Using BackTrack to Discover Cisco Vulnerabilities Brian Compton College of Technology – University of Houston Using BackTrack to Discover Cisco Vulnerabilities.

Slides:



Advertisements
Similar presentations
Sanitizing Data from Storage Devices with a Live CD Brian Compton College of Technology – University of Houston Sanitizing Data from Storage Devices with.
Advertisements

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE Intercontinental Group 1.
Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 3: Upgrading from a Previous Version of Windows.
SM3121 Software Technology Mark Green School of Creative Media.
Chapter 3 Applications Software: Getting the Work Done.
One World Real Estate Company Technology Plan. New Computers For the Office Eight 13 inch MacBook Pros and three 27 inch iMac desktop computers Macs are.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
OPERATING SYSTEMS AND SYSTEMS SOFTWARE. SYSTEMS SOFTWARE Systems software consists of the programs that control the operations of the computer and its.
Abstract: Acknowledgments I thank the instructor of this course, Prof. Crowley for his help with the project, post design and lab instruction. Conclusions.
 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 
Introduction to Computer Administration System Administration
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
 Norton Antivirus, developed and distributed by Symantec Corporation, provides malware prevention and removal during a subscription period. It uses signatures.
Networking, Hardware Issues, SQL Server and Terminal Services Session VII.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.
Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Characterizing the Existing Network Designing and Supporting Computer Networks.
Entré NetMonitor Proactive IT monitoring, Management and support Think DIFFERENT about IT.
WINDOWS XP PROFESSIONAL Bilal Munir Mughal Chapter-1 1.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.
systemhound © Raxco Software Belgium systemhound PC inventory software.
Information Systems Security Computer System Life Cycle Security.
 Computer security policy ◦ Defines the goals and elements of an organization's computer systems  Definition can be ◦ Highly formal ◦ Informal  Security.
IPv6 Network Assessor 111 © 2005 Cisco Systems, Inc. All rights reserved. Susan Shareshian Solutions Manager, Cisco Systems, Inc.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.
CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.
10/1/2015 Chapter 2 Installing Windows XP Professional.
Austrumi is a bootable live CD Linux Distribution. It is based on Slackware and it was created and maintained by group of programmers from Latgale region.
NumaStore Nuclear Cardiology P.E.T. Nuclear Medicine Image Management Solution Mini-PACS for Nuclear Medicine Archiving and Data Management.
Legitimate Vulnerability Markets By: Jeff Wheeler.
Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Microsoft Management Seminar Series SMS 2003 Change Management.
Windows 95/98 Installation and Configuration Presented by Hua Wei.
Reducing server sprawl and IT power/cooling costs Moving from reactive to proactive state Quickly troubleshooting PC and laptop issues Deploying new.
Introduction TO Network Administration
2: Operating Systems Networking for Home & Small Business.
Online Banking. Learning Objectives To learn how society has been affected by online banking.
By the end of this lesson you will be able to explain: 1. Identify the support categories for reported computer problems 2. Use Remote Assistance to connect.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Twesige Richard.  Advanced RISC Machines.  Set of instruction set architectures related to programing registers, CPU’s also I/O devices.  RISC acronym.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Overview of Preventive Maintenance IT Essentials 5.0.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
GFI LANguard Matt Norris Dave Hone Chris Gould. GFI LANguard: Description Through the performances of the three (3) cornerstones of vulnerability management:
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
1 © 2004 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Technical Support Seminar Using the Cisco Technical Support Website.
Introduction to System Administration. System Administration  System Administration  Duties of System Administrator  Types of Administrators/Users.
OPERATING SYSTEMS (OS) By the end of this lesson you will be able to explain: 1. What an OS is 2. The relationship between the OS & application programs.
Windows Vista Configuration MCTS : Installing and Upgrading.
Novell iFolder Novell Academy QuickTrain. What is iFolder? Novell iFolder lets users’ files follow them anywhere A simple and secure way to access, organize.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
 Refers to instructional information that directs the activities of computer hardware, or which helps the user control the computer.  Another name of.
LOOKING FOR TECHNICAL SUPPORT? SUPPORTNERDS IS ONE STOP SOLUTION SHOP FOR ALL TECHNICAL ISSUES GET RID OF ALL YOUR COMPUTING PROBLEMS! CALL TOLL FREE :
Chapter 6: Securing the Cloud
Wireless Network Security
Security Policies.
Steps to Scan and Resolve Threats Using Norton Bootable Recovery Tool.
Popular Operating Systems
Ways to Tackle Norton Antivirus Errors Arising in Windows 10.
USER AND TECHNICAL DOCUMENTATION
D-Link Router Customer Care Number. A D-link router is a basic necessity these days with so much technology around us in offices or homes. We can connect.
Best In Class Buffalo Router Customer Service
Modular Object Scanning Technology (MOST)
SOFTWARE TECHNOLOGIES
V1.1 1.
Presentation transcript:

