ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute.

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Nassau Community College
System Security Scanning and Discovery Chapter 14.
Firewalls and Intrusion Detection Systems
The Internet Useful Definitions and Concepts About the Internet.
The Internet Ed Lazowska Bill & Melinda Gates Chair in Computer Science & Engineering University of Washington August 2010.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Telnet/SSH: Connecting to Hosts Internet Technology1.
FIREWALL Mạng máy tính nâng cao-V1.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.
Shadow Security Scanner Li,Guorui. Introduction Remote computer vulnerabilities scanner Runs on Windows Operating Systems SSS also scans servers built.
Honeypot and Intrusion Detection System
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Internet and Intranet Fundamentals Class 9 Session A.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Single Host Firewall Simplest type of firewall—one host acts as a gateway.
Linux Networking and Security
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
CHAPTER 9 Sniffing.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Network Programming All networked computers have an IP Address – Unique – In the form of xxx.xxx.xxx.xxx ( ) – 32 bits = ~4 billion possibilities.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.
 History (WWW & Internet)  Search tools  Search Engines vs. Subject Directory  Meta search Engines  Steps for Searching  Effective Strategies.
CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Networking in Linux: a brief overview. TCP/IP  TCP/IP concepts we have seen are applicable to Linux (a version of UNIX, where TCP/IP started)  Some.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
ITI-510 Computer Networks ITI 510 – Computer Networks Meeting 6 Rutgers University Center for Applied Computer Technologies Instructor: Chris Uriarte.
Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.
Cisco Discovery Semester 1 Chapter 6 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
17 Establishing Dial-up Connection to the Internet Using Windows 9x 1.Install and configure the modem 2.Configure Dial-Up Adapter 3.Configure Dial-Up Networking.
FileZilla Introduction to Web Programming Kirkwood Community College Fred McClurg © Copyright 2015, Fred McClurg, All Rights Reserved.
CSE 451: Operating Systems Spring 2012 Module in 9 slides Ed Lazowska Allen Center 570.
Application of the Internet 1998/12/09 KEIO University, JAPAN Mikiyo
TCP/IP Protocol Suite ©Richard L. Goldman September 25, 2002.
“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &
Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Some Network Commands n Some useful network commands –ping –finger –nslookup –tracert –ipconfig.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Enumeration.
Introduction to Operating Systems
Instructor Materials Chapter 5 Providing Network Services
Chapter 9 Router Configuration (Ospf, Rip) Webmin, usermin Team viewer
File Transfer Protocol
Intro to Ethical Hacking
Chapter 27: System Security
IS 4506 Server Configuration (HTTP Server)
CSE 451: Operating Systems Autumn 2009 Module in 9 slides
CSE 451: Operating Systems Autumn 2010 Module in 9 slides
Computer Networks Protocols
STATEL an easy way to transfer data
Presentation transcript:

ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute

Objectives l Identify existing security exposures l Identify potential security exposures l Validate meta system configuration l Build on existing work Internal - Simon, ServiceTrak External - NMAP/NLOG

Computing Environment l Computer Center Machines Unix - Centrally administered WinTel - Mixed administration l Departmental Machines Unix Administered by CC Staff Unix Administered by non CC Staff WinTel - Mixed Administration

NLOG/NMAP l NMAP port scans networks Matches TCP/IP Fingerprint for OS Identifies open ports (services) l NLOG Provides some data management Provides a web interface

ServiceTrak l Tracks Services and Servers Web interface to Simon host info

Host Groups lpr_ok pop_ok Public Workstations lpr_Specials pop_Specials Private Workstations Public_AIX Public_Irix Public_Solaris Private_AIX Private_Irix Private_Solaris AIX_Workstations Irix_Workstations Solaris_Workstations All_Workstations

Service “Safety” l My Standards History of attack/exposure - SMTP Encourage Exposure - Telnet Not required for user workstation Specific servers only (ftp, dns, etc) l Set for the needs of my department Your Mileage May Vary

Similar Hosts l Do all hosts offer the SAME services l Do the services make sense for that group? l Is the OS fingerprint correct for each host?

Remote Access Hosts

Ssh (22/tcp) Remote Access NMAP l Safety Level: Safe l Secure Shell l TSV File

Safety Level Breakdown l Special Group of ALL HOSTS Which ones are running unsafe protocols? Do we care?

Protocol Specific Lists l Service specialists interested in their particular service. Hostmaster interested in DNS servers Webmaster interested in WWW servers l Operating system specialists interested in their own OS.

Problems l NLOG can crash some services l Trips scan detectors Irate from other sys admins l False reports from detection tools Back Officer Friendly l Policy Issues

Our Results l Identified some exposures OS upgrade turned some things on l Identified site configuration errors “Trusted” unix host running NT l Integration of NLOG info with existing tools helpful.

Lessons Learned l Host grouping is VERY useful NLOG may be a good approach l OS (via TCP Fingerprint) very handy l Policy Issues Let someone else run it and take the heat…..

ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.