Download presentation
Presentation is loading. Please wait.
Published byLuke Stafford Modified over 8 years ago
1
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006
2
2 Objectives Conduct basic system reconnaissance Use port scanners Derive useful information about a Web site Locate useful information from newsgroup postings Use vulnerability scanners Use port monitoring utilities
3
3 Introduction Hacker’s goals Footprint a system Examining a potential target system Compromise a target Gain access to that system Your goals Understanding system auditing Examining your own system Understanding how hackers gain access Understanding hacker’s tools
4
4 Basic Reconnaissance ( 偵察 ) Windows tools for reconnaissance Nslookup (name server lookup) Whois (www.internic.net/whois.htm)www.internic.net/whois.htm ARIN (en.wikipedia.org/wiki/ARIN) Web-based tools Target Web site Social engineering
5
5 Basic Reconnaissance (cont.) Netcraft is an online utility that tells What Web server software a site is running What operating system it is using Other important information www.netcraft.com Go to “What’s that site running?” Type in www.vtc.edu.hkwww.vtc.edu.hk Press Enter
6
6 Basic Reconnaissance (cont.) Tracing IP address Map all addresses between a system and a target Trace route www.internic.net VisualRoute www.visualware.com www.visualware.com
7
7 Basic Reconnaissance (cont.) Use this information “Google” names found in your search “Google” e-mail addresses of the administrators, using Google groups
8
8 Basic Reconnaissance (cont.) Social Engineering Getting information in a non-technical manner “Dumpster diving” Dupe employees into compromising security
9
9 Scanning Use information gathered by research and social engineering Scan target for information that reveals vulnerabilities
10
10 Scanning (cont.) Nmap – Unix or Windows Hping2 – Unix Netcat – Cross-platform Ping – Cross-platform Traceroute – Cross-platform
11
11 Scanning (cont.) Nmap ICMP echo request packets SYN scanning Version scanning RPC scans http://en.wikipedia.or g/wiki/Remote_proce dure_call http://en.wikipedia.or g/wiki/Remote_proce dure_call OS fingerprinting capabilities http://insecure.org/nmap/
12
12 Scanning (cont.) Port and network scanning Identify which ports are open Port numbers identify services These ports should be closed: Unnecessary services Vulnerable services
13
13 Scanning (cont.) Ports www.networksorcery.com/enp/protocol/ip/port s00000.htm www.networksorcery.com/enp/protocol/ip/port s00000.htm www.iana.org/assignments/port-numbers www.iana.org/assignments/port-numbers www.techadvice.com/tech/T/TCP_well_known _ports.htm www.techadvice.com/tech/T/TCP_well_known _ports.htm
14
14 Scanning (cont.) NetBrute www.rawlogic.com/netbrute/ www.rawlogic.com/netbrute/ Scans a range of IP addresses For network administrators testing their own networks Targets one IP Locates open ports Locates all shared drives Identifies O/S and Web server software
15
15 Scanning (cont.) Cerberus Various download locations Checks for a variety of services Generates an html report Identifies security flaws in the registry, other areas
16
16 Scanning (cont.) SATAN Security Administrator Tool for Analyzing Networks Unix www.fish.com/satan/mirrors.html www.fish.com/satan/mirrors.html
17
17 Scanning (cont.) Vulnerability ( 弱點 ) Scanning http://netsecurity.about.com/cs/hackertools/a/aa030404.ht m http://netsecurity.about.com/cs/hackertools/a/aa030404.ht m SAINT Prioritizes results Fast assessment Configurable for increased efficiency Nessus Up to date and easy to use Updateable plug-ins Detailed reports
18
18 Port Monitoring and Managing A deeper layer of information gathering Netstat Netstat Live http://www.analogx.com/contents/download/networ k/nsl.htm http://www.analogx.com/contents/download/networ k/nsl.htm Active Ports Fport TCPView
19
19 In-Depth Searches Take investigation to a deeper level Search engines Newsgroups Information can be used for good or bad purposes
20
20 Summary Information The more information you have about the vulnerabilities and weaknesses of your system, the better prepared you are to defend it. The more information the hacker has about your system’s vulnerabilities and weaknesses, the sooner it will be violated. The tools in this chapter are for the network and security administrator and are to be used for legal, not illegal, purposes.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.