Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc.

Slides:

Advertisements

Similar presentations

HEPIX May 2004 Edinburgh Linux/Unix highlights.

Advertisements

Description Competency standards Duration Learning Learning methods Show visual Learning Managemen System on Moodle Offline Show visual Learning Managemen.

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Monitoring Your Network Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop discussion.

Office of the Vice President Copyright Notice Copyright Greg Hedrick, Matthew Wirges This work is the intellectual property of the author. Permission.

System Security Scanning and Discovery Chapter 14.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

Vulnerability Analysis Borrowed from the CLICS group.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.

Computer Security and Penetration Testing

Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

| University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Statenet Security on the cheap and easy Beth.

Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.

1 Firewalls Types of Firewalls  Screening router firewalls  Computer-based firewalls  Firewall appliances  Host firewalls (firewalls on clients and.

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) BY: SAMHITA KAW IS 373.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

DTS Web Hosting, Rates And Services Web Hosting Internet Services Unit May 2006.

Introduction to Networking Concepts. Introducing TCP/IP Addressing Network address – common portion of the IP address shared by all hosts on a subnet/network.

Project 2. Introduction Network Vulnerability Assessment “A review of a system of systems to identify weaknesses or errors in design, implementation,

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent.

GROUP POLICIES AND SECURITY USING WINDOWS SERVER 2008 Raymond Ross EKU, Dept. of Technology, CEN.

SATAN Presented By Rick Rossano 4/10/00. OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future.

The Microsoft Baseline Security Analyzer A practical look….

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

NETWORK FILE ACCESS SECURITY Daniel Mattingly EKU, Dept. of Technology, CEN/CET.

Module 4: Planning, Optimizing, and Troubleshooting DHCP

2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d.

--Harish Reddy Vemula Distributed Denial of Service.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

RINGS (ResNet Integrated Next Generation Solution) Educause Security Professionals Conference 2006.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.

Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

NETWORK OPERATING SYSTEM INTEROPERABILITY Jason Looney EKU, Department of Technology, CEN.

Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.

Firewall Security.

Server Performance, Scaling, Reliability and Configuration Norman White.

INFORMATION SECURITY UNIX & DB2. Introduction THE OBJECTIVE IS TO DESIGN SECURITY MEASURES FOR A MILITARY SYSTEM SYSTEM RUNNING A DB2 SERVER ON UNIX FOCUS.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Microsoft Management Seminar Series SMS 2003 Change Management.

Retina Network Security Scanner

IS493 INFORMATION SECURITY TUTORIAL # 1 (S ) ASHRAF YOUSSEF.

Hands-On Ethical Hacking and Network Defense

TOOLS FOR PROXYING. Tools for Proxying Many available applications provide proxy capabilities. The major commercial vendors have embraced hybrid technologies.

Firewalls Fighting Spyware, Viruses, and Malware Ch 5.

Role Of Network IDS in Network Perimeter Defense.

Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

The Challenges of Teaching an Interdisciplinary IA Course Rose Shumba Indiana University of Pennsylvania EPASEC 2006.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Call to Fix QuickBooks Error

Nessus Vulnerability Scanning

Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.

Presentation transcript:

Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc.

June 16, Outline The Problem The First Solution The Second Solution Other Uses for SAINT What’s Next Conclusions

June 16, The Problem Large network  7 Class B subnets, over 20 Class C subnets No central management Some resistance to “outsiders” How do we do a vulnerability assessment?

June 16, The First Solution The Scanning Tool The Scanning Method Results Problems Lessons Learned

June 16, The First Solution Conducted a comparison of several network based vulnerability assessment tools  Internet Security Scanner  Kane Security Analyst  SATAN  Nessus, and a few others The Scanning Tool

June 16, The First Solution Chose SATAN, with COAST extensions  free  fairly easy to use  sufficient for providing a first look at overall network vulnerability The Scanning Tool

June 16, The First Solution The Scanning Method

June 16, The First Solution Results Lasted three weeks Approximately 20,000 potential hosts interrogated Found about 5,000 hosts with services Inexpensive (almost automatic)

June 16, The First Solution Took almost a month to process the results into a useable format Missed many hosts (DHCP, hosts not in DNS, especially Linux boxes) Organizational problems (results not getting to the right people) Scapegoats for a host of network problems Problems

June 16, The First Solution DNS method is not finding all the hosts SATAN is not current Report generation takes too long We need the following:  a new scanning tool  a new scanning method  a new reporting method Lessons Learned

June 16, The Second Solution The Scanning Tool The Scanning Method Results Problems Lessons Learned

June 16, The Second Solution  An updated version of SATAN  Added many new tests  Added a new attack level  Changed how vulnerable services are categorized  Works in firewalled environments  Identifies Windows boxes  Developed extensive tutorials for each vulnerable service  Developed an in-house tool to help with reports The Scanning Tool

June 16, The Second Solution  The three “r” services (rlogin, rshell, rexec)  Vulnerable CGIs  IMAP vulnerabilities  SMB open shares  Back Orifice and NetBus  ToolTalk  Vulnerable DNS servers  rpc.statd service  UDP echo and/or chargen  IRC chat relays The Scanning Tool

June 16, The Second Solution The Scanning Method

June 16, The Second Solution Results Lasted two months Almost 500,000 potential hosts interrogated Found many more hosts  approximately 7,000 boxes with services  approximately 4,000 boxes with no services  almost 8,000 Windows boxes More costly (labor intensive)

June 16, The Second Solution Scanning takes longer Difficult to compare results with previous scan Organizational problems (results still not getting to the right people) Caused some problems with NT boxes Still a scapegoat for network problems Problems

June 16, The Second Solution New method finds more hosts but takes longer SAINT needs to be continually updated Scanning can help improve the tool Still need to work on reporting results Lessons Learned

June 16, Other Uses for SAINT SAINT gathers a lot of information that is not reported  used to produce a list of UNIX hosts by OS type  used to identify web servers  used to identify routers Quick scans of a host or subnet

June 16, Other Uses for SAINT Investigating Incidents

June 16, What’s Next Continue using SAINT for large scans Supplement SAINT with more robust tools Scans have led to development of an IRT  defining policy  defining standard security configurations  helping users secure hosts  developing centralized site for security information

June 16, Conclusions SAINT is a useful tool for scanning large networks Results give a good first look at how vulnerable you are SAINT must be continually updated  better OS typing  better reporting  method to compare scan results

June 16, Contact Information World Wide Digital Security, Inc Roger Bacon Drive, Suite 400 Reston, VA USA PHONE: FAX: