Presentation is loading. Please wait.

Presentation is loading. Please wait.

ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute."— Presentation transcript:

1 ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute

2 Objectives l Identify existing security exposures l Identify potential security exposures l Validate meta system configuration l Build on existing work Internal - Simon, ServiceTrak External - NMAP/NLOG

3 Computing Environment l Computer Center Machines Unix - Centrally administered WinTel - Mixed administration l Departmental Machines Unix Administered by CC Staff Unix Administered by non CC Staff WinTel - Mixed Administration

4 NLOG/NMAP l NMAP port scans networks Matches TCP/IP Fingerprint for OS Identifies open ports (services) l NLOG Provides some data management Provides a web interface

5 ServiceTrak l Tracks Services and Servers Web interface to Simon host info

6 Host Groups lpr_ok pop_ok Public Workstations lpr_Specials pop_Specials Private Workstations Public_AIX Public_Irix Public_Solaris Private_AIX Private_Irix Private_Solaris AIX_Workstations Irix_Workstations Solaris_Workstations All_Workstations

7 Service “Safety” l My Standards History of attack/exposure - SMTP Encourage Exposure - Telnet Not required for user workstation Specific servers only (ftp, dns, etc) l Set for the needs of my department Your Mileage May Vary

8 Similar Hosts l Do all hosts offer the SAME services l Do the services make sense for that group? l Is the OS fingerprint correct for each host?

9 Remote Access Hosts

10 Ssh (22/tcp) Remote Access NMAP l Safety Level: Safe l Secure Shell l TSV File

11 Safety Level Breakdown l Special Group of ALL HOSTS Which ones are running unsafe protocols? Do we care?

12 Protocol Specific Lists l Service specialists interested in their particular service. Hostmaster interested in DNS servers Webmaster interested in WWW servers l Operating system specialists interested in their own OS.

13 Problems l NLOG can crash some services l Trips scan detectors Irate email from other sys admins l False reports from detection tools Back Officer Friendly l Policy Issues

14 Our Results l Identified some exposures OS upgrade turned some things on l Identified site configuration errors “Trusted” unix host running NT l Integration of NLOG info with existing tools helpful.

15 Lessons Learned l Host grouping is VERY useful NLOG may be a good approach l OS (via TCP Fingerprint) very handy l Policy Issues Let someone else run it and take the heat…..

16 ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute finkej@rpi.edu http://www.rpi.edu/~finkej

Download ppt "ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Nassau Community College

Nassau Community College
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
The Internet Ed Lazowska Bill & Melinda Gates Chair in Computer Science & Engineering University of Washington August 2010.

The Internet Ed Lazowska Bill & Melinda Gates Chair in Computer Science & Engineering University of Washington August 2010.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.

Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

Similar presentations

Ads by Google