Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Analysis Borrowed from the CLICS group.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Vulnerability Analysis Borrowed from the CLICS group."— Presentation transcript:

1 Vulnerability Analysis Borrowed from the CLICS group.

2 Vulnerability Assessment Attack Overview –Gathering Information / Fingerprinting –Vulnerability Assessment –Attempt Exploit Defender –Fix Vulnerabilities To prevent exploits

3 Vulnerability Assessment Tools Collected Set of Tools for Determining Possible Security Holes Components –Port scanning –Additional checks on ports for: Software packages actually running Versions of those packages Possible vulnerabilities on these combinations –Vulnerability database to support above –Possibly other components Check for weak passwords Check for general patch levels Etc.

4 Example Going beyond port scanning –Port scanning may find port 21 listening, ftp –OS fingerprint – Linux 2.2 kernel –Service query – identifies ftp as wu-ftpd version 2.4.2 –What specific vulnerabilities does wu-ftpd 2.4.2 have?

5 Where To Position Vulnerability Assessment Tools? Don’t want them on bastion hosts, firewalls –Could be used against you Safer but less useful in secure zones Best may be to install on laptop –Connect to DMZ, insecure zone, secure zone when needed –Disconnect when not being used

6 Vulnerability Assessment Tools Linux –Nessus –SATAN/SAINT http://www.miora.com/articles/satan.htm –SARA Windows –NeWT (Nessus for Windows) –ISS Internet Scanner –Cybercop Scanner (also Linux) –Microsoft Baseline Security Analyzer

7 Nessus Probably most well-known Unix/Linux VA tool Uses nmap for initial port scanning Two-level architecture –Server: runs scans –Client: control scans, view reports http://www.nessus.org

8 Nessus Structure Uses plug-ins to abstract vulnerability tests –Tests further grouped into families Uses accounts for authorization Can configure through running server interactively –as opposed to running server in daemon state

9 Nessus Notes Prefs tab –Be careful with selecting ping –If ping refused, nessus may think system is down, not do further scans Plugins tab –Be careful with enabling all plugins Dangerous plugins can interrupt or even crash services on ports

10 Nessus results Good graphical interface Listing of findings with recommendations Example: http://www.nessus.org/demo/third.html

11 NeWT NeWT – Nessus Windows Technology Vulnerability database customized for Windows environments http://www.tenablesecurity.com/products/n ewt.shtmlhttp://www.tenablesecurity.com/products/n ewt.shtml

12 Microsoft Baseline Security Analyzer Program that analyzes a Windows system for vulnerability Analyzes in several areas –OS and related utilities - patch levels HFNetChk – allows this to be done across network from central system (command line option) –Accounts – password content and expiration –Services – whether unneeded services present –Utility security settings (e.g. IIS, SQL Server) –Etc. Start/Programs/Microsoft Baseline Security Analyzer

Download ppt "Vulnerability Analysis Borrowed from the CLICS group."

Similar presentations

Security Update Server Registration, Active scanning and Windows patching.

Security Update Server Registration, Active scanning and Windows patching.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Vulnerability Assessments with Nessus 3 Columbia Area LUG January 10 2007.

Vulnerability Assessments with Nessus 3 Columbia Area LUG January
System Hardening Borrowed from the CLICS group. System Hardening How do we respond to problems? (e.g. operating system deadlock) Detect Detect (Detect.

System Hardening Borrowed from the CLICS group. System Hardening How do we respond to problems? (e.g. operating system deadlock) Detect Detect (Detect.
Vulnerability Scanning at NU Robert Vance NUIT-Telecom & Network Services.

Vulnerability Scanning at NU Robert Vance NUIT-Telecom & Network Services.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University

2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University
Nessus – A Vulnerability Scanning Tool SUNY Technology Conference June 2003.

Nessus – A Vulnerability Scanning Tool SUNY Technology Conference June 2003.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
OpenVAS Vulnerability Assessment Group 5 Igibek Koishybayev; Yingchao Zhu ChenQian; XingyuWu; XuZhuo Zhang.

OpenVAS Vulnerability Assessment Group 5 Igibek Koishybayev; Yingchao Zhu ChenQian; XingyuWu; XuZhuo Zhang.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Similar presentations

Ads by Google