Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Slides:



Advertisements
Similar presentations
Expose the Vulnerability Paul Hogan Ward Solutions.
Advertisements

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Penetration Testing-Wk5 Last Week nmap – scan hosts – footprint find open ports running services determine OS.
System Security Scanning and Discovery Chapter 14.
Server-Side vs. Client-Side Scripting Languages
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
The Apache Web Server  Started in April 1996 as an open source multiplatform web server (Windows, FreeBSD, UNIX, and Linux compatible).  Now the world’s.
XMAS installation instructions Windows Version: 1.0 4/22/2008.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
EValid Getting Started. Agenda Introduction to eValid First experience of using eValid Recording and Site Analysis in eValid.
Computer Security and Penetration Testing
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
PHP Scripting Language. Introduction “PHP” is an acronym for “PHP: Hypertext Preprocessor.” It is an interpreted, server-side scripting language. Originally.
1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.
1 Presentation ISS Security Scanner & Retina by Adnan Khairi
Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.
Networking in a Linux Environment Pete Eby Dan Thomas Robert Zurawski.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
WHAT IS PHP PHP is an HTML-embedded scripting language primarily used for dynamic Web applications.
SYST Web Technologies SYST Web Technologies Installing a Web Server (XAMPP)
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
WordPress Web. WordPress Blogging system with full content management Personal publishing system Built on PHP scripting language and MySQL relational.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Honeypot and Intrusion Detection System
Plenary meeting 2015 – Chania - Crete CASCADE Data Services Yusuf Yigini, Panos Panagos, Martha B. Dunbar Joint Research Centre - European Commission.
Customer Relationship Management. Content CRM SugarCRM System Requirement Installation Process Configuration.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1Computer Sciences Department Princess Nourah bint Abdulrahman University.
Vulnerability Scan Assessment CS/IT 463 Bryan Dean Jonathan Ammons.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
SCSC 555 Frank Li.  Introduction to Enumeration  Enumerate Microsoft OS  Enumerate *NIX OS  Enumerate NetWare OS (skip) 2.
AppSec USA 2014 Denver, Colorado CMS Hacking 101 Hacking and Securing Popular Open Source Content Management Systems.
Trinity Uses Nmap, shouldn’t you?. From “The Art of War” "... knowing your enemy 100% of the time, you will win your battle 100% of the time, knowing.
Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Web Security Group 5 Adam Swett Brian Marco. Why Web Security? Web sites and web applications constantly growing Complex business applications are now.
Retina Network Security Scanner
CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation.
Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.
Web Page Designing With Dreamweaver MX\Session 1\1 of 9 Session 1 Introduction to PHP Hypertext Preprocessor - PHP.
Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.
XAMPP.
By Matt Jennings & David Spano.  History of Nmap  What is Nmap  How Nmap works  The goal of Nmap  What is Zenmap  Advantages of Zenmap  How to.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
PHP stands for …….. “PHP Hypertext Pre-processor” and is a server-side scripting language like ASP. PHP scripts are executed on the server PHP supports.
© 2013 IBM Corporation 1 How do you get license keys for IBM Security products? The License Key Center (LKC) is an online application that provides an.
Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.
Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
CITA 352 Chapter 5 Port Scanning.
Penetration Test Debrief
Chris D Hicks Director of IT MCSE, MCP + Internet Security
Metasploit a one-stop hack shop
Vulnerability Scanning With 'lynis'
PHP / MySQL Introduction
Everything You Need To Know About Penetration Testing.
Intro to Ethical Hacking
Interoperabilnost LINUX-Windows
Metasploit assignment – Arkadiy Kantor – Mis-5212
Web Application Development Using PHP
Presentation transcript:

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology Solutions

Assessing Vulnerabilities Footprinting Enumeration Vulnerability Scanning Exploitation Reporting

Enumeration Host and Service Enumeration ▫Port Scanning (nmap, scanline) ▫SNMP Scanning (Solarwinds, onesixtyone, snmpenum.pl) ▫NetBIOS Scanning (browsat, net view, nbtscan)

Network Mapper (nmap) Latest stable version is More than a port scanner ▫Service and OS Identification ▫Traceroute ▫Nmap Scripting Engine  177 scripts for vulnerability discovery, windows enumeration, fuzzing, & more.  Write your own! Additional tools: Zenmap GUI, Ndiff, Ncat, & Nping.

Nmap Reporting Nmap generates three file types (nmap, gnmap, xml) ▫results.nmap: log file that is the same as the screen output (with verbose turned off) ▫results.gnmap: output for each host found is placed on one line so grep can be used for simple shell script parsing. ▫results.xml: used for advanced report generation and loading into a database.

Scanline Simple, free, standalone Windows port scanning executable. ▫Requires no installation ▫Perfect for upload to a compromised machine to scan internally. ▫Conducts banner grabbing for port identification. ▫Runs slow, output is horrible, shows only if a port is open, and no advanced features. Formally created by Foundstone Tools now owned by McAfee.

Solarwinds SNMP Sweep Part of the commercial Engineer’s Toolset (starting at $1390). ▫You will have to ask your company Networking group very nicely if you can use one of the licenses. ▫Very easy to use GUI tools for SNMP scanning and analysis. ▫MS Excel compatible reporting features.

Open Source SNMP Scanning Nmap ▫Look for open UDP port 161 onesixtyone ▫Community string dictionary attack snmpenum.pl ▫Obtain detailed host information for Windows, Linux, and Cisco

Nessus Formally open source vulnerability scanner. The product went closed source with version 3.0 but was still free for commercial use. Now with version 4.0 you have to obtain a license to use the product for commercial purposes. The current version, Nessus 4.4, is still free for educational purposes and home use.

Nikto Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.Nikto Latest version is ( ) Video for integrating Nikto with Nessus ▫

w3af: Web Application Attack and Audit Framework The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Open Source alternative to commercial tools HP Web Inspect, IBM Appscan, Acunetix, and Burp Suite.

Reporting Most scanners include their own report generation. However, even for expensive commercial tools, the reports generated include a mountain of information. No IT staff will read a page report on the application or database vulnerabilities. Most scanners allow you to export the report information in XML format. You can then parse the information, load it into a database, and generate your own reports.

Parsing XML with Perl or PHP XML can be parsed with your favorite scripting or programming language (Perl, PHP, Python, Ruby, Java, etc). ▫I’m sure you can do this with windows scripting languages but I know NOTHING about this. Examples will be given in Perl and PHP.

Parsing XML with Perl or PHP Linux, Apache, MySQL and PHP, Perl, or Python (LAMP) creates an environment for custom report generation. Many virtual images/appliances exist allowing an easy way to get the environment you need to process XML output. ▫Turnkey LAMP Appliance 

Turnkey LAMP Appliance Download the Vmware Appliance from the Turnkey website. Open the appliance in the free VMWare Player or Virtualbox. When the image boots it will ask to set the system root password and the MySQL root password. The image will then assist you in configuring network access.

Helpful Links! Using Nmap Using Nessus Using Metasploit payload-executable Top 100 Network Security Tools payload-executable Misc

Contact James A. Edge Jr. Web:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.