Presentation on theme: "Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003."— Presentation transcript:
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003
Security Penetration Services Goal: help organizations secure their systems Skill set: equivalent to system administrators Record keeping & ethics
Announced vs. Unannounced Penetration Testing Announced testing Pros Efficient Team oriented Cons Holes may be fixed as discovered & block further penetration False sense of security Unannounced testing Pros Greater range of testing Cons Response may block further penetration Requires strict escalation process Impact operations
Rules of Engagement Type of attacks allowed (no DoS) Off-limits machines & files (passwords) Designated machines or networks Test Plan Contacts
Physical Access Boot loader & BIOS vulnerabilities GRUB loader No password Allows hacker to boot into single- user w/root access Password crackers John the Ripper Crack
Wireless Security War driving with directional antenna Wired Equivalent Privacy (WEP) vulnerabilities Penetration Tools: WEPcrack AirSnort
Counter Measures1 Update latest patches. Change default settings/options Setup password and protect your password file. Install anti-virus software and keep it updated.
Counter Measures2 Install only required softwares, open only required ports. Maintain a good backup. Set BIOS password, system loader password, or other passwords that necessary. Have a good emergency plan.
Counter Measures3 Monitor your system if possible. Have a good administrator.
Future Improvements Correction of weaknesses uncovered by the penetration exercise Automate and customize the penetration test process Use of intrusion detection systems Use of honeypots and honeynets
Demo: Retina Network Security Scanner Created by eEye Digital Security, Retina Network Security Scanner is recognized as the #1 rated network vulnerability assessment scanner by Network World magazine. Retina sets the standard in terms of speed, ease of use, reporting, non-intrusiveness and advanced vulnerability detection capabilities. Retina incorporates the most comprehensive and up- to-date vulnerabilities database -- automatically downloaded at the beginning of every Retina session.
Bibliography Klevinsky, et. al. Hack I.T.-Security Through Penetration Testing. ISBN 0-201-71956-8. McClure, et. al. Hacking Exposed: Network Security Secrets and Solutions, 2nd edition, ISBN 0-07-222742-7. Sage, Scott & Lear, Lt. Col. Tom. “A Penetration Analysis of UCCS Network Lab Machines,” March, 2003. UCCS course CS691c. Warren Kruse, et. al. Computer Forensics. ISBN 0-201- 70719-5 Ed Skoudis, et. al. Counter Hack. ISBN 0-13-033273-9 Lance Spitzner, et. al. Honeypots. ISBN 0-321-10895-7 Retina network security scanner, http://www.eeye.com/html/Products/Retina/index.html http://www.eeye.com/html/Products/Retina/index.html