Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.

Published byGuillermo Hollis Modified over 10 years ago

Similar presentations

Presentation on theme: "By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk."— Presentation transcript:

1 By Bruce Ellis Western Governors University

2 Demonstrate the need for updating information systems Build security awareness Inform management of the risk Inform organizations of the potential consequences Most used operating system in the business industry

3 Failure to apply security patches Failure to update application/software Failure to upgrade operating systems Failure to provide continuous security assessments

4 UTILIZED BACKTRACK 4OPERATING SYSTEMS TESTED Tested security of Windows Operating Systems using tools from Backtrack 4 Nessus Metasploit Nmap Windows XP SP 1 Windows XP SP 3 Windows Vista Business Windows Server 2003

5 Scanned systems first using Nessus to find potential vulnerabilities, shares, user accounts, computer name etc. Scanned systems to find open ports Utilized metasploit to set payloads for potential vulnerabilities found using open ports.

6 Hacking and Penetration Results CRVMRVLRVOPF#VE Windows XP SP 112127127 Windows XP SP 3112353 Windows Vista00410 Windows Server 2003502183 CRV= Critical Risk Vulnerabilities MRV= Medium Risk Vulnerabilities LRV= Low Risk Vulnerabilities OPF= Open Ports Found #VE= Vulnerabilities Exploited

7

8 Milestones were met as predicted except for successful exploitation of Windows Vista Business

9 At the beginning of the testing phase there were problems exploiting Windows XP SP 1 due to lack of proficiency in metasploit. Finding detailed information on Backtrack 4 and use of metasploit.

10

Download ppt "By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk."

Similar presentations

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Configuring Windows to run Dr.Web scanner remotely.

Configuring Windows to run Dr.Web scanner remotely.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan

Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Personnel 500-600 hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.

Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
The Business of Penetration Testing

The Business of Penetration Testing
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Similar presentations

Ads by Google