1 Nessus - NASL Marmagna Desai [592- Project]. 2 Agenda Introduction –Nessus –Nessus Attack Scripting Language [ N A S L] Features –Nessus –NASL Testing.

Slides:



Advertisements
Similar presentations
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Advertisements

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
AVG Internet Security 7.5 Product presentation.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
System Security Scanning and Discovery Chapter 14.
Vulnerability Assessments with Nessus 3 Columbia Area LUG January
Vulnerability Analysis Borrowed from the CLICS group.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University
Nessus – A Vulnerability Scanning Tool SUNY Technology Conference June 2003.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Firewall Vulnerabilities Presented by Vincent J. Ohm.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing
1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.
Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Installing Samba Vicki Insixiengmay Jonathan Krieger.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Ana Chanaba Robert Huylo
1 GFI LANguard N.S.S VS NeWT Security Scanner Presented by:Li,Guorui.
Penetration Testing Security Analysis and Advanced Tools: Snort.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
© 2010 VMware Inc. All rights reserved Patch Management Module 13.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Honeypot and Intrusion Detection System
MIS Week 6 Site:
1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Computer Emergency Notification System (CENS)
© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
MIS Week 6 Site:
Introduction A security scanner is a software which will audit remotely a given network and determine whether bad guys may break into it,or misuse it.
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
Retina Network Security Scanner
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
Hands-On Ethical Hacking and Network Defense
Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
1 Example security systems n Kerberos n Secure shell.
/Reimage-Repair-Tool/ /u/6/b/ /channel/UCo47kkB-idAA-IMJSp0p7tQ /alexwaston14/reimage-system-repair/
Jen Beveridge and Joe Kolenda. Developed by Gordon Lyon Features –Host discovery –Port scanning –Version detecting –OS detection –Scriptable interaction.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Jen Beveridge and Joe Kolenda
Penetration Testing Scanning
CITA 352 Chapter 5 Port Scanning.
The Linux Operating System
Penetration Test Debrief
Common Operating System Exploits
Intro to Ethical Hacking
Intro to Ethical Hacking
Crisis and Aftermath Morris worm.
Presentation transcript:

1 Nessus - NASL Marmagna Desai [592- Project]

2 Agenda Introduction –Nessus –Nessus Attack Scripting Language [ N A S L] Features –Nessus –NASL Testing Environment Test Result Conclusion

3 Introduction - Nessus Nessus: –Remote Vulnerability Scanner –Remote Data Gathering, Host Identification, Port Scanning are the main purposes of using this tool. –Client/Server Setup. Server – UNIX Based Client – Windows and UNIX Based. –Open Source, Highly flexible, Harmless.

4 Introduction - NASL NASL –Scripting Language used by Nessus to form Attacks to detect vulnerability. –Garantees Will not send packets to any other hosts than target Will execute commands on only local systems. –Optimized built-in fuctions to perform Network related tasks. [e.g. Socket operations, open connection if port is open, forge IP/TCP/ICMP etc. Packets ] –Rich Knowledge Base [KB], which provides ability to use results of other scripts to use in custom script.

5 Features - Nessus Plug-in Architecture –Security Tests are as external Plugins, easy to add / modify tests without reading source code of Nessus. Security Vulnerability Database –Database is updated Daily Bases, keeps record of latest security holes. Client-Server Architecture –Server: Performs Attacks –Client: Front-end –Both can be located at different machines

6 Features - Nessus Can Test unlimited amount of hosts in each scan. –Depending on the power of Server, scan can be performed on any range of hosts. Smart Service Recognition. –Doesn't believe on fixed port for particular service. –Checks all ports for specific vulnerability. Non-Destructive. –The option is given to choose all non-destructive scripts to run for scanning, Nessus will rely only on banner information.

7 NASL Example # This script was written by Noam Rathaus # if(description) { script_id(10326); script_version ("$Revision: 1.12 $"); script_cve_id("CAN "); name["english"] = "Yahoo Messenger Denial of Service attack"; script_name(english:name["english"]); desc["english"] = " It is possible to cause Yahoo Messenger to crash by sending a few bytes of garbage into its listening port TCP Solution: Block those ports from outside communication Risk factor : Low"; script_copyright(english:"This script is Copyright (C) 1999 SecuriTeam"); family["english"] = "Denial of Service"; script_family(english:family["english"]; exit(0); }

