Presentation on theme: "Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the."— Presentation transcript:
6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the assessment Step 5: Analysis Step 6: Documentation
Site Survey Need to ascertain a number of different things in order to better scope the technical portion of the assessment. Consider also adding wireless to the questionnaire. Take a look at Exhibit 1 pg. 90, use as appropriate
Develop a Test Plan You, as a security professional, will probably be (or at least should be) more “up-to-date” on security vulnerabilities. New ones occur all the time and it is hard for folks who do not have security as their prime function to stay up on all of the latest problems. This will be one of the most valuable aspects of the assessment. But, what if they have a system you don’t know much about? How do you find out about what holes exist? Fortunately, lots of sites exist that will help.
Additional Web Sites http://www.ciac.org/ciac/index.html http://www.atstake.com http://www.cerias.purdue.edu/about/history/coast/ http://www2.packetstorm.org:443/ Check Exhibit 8 in your text for additional sites
Building the Toolkit Zero-Information-Based Tools Basic information about the company and the network Goal is to “map out” the network Includes tools to examine a target’s Internet presence. Network Enumeration Tools Trying to determine hosts actually connected Operating System Fingerprint Tools Attempt to determine the type of OS(s) used Application Discovery Tools Try to find what applications systems may be running Vulnerability Scanning Tools “one stop shopping”, tools may list specific holes Specialty Tools Designed to look for specific problems (e.g. wardialing, web scanners, password crackers, …)
NVA tools Final Two Application tools: check for things like cookie manipulation, URL modification (web apps) Host Testing tools: Stop running tools over the network, run them on individual hosts Exhibit 57, pg 148 from Peltier text
Conduct the Assessment Now is the time to run all of those tools you collected in the previous step (note, in reality you may discover something with one tool that will require you to find another tool to test some aspect of the network’s security) Two types of tests: Active which will impact network service (although it may be minor) Passive which will not impact service DoS tests – often not conducted since client will not want network service halted You must also be careful as some active tools may cause a DoS or may actually crash some systems. TEST YOUR TOOLS BEFORE YOU USE THEM!!!
Analysis and Documentation Analysis Time to take a look at the results of your tool use. Don’t wait until the end, start analyzing as soon as the tool has completed its test. Results from one tool may prompt other tests Keep all of the raw data. Document every step of the way, this will become part of the final detailed report. You want to know exactly what your tools do and you need to be able to tell the client exactly what test you ran when. You don’t want to be blamed for system problems that you had nothing to do with.
Report Chapter 7 of text has sample report Probably will have 2 or three reports Executive summary (may be part of Final or separate report) Final Report – includes recommendations. Technical (detailed) report, will include as appendices the raw data files (often on CD)
Summary What is the importance and significance of this material? How does this topic fit into the subject of “Security Risk Analysis”?