Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.

Similar presentations


Presentation on theme: "Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer."— Presentation transcript:

1 Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA xiaozhen.xue@ttu.edu Akbar Siami Namin Dept. of Computer Science Texas Tech University, USA akbar.namin@ttu.edu Summer Cyber-Security Workshop, Lubbock, July 2014

2 Need for Vulnerability Management – Vulnerabilities on a network are GOLD to cyber criminals: Provide unauthorized entry to networks Can expose confidential information, fuel stolen identities, violate privacy laws, or paralyse operations Exposure is extreme for networks with vulnerable devices connected by IP Sources of Vulnerabilities  Programming errors  Unintentional mistakes or intentional malware in General Public License software  Improper system configurations  Mobile users sidestepping perimeter security controls  Rising attacks through viewing popular websites

3 Summer Cyber-Security Workshop, Lubbock, July 2014 Need for Vulnerability Management – Despite utilization of basic defenses, network security breaches abound TJX exposed 46M records DSW exposed 1.4M records CardSystems exposed 40M records 215M+ reported record exposures since 2005 (actual is significantly higher) – Automation is Crucial Manual detection and remediation workflow is too slow, too expensive and ineffective Attack Trends  Increased professionalism and commercialization of malicious activities  Threats that are increasingly tailored for specific regions  Increasing numbers of multistaged attacks  Attackers targeting victims by first exploiting trusted entities  Shift from “Hacking for Fame” to “Hacking for Fortune”

4 Summer Cyber-Security Workshop, Lubbock, July 2014 Need for Vulnerability Management – Did we learn our lessons? Most vulnerabilities are long known before exploited Successful exploitation of vulnerabilities can cause substantial damage and financial loss A few vulnerable systems can disrupt the whole network System misconfiguration can make systems vulnerable Challenges IT Security Face  NOT enough TIME, PEOPLE, BUDGET  Prioritization of efforts for minimize business risks and protecting critical assets. We can’t fix all problems - what can we live with?  Adapting to accelerating change in sophistication of attacks.

5 Vulnerability Scanning Vulnerability Management Summer Cyber-Security Workshop, Lubbock, July 2014 1. DISCOVERY (Mapping) 2. ASSET PRIORITISATION (and allocation) 3. ASSESSMENT (Scanning) 4. REPORTING (Technical and Executive) 5. REMEDIATION (Treating Risks) 6. VERIFICATION (Rescanning)

6 Vulnerability Scanning Mapping Summer Cyber-Security Workshop, Lubbock, July 2014 – Mapping Gives hacker’s eye view of you network Enables the detection of rogue devices

7 Vulnerability Scanning Prioritisation Summer Cyber-Security Workshop, Lubbock, July 2014 – Asset Prioritisation Some assets are more critical to business than others Criticality depends of business impact

8 – Scanning: takes an “outside-in” and “inside-in” approach to security, emulating the attack route of a hacker tests effectiveness of security policy and controls by examining network infrastructure for vulnerabilities Vulnerability Scanning Summer Cyber-Security Workshop, Lubbock, July 2014

9 Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Vulnerability scanners Summer Cyber-Security Workshop, Lubbock, July 2014

10 Vulnerability Scanning How Vulnerability Scanners Work Scanning Engine Knowled ge Base GUI Results Target 2 Target 1 Target 3 Target 4 Vulnerability Database Summer Cyber-Security Workshop, Lubbock, July 2014

11 Vulnerability Scanning Similar to virus scanning software: – Contain a database of vulnerability signatures that the tool searches for on a target system – Cannot find vulnerabilities not in the database New vulnerabilities are discovered often Vulnerability database must be updated regularly Vulnerability scanners Summer Cyber-Security Workshop, Lubbock, July 2014

12 Vulnerability Scanning Network vulnerabilities Host-based (OS) vulnerabilities – Misconfigured file permissions – Open services – Missing patches – Vulnerabilities in commonly exploited applications (e.g. Web, DNS, and mail servers) Typical Vulnerabilities Checked Summer Cyber-Security Workshop, Lubbock, July 2014

13 Vulnerability Scanning Very good at checking for hundreds (or thousands) of potential problems quickly – Automated – Regularly May catch mistakes/oversights by the system or network administrator Defense in depth Vulnerability Scanners - Benefits Summer Cyber-Security Workshop, Lubbock, July 2014

14 Vulnerability Scanning Report “potential” vulnerabilities Only as good as the vulnerability database Can cause complacency Cannot match the skill of a talented attacker Can cause self-inflicted wounds Vulnerability Scanners - Drawbacks Summer Cyber-Security Workshop, Lubbock, July 2014

15  Port scanner (Nmap, Nessus) Port scannerNmapNessus  Network enumerator Network enumerator  Network vulnerability scanner (BoomScan) Network vulnerability scannerBoomScan  Web application security scanner Web application security scanner  Database security scanner Database security scanner  Host based vulnerability scanner (Lynis, ovaldi, SecPod Saner) Host based vulnerability scannerLynisSecPod Saner  ERP security scanner ERP security scanner  Computer worm Computer worm Vulnerability Scanners tools

16 Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Used by defenders to automatically check for many known problems Used by attackers to prepare for and plan attacks Summary Summer Cyber-Security Workshop, Lubbock, July 2014

17 Vulnerability Scanners tools comprehensive vulnerability scanner which is developed by Tenable Network Security.

18 Port scanner (Nmap)Nmap Vulnerability Scanners tools

19 Summer Cyber-Security Workshop, Lubbock, July 2014 Qualys https://freescan.qualys.com/freescan-front/

20 Summer Cyber-Security Workshop, Lubbock, July 2014 Qualys http://lhs.lubbockisd.org


Download ppt "Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer."

Similar presentations


Ads by Google