Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Slides:



Advertisements
Similar presentations
Module II Footprinting
Advertisements

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya.
This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L1 1 Implementing Secure Converged Wide Area Networks (ISCW)
System Security Scanning and Discovery Chapter 14.
Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Week 3-1 Week 3 Scanning Determine if system is alive Determine which services are running or listening Determine the OS.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
Computer Security and Penetration Testing
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Ana Chanaba Robert Huylo
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.
CNIT 124: Advanced Ethical Hacking. CASING THE ESTABLISHMENT CASE STUDY.
CHAPTER Protocols and IEEE Standards. Chapter Objectives Discuss different protocols pertaining to communications and networking.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
CS391 Computer & Network Security
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
CIS 450 – Network Security Chapter 3 – Information Gathering.
COEN 350 Security Threats. Network Based Exploits Phases of an Attack  Reconnaissance  Scanning  Gaining Access  Expanding Access  Covering Tracks.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
DIYTP Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Chapter 3 Enumeration Last modified Definition Scanning identifies live hosts and running services Enumeration probes the identified services.
1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
ROAD TO EXPLOITATION Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Week 4-1 Week 4: Enumeration What is Enumeration? –Now that you have a live target the next step is find what services are running and what version.
Enumeration After scanning for live systems and services, hackers will probe the services more carefully looking for weaknesses This involves active connections!
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Retina Network Security Scanner
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
TCOM Information Assurance Management Casing the Establishment.
Footprinting and Scanning
Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
Footprinting. Traditional Hacking The traditional way to hack into a system the steps include: Footprint: Get a big picture of what the network is Scan.
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
Enumeration March 2, 2010 MIS 4600 – MBA © Abdou Illia.
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
WHAT IS FOOTPRINTING?. FOOTPRINTING  Active  Passive - Passive footprinting is a method in which the attacker never makes any contact with the target.
Port Scanning James Tate II
Enumeration.
Footprinting and Scanning
CITA 352 Chapter 5 Port Scanning.
Calvin Wilson Craig Delzangle
Foot Printing / Scanning Tools Lect 4 – NETW 4006
Footprinting (definition 1)
Footprinting and Scanning
The Siphon Project An Implementation of Stealth Target Acquisition & Information Gathering Methodologies Introduction: Introduce self, Chris introduce.
FootPrinting CS391.
Learning objectives By the end of this unit you should: Explain
EVAPI - Enumeration Auburn Hacking club
Presentation transcript:

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie Mellon University ® CERT, CERT Coordination Center and Carnegie Mellon are registered in the U.S. Patent and Trademark Office Information Security for Technical Staff Module 7: Prelude to a Hack

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 2 Instructional Objectives Define Footprinting and discuss the basic steps to information gathering Define Scanning and the various tools for each type of scan Ping Sweeps Port Scans OS Detection Define enumeration and the types of information enumerated Windows enumeration Unix enumeration Network enumeration

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 3 Overview Footprinting Scanning Enumeration

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 4 Footprinting Defined The fine art of systematically gathering target information that will allow an attacker to create a complete profile of an organization’s security posture.

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 5 Footprinting -1 Step 1:Determine Scope of Activities Step 2: Network Enumeration Step 3: DNS Interrogation Step 4: Network Reconnaissance

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 6 Footprinting -2 Step 1: Determine Scope of Activities Open Source Search Organization Websites Dumpster Diving News Articles/Press Releases Administrator Mailing Lists Social Engineering Demo – Web weaving

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 7 Footprinting -3 Step 2: Network Enumeration Identify domain names and network addresses InterNIC, ARIN, allwhois.com Queries Registrar Organizational Domain Network POC Demo – Sam Spade

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 8 Footprinting -4 Step 3: DNS Interrogation Misconfigured DNS Zone Transfers nslookup, axfr

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 9 Footprinting -5 Step 4: Network Reconnaissance Discover Network Topology Traceroute VisualRoute Demo – Traces

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 10 Scanning Defined The use of a variety of tools and techniques to determine what systems are alive and reachable from the Internet.

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 11 Scanning Ping Sweeps Port Scans OS Detection

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 12 Ping Sweeps ICMP Sweep Tools fping, Pinger, PingSweep, WS_Ping ProPack, NetScan Tools, icmpenum TCP Sweep Tools nmap, hping Demo – Pinging

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 13 Port Scans Identify both the TCP and UDP services running Identify the type of operating system Identify specific applications or versions of a particular service Port Scan Types TCP connect scanTCP ACK scan TCP SYN scanTCP Windows scan TCP FIN scanTCP RPC scan TCP Null scanUDP scan TCP Xmas Tree scan Demo – NMAP/Languard

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 14 Scanning Tools TCP Port Scanners UDP Port Scanners FTP Bounce Scanning Windows- Based Port Scanners

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 15 Enumeration Defined A process of extracting valid account or exported resource names from systems using active connections and directed queries

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 16 Enumeration Operating System Specific Techniques Types of information enumerated Network resources and shares Users and groups Applications and banners Demo – NMAP

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 17 Windows Enumeration Techniques Resources and Shares CIFS/SMB and NetBIOS Null Sessions Users and Groups SNMP Security Identifier (SID) & Relative Identifier (RID) Active Directory Applications and Banners

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 18 UNIX Enumeration Techniques Network Resources and Share Enumeration Users and Group Enumeration Applications and Banner Enumeration SNMP Enumeration

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 19 Network Enumeration Techniques Routing Protocol Enumeration Border Gateway Protocol (BGP) Routing Information Protocol (RIP) Open Shortest Path First (OSPF)

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 20 Review Questions 1.Define footprinting. 2.List the 4 steps for completing a footprint analysis. 3.Define scanning. 4.What are three objectives of port scanning? 5.Define enumeration. 6.What types of information can be enumerated?

© 2002 Carnegie Mellon University Module 7: Prelude to a Hack - slide 21 Summary Footprinting Scanning Enumeration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.