Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gulf Computers Presentation Vulnerability Assessment: Steps to a More Secure Network Securing Your Network Fethi Amara –

Similar presentations


Presentation on theme: "Gulf Computers Presentation Vulnerability Assessment: Steps to a More Secure Network Securing Your Network Fethi Amara –"— Presentation transcript:

1 Gulf Computers Presentation Vulnerability Assessment: Steps to a More Secure Network Securing Your Network Fethi Amara –

2 6/1/ © Gulf Computers L.L.C. Gulf Computers Professional Services s Provider of multivendor, data network consulting services s Reference list in the region includes: Standard Chartered Bank (Dubai) Emirates Airlines / DNATA Group of Companies (Dubai) Sharjah Municipality (Sharjah) Town Planning Department (Abu Dhabi) Civil Defense (Abu Dhabi) GEC Marconi (Abu Dhabi) Ericsson (Oman) Sultan Qaboos University (Oman) Oman Refinery Company (Oman) Occidental (Dubai and Qatar) QAFCO (Qatar) Abdul Latif Jameel (Saudi Arabia) etc.

3 6/1/ © Gulf Computers L.L.C. The Twenty Most Critical Internet Security Vulnerabilities s s The SANS Institute (SysAdmin, Audit, Network, Security) s s The NIPC (National Infrastructure Protection Center) s s The FBI

4 6/1/ © Gulf Computers L.L.C. Top 10 Vulnerabilities to Windows Systems s s Internet Information Services (IIS) s s Microsoft Data Access Components (MDAC) -- Remote Data Services s s Microsoft SQL Server s s NETBIOS -- Unprotected Windows Networking Shares s s Anonymous Logon -- Null Sessions s s LAN Manager Authentication -- Weak LM Hashing s s General Windows Authentication -- Accounts with No Passwords or Weak Passwords s s Internet Explorer s s Remote Registry Access s s Windows Scripting Host

5 6/1/ © Gulf Computers L.L.C. Top 10 Vulnerabilities to Unix Systems s s Remote Procedure Calls (RPC) s s Apache Web Server s s Secure Shell (SSH) s s Simple Network Management Protocol (SNMP) s s File Transfer Protocol (FTP) s s R-Services -- Trust Relationships s s Line Printer Daemon (LPD) s s Sendmail s s BIND/DNS s s General Unix Authentication -- Accounts with No Passwords or Weak Passwords

6 6/1/ © Gulf Computers L.L.C. The 7 Top Management Errors that Lead to Computer Security Vulnerabilities s s Number Seven: Pretend the problem will go away if they ignore it. s s Number Six: Authorize reactive, short-term fixes so problems re-emerge rapidly s s Number Five: Fail to realize how much money their information and organizational reputations are worth. s s Number Four: Rely primarily on a firewall.

7 6/1/ © Gulf Computers L.L.C. The 7 Top Management Errors that Lead to Computer Security Vulnerabilities s s Number Three: Fail to deal with the operational aspects of security: make a few fixes and then not allow the follow through necessary to ensure the problems stay fixed s s Number Two: Fail to understand the relationship of information security to the business problem -- they understand physical security but do not see the consequences of poor information security. s s Number One: Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job.

8 6/1/ © Gulf Computers L.L.C. Number of Vulnerabilities and incidents reported (According to Incidents reported in Year Q-2Q 2003 Incidents21,75652,65882,09476,404 Year Q-2Q 2003 Vulnerabi lities 1,0902,4374,1291,993 Vulnerabilities reported in

9 6/1/ © Gulf Computers L.L.C. The Virus Problem: major catastrophes s s 45 million users worldwide affected by LoveBug (Computer Economics, May 2000) s s LoveBug cost companies an estimated US$10 billion s s Dell stopped production for five days due to FunLove s s 32,000 copies of Melissa hit one company in 45 minutes s s No one is safe l l Microsoft, FBI, Houses of Parliament, Barclays, BT Lost productivity, but also loss of reputation

10 6/1/ © Gulf Computers L.L.C. The LoveBug world spread First 24 hours

11 6/1/ © Gulf Computers L.L.C. Vulnerability Scanning Definition s s Testing for areas that allow unauthorized access to networks, systems, and applications l l From outside enterprise l l From internal sources

12 6/1/ © Gulf Computers L.L.C. Frequency and Damage of Security Threats/Attacks

13 6/1/ © Gulf Computers L.L.C. Vulnerability Sources s s Networks l l Firewalls l l Devices, e.g., routers, switches s s Systems l l Servers l l Operating system services s s Applications l l Configuration problems l l Design flaws

14 6/1/ © Gulf Computers L.L.C. Why Conduct Vulnerability Scans? s Obvious l Find vulnerabilities s Not so obvious l Test intrusion detection l Test incident response l Test managed security provider s IDS is no substitute l Speed of attack problem, HoneyNet Project l Limited scope

15 6/1/ © Gulf Computers L.L.C. Vulnerability Targets s Permissible systems s All access points including l Wireless l Dial-up l VPNs

16 6/1/ © Gulf Computers L.L.C. Vulnerability Scan Steps s Multiple scanners for different targets l Firewalls l Web servers l Wireless network l Lotus Notes l Novell Netware l Many more s Attack signature database l Must be updatable s Identifies potential vulnerabilities l False positives expected

17 6/1/ © Gulf Computers L.L.C. Scanner Characteristics s Specialization - specific target s Number of tests - multiple targets s Reporting s Fix information s False positives s Other features, e.g., client/server

18 6/1/ © Gulf Computers L.L.C. Open Source vs. Commercial Scanners Free Frequent updates More vulnerabilities Can be customized Easy to install/operate Enhanced report generation Fully supported Nessus Sara Cybercop ISS Limited support Lots of false positives Linux expertise needed Cost can be high Cost of support Pros Cons Examples Open Source Commercial

19 6/1/ © Gulf Computers L.L.C. How Long Does it Take? s It depends l Number of subnets l Number of hosts l Blocks in place –UDP –Firewalls play dead mode s Thoroughness

20 6/1/ © Gulf Computers L.L.C. Conducting the Scan s Arrange time for scan l Delay start to avoid scapegoating s Special scan for potential trouble systems s Be available 24x7

21 6/1/ © Gulf Computers L.L.C. Data Analysis s Challenges l Lots of false positives l Meaningful data not always easy to identify s Know your audience l Severity classification l Department focus s Reporting results l Common Vulnerability and Exposures (CVE)

22 6/1/ © Gulf Computers L.L.C. Report Styles

23 6/1/ © Gulf Computers L.L.C. Hidden Benefits s Study how security is implemented s Find unknown hosts s Learn about change control process s Good basis for a security policy if one doesn't exist s Policy enforcement

24 6/1/ © Gulf Computers L.L.C. s s Scan for vulnerabilities in networks, systems & applications s s Choose the right target and matching scanner(s) s s Conduct scan in defined timeframe s s Sift data for relevancy The Bottom Line

25 6/1/ © Gulf Computers L.L.C. Gulf Computers Professional Security Services s Evaluation l Penetration testing, assessment, audit, vulnerability analysis s Strategic l Incident response, programs, policies, training s Technical l PKI, VPNs, Firewalls, IDS, AAA integration, PDIO

26 6/1/ © Gulf Computers L.L.C. Question and Answer


Download ppt "Gulf Computers Presentation Vulnerability Assessment: Steps to a More Secure Network Securing Your Network Fethi Amara –"

Similar presentations


Ads by Google