8 NASL - Example # # The script code starts here # if (get_port_state(5010)) { sock5010 = open_sock_tcp(5010); if (sock5010) { send(socket:sock5010, data:crap(2048)); close(sock5010); sock5010_sec = open_sock_tcp(5010); if ( !sock5010_sec ) { security_hole(5010); } else close(sock5010_sec); }

9 NASL Experiment Remote Host: socr.uwindsor.ca if(description){ script_name(english:”Marmagna's Trivial Scanner”); script_description(english:”This script is part of Project”); script_summary(english:”Port Range is ”); script_family(english:”windows”); script_copyright(english:”Marmagna[ ]”); exit(0); }

10 NASL - Experiment #Actual Script Starts Here# for(i=1;i<-1024;i++){ soc = open_sock_tcp(i); if(soc){ data = receive(socket:soc, length:200); display(data+”\n”); display(i+”\n”); security_warning(data:”port is open”); }

11 Output Gathered -t socr.uwindsor.ca marmagna.nasl **WARNING : Packet forgery will not work **As NASL is not running as Root 7 port is open 21port is open : 220 ProFTPD Server(SOCR) [socr.uwindsor.ca] 22port is open: SSH-1.99-OpenSSH_3.7.1p2 23port is open: #.. 25 port is open: 250 socr.uwindsor.ca ESMTP Sendmail / ; Thu, 19 Feb :03: port is open:...W 110 port is open: +OK Qpopper (version 4.0.4) at socr.uwinsor.ca starting.

12 Output Continued port is open: 143 port is open: OK [CAPABILITY IMAP4RAV1 LOGIN-REFERRALS STARTTLS AUTH = LOGIN] localhost 443 port is open: 993 port is open: 995 port is open: SOCR IS VULNERABLE....!!!!!!

13 Testing Environment Download: –Best and Easy way: Make sure Lynx is instsalled and Execute: –Lynx -source | shhttp://install.nessus.org It will download and install NESSUS-CLIENT, SERVER and NASL libraries. –Easy way: Download script: –Nessus-installer.sh from: – installer/ installer/ Execute : sh nessus-installer.sh

14 Testing Environment Immediate Step: [Server Side] Creating a User: –Execute : “nessus-adduser” –Create Username, Authentication [password/Cert] and Rules for User. Execute “nessusd” as Daemon on UNIX machine. The server is ready. NOTE: For nessusd options please view “man nessusd”

15 Testing Environment Nessus Server &Client – :1241 Authentication used: –Password –“nessus-mkcert” will generate X.509 Cert. Remote Host Scanned: –

16 Testing Environment Plugin –Scan is enabled for all possible plugins. –“upload-plugin” gives you to add plugin from local database. –Dependancies can be set enabled while scanning.

17 Testing Environment Scanning Options –Port Range –Consider Unscanned ports as closed. [firewall] –Which Port Scanner to use. [nmap etc.] –How many hosts and plugings be scanned at a time.

18 Testing Environment Target Section – – – /24 –//arunita2 A single IP,A range of IP,CIDR,Hostname

19 Test Result [ ] Security Holes: –2 security holes have been found Warnings: –16 security warnings have been found Notes –22 security notes have been found The holes, warnings and notes are defined by plugin writer:

20 Descriptive Report Vulnerability found on port http (80/tcp) The remote WebDAV server may be vulnerable to a buffer overflow when it receives a too long request. An attacker may use this flaw to execute arbitrary code within the Local System security context. *** As safe checks are enabled, Nessus did not actually test for this *** flaw, so this might be a false positive Solution : See Risk Factor : High CVE : CAN BID : 7116 Other references : IAVA:2003-A-0005 Nessus ID :

21 Result Graphical Report –This Pie-chart classifies security risks in LOW, MEDIUM and HIGH. –Classifications are defined by script- writers.

22 Result Graphical Report... –Here number of security holes are plotted wrt dangerous services. –In my test, only 1 hole is found per service.

23 Result Graphical Report... –Major Services are plotted against number of holes found. –The ports on which gathered data is not showing any information, are marked as “Unknown”

24 Conclusion Nessus's Report Generation is the most interesting feature. Vulnerabilities are classified on the bases of risk-factor, NOT os or protocol. - better for SysAdmin. One of the most flexible, opensource and powerful vulnerability scanner. “Nessus Network Security Scanner offers a free and extremely thorough way to scan your network for vulnerabilities. This cross-platform utility offers an overwhelming number of configuration and scanning options.” - PC Magazine

25 Reference ,00.asp

26 Thank You Questions!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.