defense

Hands-On Ethical Hacking and Network Defense

CITA 352 Chapter 2 TCP/IP Concepts Review. Overview of TCP/IP Protocol –Language used by computers –Transmission Control Protocol/Internet Protocol (TCP/IP)

Network and Port Scanning Chien-Chung Shen

Network and System Security Risk Assessment

Protection (tools).

Port Scanning James Tate II

CITA 352 Chapter 5 Port Scanning.

Information Gathering

Module 18 (More Network Discovery)

The IP, TCP, UDP protocols

EVAPI - Enumeration Auburn Hacking club

Transport Layer 9/22/2019.

Presentation transcript:

Network Security of Labnet ******

Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security Flaws Software –Nmap –SAINT

Overview: Step 1 Determine the best NMAP method for scanning Run a port scan on one machine using all scanning methods Select the method that returns the best Results

Nmap Scan Types Scan TypeDescription TCP SYNSend a SYN packet to each port and wait for an ACK TCP connectOpen a connection to each port. FINSend a FIN packet and wait for a RST, which means the port is closed. XMASSend a packet with the FIN, URG, and PUSH flags set and wait for a RST, which means the port is closed NULLSend a packet with the FIN, URG, and PUSH flags set to zero and wait for a RST, which means the port is closed. UDPSend a 0 byte UDP packet to each port and wait for an ICMP port unreachable message. IP ProtocolSend a raw IP protocol header packet without any protocol headers and wait for an ICMP protocol unavailable message. Idle scanUses a side channel to send a TCP port scan. (I.E. Broadcast node) ACK ScanSend an ACK packet to the port and wait for and RST packet. RPC scanFloods all open TCP and UDP ports with null RPC packets to determine if it is an RPC port.

Overview: Step 2 Identify the most interesting ports Scanning every port on every machine will take too much time. –65k ports –Slow network connection (10baseT) Use the best scanning method to scan all ports on one machine.

Overview: Step 3 Scan each server using the best scanning method and most interesting ports Analyze and compile the data –Find a typical server with typical open connections –Find major security holes in some servers

Final Step Run saint on a typical server. Identify Vulnerabilities Suggest a fix for the vulnerabilities

Scanning Method Results RPC scan locked up the target machine –Due to RPC request flood The SYN, TCP connect, and RPC scan returned the same 6 results. The FIN, NULL, and XMAS scans returned the same 15 results. Arbitrarily selected the NULL scan Need to run a TCP and UDP scan.

Best ports Ran a full port scan on another machine –Took too long to complete The results of the NULL scan returned many hundreds of ports with a status of filtered. A range of and a select group of other interesting ports for the NULL scan A range of and a select group of other interesting ports for the UDP scan.

Results of network Scan 25 hosts out of 27 up at the time the test was preformed All UDP ports filtered: – , , , , , , and All UDP ports left open on Most common TCP and UDP ports

Most common open TCP and UDP ports PortServicePortService 21FTP587Submission 22SSH1020Unknown 25SMTP1021Unknown 53Domain1022Unknown 80HTTP1023Unknown 111Sun RPC2049NFS 515Printer8080HTTP-proxy

SAINT Results Critical Problems –Exports /usr/home to everyone –Buffer Overflow in BIND –Vulnerable Sendmail Version Areas of Concern –DNS Spoofing Vulnerability. –Web servers allow cross-site tracing. For the purposes of the length, I will not discuss the problems in detail or the potential problems.

Conclusion The vulnerabilities reported by SAINT did not directly relate to the data collected by nmap Provided a good insight to other problems related to our network servers Solution: –Remove or restrict the global export of /usr/home –Install the newest versions of BIND and Sendmail

Conclusion Port scanning shows the potential vulnerability access points Each open port has a specific piece of software running as a server for that port A vulnerability in the software provides a hole for intruders to access your system Port scanning is a powerful tool for determining the security of a system or network It should only be used on systems and networks in which you are the administrator, otherwise it is seen as a malicious attack.