DIYTP 2009
Assessing a System - Basics Why? Vulnerabilities What to look at: The six ‘P’s Patch Ports Protect Policies Probe Physical
Assessing a System - Basics Patches First rule of computer security Patches are released for all types of software, all the time MUST BE UP-TO-DATE!! Organization should have a patch management policy/system
Assessing a System - Basics Ports Should be managed by ‘least privilege’ principle Ports which are not needed, should be shut down ….as well as their associated services Protect Protective software/devices should be used Firewall IDS Anti-virus
Assessing a System - Basics Policies Should be reviewed periodically as organizational needs and software/hardware changes Types: Acceptable use (i.e. , Internet use) Disaster recovery Password
Assessing a System – Basics Probe Take a look and see what the network looks like Should use multiple analysis tools to assess your network Look for security flaws Should be scheduled regularly
Assessing a System - Basics Physical Policy or procedures should address how systems are secured Do they need to be locked up? Backup media Is it stored in a secure location? (i.e. fireproof safe) Routers/switches/hubs Who has access? How should it be secured?
Assessing a System – Initial Reconnaissance Tools Nslookup IP addresses Records for domain Whois Owner of a domain, IP address ARIN IP address allocation
Assessing a System – Initial Reconnaissance Netcraft What the target is running VisualRoute Visual traceroute to target Sam Spade Multiple tools in one package
Assessing a System – Social Engineering Social Engineering People are security’s weakest link Many attack vectors Impersonation Dumpster diving Shoulder surfing
Assessing a System - Scanning Common Tools: Nmap and Nessus Finds hosts Operating system Firewalls Vulnerabilities Ping IP Connectivity Traceroute Maps out route to target