Using BackTrack to Discover Cisco Vulnerabilities Brian Compton College of Technology – University of Houston Using BackTrack to Discover Cisco Vulnerabilities Brian Compton College of Technology – University of Houston Problem Statement Cisco is the de facto standard for networking equipment. Like any piece of technology that relies upon software, Cisco hardware is subject to vulnerabilities and must be patched. Problem Statement Cisco is the de facto standard for networking equipment. Like any piece of technology that relies upon software, Cisco hardware is subject to vulnerabilities and must be patched. Live CD: A Simple Cost Effective Solution Live CD’s are important tools in system security. Because a Live CD does not use resident data on a target computer to operate, a security professional can boot a computer without worrying about compromised hard drives. Security professionals are able to customize the tools contained within a Live CD. Because of this, powerful, customized toolboxes can be created for security staff. The ability to have any number of software tools contained on a single cd, with the power to boot any standard pc can be a vital ability when the need to troubleshoot possible security issues arises. Live CD’s are base on the Linux operating system. Because Linux is open source, Live CD distributions can be easily obtained at no cost other than the price of the CD media. BackTrack 3 is up to the task. Backtrack3 from remote-exploit.org is a feature packed bootable Linux distribution Intended for system security applications. Backtrack is popular within the Linux community, thereby ensuring wide support and future updates. This Live CD contains Over 300 security tools that emphasize network penetration testing and vulnerability discovery. Backtrack contains an impressive set of twelve Cisco specific tools. Live CD: A Simple Cost Effective Solution Live CD’s are important tools in system security. Because a Live CD does not use resident data on a target computer to operate, a security professional can boot a computer without worrying about compromised hard drives. Security professionals are able to customize the tools contained within a Live CD. Because of this, powerful, customized toolboxes can be created for security staff. The ability to have any number of software tools contained on a single cd, with the power to boot any standard pc can be a vital ability when the need to troubleshoot possible security issues arises. Live CD’s are base on the Linux operating system. Because Linux is open source, Live CD distributions can be easily obtained at no cost other than the price of the CD media. BackTrack 3 is up to the task. Backtrack3 from remote-exploit.org is a feature packed bootable Linux distribution Intended for system security applications. Backtrack is popular within the Linux community, thereby ensuring wide support and future updates. This Live CD contains Over 300 security tools that emphasize network penetration testing and vulnerability discovery. Backtrack contains an impressive set of twelve Cisco specific tools. Conclusion Vulnerabilities that exist in the basic fabric of a network must be addressed. While there are expensive tools that can be used to maintain Cisco equipment, these software applications may not be owned by smaller companies. The NIST SP risk management document stipulates that a best practice in the Technical Controls guidelines should include the ability to Prevent security incidents. The Cisco suite of tools included on the BackTrack Live CD can be used to address this technical control. By identifying and locating Cisco vulnerabilities, security professionals can Prevent incidents by addressing those vulnerabilities and mitigating a known risk. Conclusion Vulnerabilities that exist in the basic fabric of a network must be addressed. While there are expensive tools that can be used to maintain Cisco equipment, these software applications may not be owned by smaller companies. The NIST SP risk management document stipulates that a best practice in the Technical Controls guidelines should include the ability to Prevent security incidents. The Cisco suite of tools included on the BackTrack Live CD can be used to address this technical control. By identifying and locating Cisco vulnerabilities, security professionals can Prevent incidents by addressing those vulnerabilities and mitigating a known risk. References Cisco IOS multiple vulnerabilities. (2008). Secunia Cisco squashes big bad router bug. SearchSecurity Espiner, T. Cisco patches Wi-Fi vulnerabilities. CNET. Leyden, J. (2008). Cisco’s dirty dozen fight IOS flaws. The Register Ou, G. (2007). Think ‘Patch Tuesday’ is just for Microsoft? Think again! ZDNET Specter, D H M. Linux Auditing Live CDs. TechRepublic References Cisco IOS multiple vulnerabilities. (2008). Secunia Cisco squashes big bad router bug. SearchSecurity Espiner, T. Cisco patches Wi-Fi vulnerabilities. CNET. Leyden, J. (2008). Cisco’s dirty dozen fight IOS flaws. The Register Ou, G. (2007). Think ‘Patch Tuesday’ is just for Microsoft? Think again! ZDNET Specter, D H M. Linux Auditing Live CDs. TechRepublic Backtrack’s Tools Work The Cisco tools included on the Backtrack distribution are proven to be able to help identify and locate specific vulnerabilities. While these tools are not used to patch the Cisco equipment in question, they can be used to query and test specific devices to ascertain version levels and vulnerable settings. Backtrack’s Tools Work The Cisco tools included on the Backtrack distribution are proven to be able to help identify and locate specific vulnerabilities. While these tools are not used to patch the Cisco equipment in question, they can be used to query and test specific devices to ascertain version levels and vulnerable settings. Why is this an issue? Microsoft is the most famous tech company when it comes to patching their product. Cisco, despite their quality reputation, must patch their products as well. Unlike Microsoft, Cisco products are not as easy or automated in the patching process. Managing Cisco equipment can be costly and cumbersome. Just a few Cisco vulnerability headlines: Cisco’s dirty dozen fight IOS flaws. Cisco IOS multiple vulnerabilities Cisco squashes big bad router bug. Why is this an issue? Microsoft is the most famous tech company when it comes to patching their product. Cisco, despite their quality reputation, must patch their products as well. Unlike Microsoft, Cisco products are not as easy or automated in the patching process. Managing Cisco equipment can be costly and cumbersome. Just a few Cisco vulnerability headlines: Cisco’s dirty dozen fight IOS flaws. Cisco IOS multiple vulnerabilities Cisco squashes big bad router bug. RankListSite #110 Best Security Live CD Distroswww.darknet.org.uk #1Top 10 Security Live CDwww.lonerunners.net #1Top 5 Security Oriented Operating Systemswww.insecure.org #4Primary Function: Securitywww.livecdlist.com #40Page Hit Rankings, All CategoriesDistrowatch.com BackTrack desktop in action. Audit tool scans multiple devices for vulnerabilities.