Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc.

Published byTheresa Howard Modified over 9 years ago

Similar presentations

Presentation on theme: "Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc."— Presentation transcript:

1 Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com

2 June 16, 19992 Outline The Problem The First Solution The Second Solution Other Uses for SAINT What’s Next Conclusions

3 June 16, 19993 The Problem Large network  7 Class B subnets, over 20 Class C subnets No central management Some resistance to “outsiders” How do we do a vulnerability assessment?

4 June 16, 19994 The First Solution The Scanning Tool The Scanning Method Results Problems Lessons Learned

5 June 16, 19995 The First Solution Conducted a comparison of several network based vulnerability assessment tools  Internet Security Scanner  Kane Security Analyst  SATAN  Nessus, and a few others The Scanning Tool

6 June 16, 19996 The First Solution Chose SATAN, with COAST extensions  free  fairly easy to use  sufficient for providing a first look at overall network vulnerability The Scanning Tool

7 June 16, 19997 The First Solution The Scanning Method

8 June 16, 19998 The First Solution Results Lasted three weeks Approximately 20,000 potential hosts interrogated Found about 5,000 hosts with services Inexpensive (almost automatic)

9 June 16, 19999 The First Solution Took almost a month to process the results into a useable format Missed many hosts (DHCP, hosts not in DNS, especially Linux boxes) Organizational problems (results not getting to the right people) Scapegoats for a host of network problems Problems

10 June 16, 199910 The First Solution DNS method is not finding all the hosts SATAN is not current Report generation takes too long We need the following:  a new scanning tool  a new scanning method  a new reporting method Lessons Learned

11 June 16, 199911 The Second Solution The Scanning Tool The Scanning Method Results Problems Lessons Learned

12 June 16, 199912 The Second Solution  An updated version of SATAN  Added many new tests  Added a new attack level  Changed how vulnerable services are categorized  Works in firewalled environments  Identifies Windows boxes  Developed extensive tutorials for each vulnerable service  Developed an in-house tool to help with reports The Scanning Tool

13 June 16, 199913 The Second Solution  The three “r” services (rlogin, rshell, rexec)  Vulnerable CGIs  IMAP vulnerabilities  SMB open shares  Back Orifice and NetBus  ToolTalk  Vulnerable DNS servers  rpc.statd service  UDP echo and/or chargen  IRC chat relays The Scanning Tool

14 June 16, 199914 The Second Solution The Scanning Method

15 June 16, 199915 The Second Solution Results Lasted two months Almost 500,000 potential hosts interrogated Found many more hosts  approximately 7,000 boxes with services  approximately 4,000 boxes with no services  almost 8,000 Windows boxes More costly (labor intensive)

16 June 16, 199916 The Second Solution Scanning takes longer Difficult to compare results with previous scan Organizational problems (results still not getting to the right people) Caused some problems with NT boxes Still a scapegoat for network problems Problems

17 June 16, 199917 The Second Solution New method finds more hosts but takes longer SAINT needs to be continually updated Scanning can help improve the tool Still need to work on reporting results Lessons Learned

18 June 16, 199918 Other Uses for SAINT SAINT gathers a lot of information that is not reported  used to produce a list of UNIX hosts by OS type  used to identify web servers  used to identify routers Quick scans of a host or subnet

19 June 16, 199919 Other Uses for SAINT Investigating Incidents

20 June 16, 199920 What’s Next Continue using SAINT for large scans Supplement SAINT with more robust tools Scans have led to development of an IRT  defining policy  defining standard security configurations  helping users secure hosts  developing centralized site for security information

21 June 16, 199921 Conclusions SAINT is a useful tool for scanning large networks Results give a good first look at how vulnerable you are SAINT must be continually updated  better OS typing  better reporting  method to compare scan results

22 June 16, 199922 Contact Information World Wide Digital Security, Inc. 11260 Roger Bacon Drive, Suite 400 Reston, VA 20910 USA PHONE:+1 703 742-6604 FAX:+1 703 742-6605 http://www.wwdsi.com

Download ppt "Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc."

Similar presentations

HEPIX May 2004 Edinburgh Linux/Unix highlights.

HEPIX May 2004 Edinburgh Linux/Unix highlights.
Description Competency standards Duration Learning Learning methods Show visual Learning Managemen System on Moodle Offline Show visual Learning Managemen.

Description Competency standards Duration Learning Learning methods Show visual Learning Managemen System on Moodle Offline Show visual Learning Managemen.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Monitoring Your Network Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop discussion.

Monitoring Your Network Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop discussion.
Office of the Vice President Copyright Notice Copyright Greg Hedrick, Matthew Wirges 2004. This work is the intellectual property of the author. Permission.

Office of the Vice President Copyright Notice Copyright Greg Hedrick, Matthew Wirges This work is the intellectual property of the author. Permission.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University

2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.

Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Similar presentations

Ads by Google