Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

Similar presentations


Presentation on theme: "Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications."— Presentation transcript:

1 Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications and purpose Network mapping Legal issues

2 Network Monitoring General Purpose Functions Applications Design NIDS – Network Intrusion Detection IPS – Intrusion Prevention System

3 Network and System Scanning What application versions are running? What services are running? What ports/services are open? What does the network look like? What can the external world see? Have any of these changed?

4 Network Assessment What do the other systems look like? What does my system look like to outsiders? Remote system characterization LAN topology Tools nmap nessus

5 Network Assessment Planning Initial reconnaissance System enumeration Service enumeration Vulnerability discovery

6 Planning Appropriate time You will probably crash operational systems You will need admin support Approximate possible risks Determine costs – man hours Management written approval Make sure every one buys into what you are doing

7 Initial Reconnaissance Corporate structure Web surfing » Web browser » www.copernic.com www.copernic.com whois host NetScanTools Pro » DNS information nslookup » DNS information » Should return minimal info if well configured

8 System Enumeration Using information from initial reconn phase Discover more hosts and servers Perimeter defense may block some scans Directly probe target network Combine discovery and analysis techniques Structure of network Perimeter design

9 Tools traceroute The important info for this phase » Target routers and DNS servers » What is the route form a server to the Internet » Often server names give geographic or organizational info

10 Tools Network scanners ICMP – fping and pinger » Looks for systems that return ICMP messages TCP, UDP – nmap » Searches the entire range of IP addresses allocated to a network

11 Service Enumeration Now find out what is available on each system Services Ports open, ports filtered, OS Application versions System policies Password policy Users, domains, system names

12 Tools nmap LANGuard ww.gfisoftware.com/languard/lanscan.htm Used as a LAN audit tool, $249 Telnet and banner retrieval :\:\>telent sou.edu 22 SSH-1.99-OpenSSH_3.1p1 :\:\>telent www.sou.edu 80www.sou.edu HEAD / HTTP/1.0 HTTP/1.1 50` Method not implemented Date: Sun, 02 Mar 2003 20:46:44 GMT Server: Apache/1.3.27 (Unix) (Red Hat/Linux mod_ssl/2.8.12 OpenSSL/0.9.6 DAV/1.0.2 PHP/4.1.2 mod_perl/1.24

13 Vulnerability Discovery Vulnerability scanners Work at the application layer Most of these scanners also do network and port scanning Best to start from the beginning » Network enumeration, System enumeration, Vulnerability discovery

14 Vulnerability Discovery Tools Nessus – open sourced, very complete ISS Internet Scanner – Windows, $$ Retina – Windows, good GUI, $$

15 Summary Network assessment CAREFUL This is ILLEGAL


Download ppt "Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications."

Similar presentations


Ads by Google