Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Published byVivien Ferguson Modified over 9 years ago

Similar presentations

Presentation on theme: "CIS 450 – Network Security Chapter 3 – Information Gathering."— Presentation transcript:

1 CIS 450 – Network Security Chapter 3 – Information Gathering

2 Attacker has to understand the environment he is going after

3 Steps for Gathering Information Find Out Initial Information Attacker has to have some initial information such as an IP address or domain name Open Source Information – company web site/related web sites Whois - http://www.networksolutions.com/en_US/whoi s/index.jhtml http://www.networksolutions.com/en_US/whoi s/index.jhtml Nslookup - http://www.kloth.net/services/nslookup.php http://www.kloth.net/services/nslookup.php

4 Find Out Address Range (or Subnet Mask) of Network Attacker wants to know is to make sure attack is concentrated on one, not several networks A larger address space might mean a larger company with better security ARIN (American Registry for Internet Numbers) - http://www.arin.net/http://www.arin.net/ Traceroute – modifies the Time to Live (TTL) field to determine the path a packet takes through the network - http://www.opus1.com/www/traceroute.html http://www.opus1.com/www/traceroute.html

5 Find Active Machines Ping – finds active machines on a network - http://www.fifi.org/services/ping http://www.fifi.org/services/ping Ping War – scan more than one machine at a time - http://www.digilextechnologies.com/index.htm l http://www.digilextechnologies.com/index.htm l

6 Find Open Ports or Access Points Port Scanners – runs through a series of ports to see which ones are open. TCP Connect Scan – tries to connect to each port on machine TCP SYN scan – stealthier than a connect scan FIN scan – Most systems do not log these packets ACK scan – gets around the firewall to scan an internal host Nmap - http://www.insecure.org/nmap/ http://www.insecure.org/nmap/ War Dialers – programs for finding modems on a network THC-Scan - http://www.securityfocus.com/tools/47http://www.securityfocus.com/tools/47

7 Figure Out the Operating System Done by sending remote host unusual packets or packets that do not make sense Each OS handles these packets differently Queso Nmap

8 Figure Out Which Services Are Running on Each Port Knowing what specific service is running enables the attacker to look up exploits and launch known vulnerabilities against the service Default Port and OS – Based on common configuration and software attacker can make a best guess of what services are running on each port Telnet Vulnerability scanners – programs that can be run against a site that give a hacker a list of vulnerabilities on the target host

9 Map Out the Network Attacker maps out the network to figure out the best way to break in Traceroute – determines the path from source to destination Visual Ping Cheops - http://www.marko.net/cheops/http://www.marko.net/cheops/

10 Protection Whois Use a position title with a general number rather than a specific person List your phone number but make up a fictitious name and email Run your own DNS server with split DNS Nslookup Minimize the records that appear in your DNS records Any IP address listed should be statically mapped through a firewall with only a specific port allowed through (e.g. mail server should be behind firewall with a non-routable address)

11 Protection ARIN Web Search Only use addresses that ARIN can trace for external devices such as routers and firewalls. All other devices should use a private address and should be behind a firewall Traceroute Use private addresses inside your firewall Ping Use private addresses inside your firewall

12 Protection Map the Network PortScan and Fingerprinting Have a firewall that properly blocks traffic and only allows traffic on specific ports to specific machines

Download ppt "CIS 450 – Network Security Chapter 3 – Information Gathering."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Week 3-1 Week 3 Scanning Determine if system is alive Determine which services are running or listening Determine the OS.

Week 3-1 Week 3 Scanning Determine if system is alive Determine which services are running or listening Determine the OS.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Port Scanning.

Port Scanning.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Ana Chanaba Robert Huylo

Ana Chanaba Robert Huylo
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

Similar presentations

Ads by Google