Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Similar presentations


Presentation on theme: "Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology."— Presentation transcript:

1 Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology Solutions

2 Assessing Vulnerabilities Footprinting Enumeration Vulnerability Scanning Exploitation Reporting http://www.sans.org/reading_room/whitepapers/auditing/conducting-penetration-test-organization_67

3 Enumeration Host and Service Enumeration ▫Port Scanning (nmap, scanline) ▫SNMP Scanning (Solarwinds, onesixtyone, snmpenum.pl) ▫NetBIOS Scanning (browsat, net view, nbtscan) http://www.jedge.com

4 Network Mapper (nmap) Latest stable version is 5.51. More than a port scanner ▫Service and OS Identification ▫Traceroute ▫Nmap Scripting Engine  177 scripts for vulnerability discovery, windows enumeration, fuzzing, & more.  Write your own! Additional tools: Zenmap GUI, Ndiff, Ncat, & Nping. http://nmap.org/book/man.html

5 Nmap Reporting Nmap generates three file types (nmap, gnmap, xml) ▫results.nmap: log file that is the same as the screen output (with verbose turned off) ▫results.gnmap: output for each host found is placed on one line so grep can be used for simple shell script parsing. ▫results.xml: used for advanced report generation and loading into a database. http://www.jedge.com/wordpress/?p=220

6 Scanline Simple, free, standalone Windows port scanning executable. ▫Requires no installation ▫Perfect for upload to a compromised machine to scan internally. ▫Conducts banner grabbing for port identification. ▫Runs slow, output is horrible, shows only if a port is open, and no advanced features. Formally created by Foundstone Tools now owned by McAfee. http://www.mcafee.com/us/downloads/free-tools/scanline.aspx

7 Solarwinds SNMP Sweep Part of the commercial Engineer’s Toolset (starting at $1390). ▫You will have to ask your company Networking group very nicely if you can use one of the licenses. ▫Very easy to use GUI tools for SNMP scanning and analysis. ▫MS Excel compatible reporting features. http://www.solarwinds.com/products/toolsets/

8 Open Source SNMP Scanning Nmap ▫Look for open UDP port 161 onesixtyone ▫Community string dictionary attack snmpenum.pl ▫Obtain detailed host information for Windows, Linux, and Cisco http://www.jedge.com/docs

9 Nessus Formally open source vulnerability scanner. The product went closed source with version 3.0 but was still free for commercial use. Now with version 4.0 you have to obtain a license to use the product for commercial purposes. The current version, Nessus 4.4, is still free for educational purposes and home use. http://cgi.tenable.com/nessus_4.4_user_guide.pdf http://cgi.tenable.com/nessus_4.4_installation_guide.pdf

10 Nikto Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.Nikto Latest version is 2.1.4 (2.20.2011) Video for integrating Nikto with Nessus ▫http://www.cirt.net/node/86 http://www.cirt.net/

11 w3af: Web Application Attack and Audit Framework The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Open Source alternative to commercial tools HP Web Inspect, IBM Appscan, Acunetix, and Burp Suite. http://w3af.sourceforge.net/

12 Reporting Most scanners include their own report generation. However, even for expensive commercial tools, the reports generated include a mountain of information. No IT staff will read a 100-200 page report on the application or database vulnerabilities. Most scanners allow you to export the report information in XML format. You can then parse the information, load it into a database, and generate your own reports. http://php.net/manual/en/book.xml.php

13 Parsing XML with Perl or PHP XML can be parsed with your favorite scripting or programming language (Perl, PHP, Python, Ruby, Java, etc). ▫I’m sure you can do this with windows scripting languages but I know NOTHING about this. Examples will be given in Perl and PHP. http://en.wikipedia.org/wiki/XML

14 Parsing XML with Perl or PHP Linux, Apache, MySQL and PHP, Perl, or Python (LAMP) creates an environment for custom report generation. Many virtual images/appliances exist allowing an easy way to get the environment you need to process XML output. ▫Turnkey LAMP Appliance  http://www.turnkeylinux.org/lamp http://www.turnkeylinux.org/lamp http://www.jedge.com/wordpress/?page_id=62

15 Turnkey LAMP Appliance Download the Vmware Appliance from the Turnkey website. Open the appliance in the free VMWare Player or Virtualbox. When the image boots it will ask to set the system root password and the MySQL root password. The image will then assist you in configuring network access.

16 Helpful Links! Using Nmap http://www.youtube.com/watch?v=Bn36zoApLm4 Using Nessus http://www.youtube.com/watch?v=3RgOtjv4v8E Using Metasploit http://www.youtube.com/watch?v=RxyD0F38WYg http://www.irongeek.com/i.php?page=videos/msfpayload-msfencoder-metasploit-3-3 http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter- payload-executable Top 100 Network Security Tools http://sectools.org/ http://www.youtube.com/watch?v=Bn36zoApLm4 http://www.youtube.com/watch?v=3RgOtjv4v8E http://www.youtube.com/watch?v=RxyD0F38WYg http://www.irongeek.com/i.php?page=videos/msfpayload-msfencoder-metasploit-3-3 http://www.irongeek.com/i.php?page=videos/metasploit-create-reverse-meterpreter- payload-executable http://sectools.org/ Misc http://www.packetstormsecurity.org http://vulnerabilityassessment.co.uk http://www.jedge.com http://www.packetstormsecurity.org http://vulnerabilityassessment.co.uk http://www.jedge.com

17 Contact James A. Edge Jr. Email: james.edge@jedge.comjames.edge@jedge.com Web: http://www.jedge.comhttp://www.jedge.com


Download ppt "Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology."

Similar presentations


Ads by Google