Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.

Published byErick Robertson Modified over 6 years ago

Similar presentations

Presentation on theme: "A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd."— Presentation transcript:

1 A Comprehensive Security Assessment of the Westminster College Unix Lab
Jacob Shodd

2 Overview Goal: To discover security vulnerabilities in order to ensure user privacy and data integrity Testing Environment Project structure Tools used Vulnerabilities found

3 Testing Environment Utilized the Kali Linux operating system running within virtualbox The test machine is located within the network, not attacking from outside

4 Enumeration Enumeration is the act of acquiring information about a network and it’s clients. Information to gather: Open ports Running services Operating system versions Unencrypted Packets Sample of tools: Nmap Wireshark Metasploit Sparta

5 Evaluation Using the information gathered from Enumeration to search for possible exploits Basic vulnerabilities: Default settings Default passwords Well known security flaws Metasploit Large database of confirmed security flaws Integration of multiple tools To be used for common flaws Manual evaluation For vulnerabilities specific to the Unix Lab

6 Exploitation Confirming and measuring severity of vulnerabilities
Record what level of access was given by the vulnerability Information about exploit will help repair the issue Sample of tools to use: Metasploit Custom Python Hydra Ettercap

7 Vulnerabilities Found
No authentication needed to mount network drives No defense against arp poisoning Misconfiguration for LDAP sending all information in plain text All NFS traffic could be viewed in plain text using Wireshark All keystrokes made during a VNC session are transmitted in plain text Using Scapy library, a Python script was made to search packets.

8 ARP Poisoning Man in the Middle attack
Allows the attacker to capture packets going to and coming from the target Main tool used: Ettercap This attack made several others possible

9 ARP Poisoning

10 ARP Poisoning

11 NFS Network drives can be mounted by an attacker’s machine simply by changing it’s IP address After performing an ARP poisoning attack, file contents can be seen in network traffic. Both Vulnerabilities can be solved using Kerberos to provide authentication and encryption

12 LDAP All LDAP authentication was communicated over plain text
Ettercap has a built in functionality to handle this vulnerability This was solved by configuring LDAP to utilize encryption for authentication

13 VNC Utilizing ARP Spoofing, all keystrokes are communicated over plain text After observing the pattern for network traffic, the process could be automated To avoid this vulnerability, the user can tunnel through SSH

14

15 Other Attempts Password attacks with Hydra PostgreSQL with Metasploit
Utilized an extensive password list for a multithreaded dictionary attack PostgreSQL with Metasploit Searched for misconfigurations and default passwords

16 Questions?

Download ppt "A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd."

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Man in the Middle Attack

Man in the Middle Attack
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Database Encryption. Encryption: overview Encrypting Data-in-transit As it is transmitted between client-server Encrypting Data-at-rest Storing data in.

Database Encryption. Encryption: overview Encrypting Data-in-transit As it is transmitted between client-server Encrypting Data-at-rest Storing data in.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
What we are going to talk about? New Version of Canape Released at Ruxcon What is the VMware ESXi management protocol? In Canape: – MitM – Traffic Parsing.

What we are going to talk about? New Version of Canape Released at Ruxcon What is the VMware ESXi management protocol? In Canape: – MitM – Traffic Parsing.
Mobile and Wireless Communication Security By Jason Gratto.

Mobile and Wireless Communication Security By Jason Gratto.

Similar presentations

Ads by Google