Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security and Penetration Testing

Published byArchibald Hudson Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Security and Penetration Testing"— Presentation transcript:

1 Computer Security and Penetration Testing
Chapter 3 Scanning Tools

2 Objectives Comprehend the functioning of scanners
Trace the development of scanners Identify various types of scanning Identify different scanners Computer Security and Penetration Testing

3 Scanning Tools Scanners Port scanner
Find and fix vulnerabilities in remote machines on a network Software tool that examines and reports about vulnerabilities on local and remote hosts Port scanner Examines and reports the condition (open or closed) of a port And the application listening on that port, if possible Computer Security and Penetration Testing

4 Evolution of Scanners Scanners first appeared even before ARPANET
To monitor connections between mainframes and dumb terminals The Internet was launched in the 1970s The early UNIX-like languages had no security at all Legitimate network users would connect to remote UNIX servers By having their modem dial specific telephone numbers Led to the invention of a new tool, the war dialer Computer Security and Penetration Testing

5 Evolution of Scanners (continued)
War dialer Script that tells the modem to dial a range of phone numbers defined by the user And then identifies those numbers that connect to remote computers A form of automated scanner In the early 1980s, the majority of servers ran on UNIX platforms System administrators created shell scripts that let them check security weaknesses of their networks And avoid hacking activities Computer Security and Penetration Testing

6 Evolution of Scanners (continued)
As the Internet increased in availability and popularity More computers and networks became connected Today, scanners are available for several popular platforms Computer Security and Penetration Testing

7 How Scanners Work Scanners automate the process of examining network weaknesses Scanners are not heuristic Functions Connects to a target host(s) Examines the target host for the services running on it Examines each service for any known vulnerability Computer Security and Penetration Testing

8 Types of Scanning TCP Connect Scanning Half-Open Scanning
Attempts to make TCP connections with all of the ports on a remote system Target host transmits connection-succeeded messages for active ports User does not need root privileges to perform TCP connect scanning Almost all IDSs recognize the scanning Half-Open Scanning A TCP connection scanning that does not complete the connections Computer Security and Penetration Testing

9 Types of Scanning (continued)
Half-Open Scanning (continued) Only the SYN message is sent from the scanner Reply signal may be a SYN/ACK, indicating the port is open Attacker replies with an RST flag to avoid detection Some IDSs can be configured to log all network activities Root or system administrator privileges are required to perform half-open scanning Computer Security and Penetration Testing

10 Types of Scanning (continued)
UDP Scanning Examines the status of UDP ports on a target system Scanner sends a 0-byte UDP packet to all the ports on a target host If port is closed, the target host replies with an ICMP unreachable message Most operating systems generate UDP messages very slowly Makes UDP scanning impractical Computer Security and Penetration Testing

11 Types of Scanning (continued)
IP Protocol Scanning Examines a target host for supported IP protocols Scanner transmits IP packets to each protocol on the target host If target host replies with an ICMP unreachable message to the scanner Then the target host does not use that protocol Computer Security and Penetration Testing

12 Types of Scanning (continued)
Ping scanning Demonstrates whether a remote host is active by sending ICMP echo request packets to that host Computer Security and Penetration Testing

13 Types of Scanning (continued)
Computer Security and Penetration Testing

14 Types of Scanning (continued)
Stealth Scanning Lets you examine hosts behind firewalls and packet filters Most stealth scanners do not allow target hosts to log the scanning activities Computer Security and Penetration Testing

15 Review of Scanner Technology
Computer Security and Penetration Testing

16 Review of Scanner Technology
Discovery - Nmap: - Unicornscan: An open-source tool designed to identify information related TCP flags and banners. Computer Security and Penetration Testing

17 Review of Scanner Technology
Computer Security and Penetration Testing

18 Review of Scanner Technology
Computer Security and Penetration Testing

19 Review of Scanner Technology
Reconnaissance - Fierce: Perl-based tool that focuses on particular targets using pattern matching. - Maltego: Java based tool, offered in both community and commercial versions and is marketed as a forensic tool. - PassiveRecon: A Firefox add-on that allows users to visit a target Web site and gather a variety of publically available information useful in the enumeration or reconnaissance phase of a penetration test. Computer Security and Penetration Testing

20 Review of Scanner Technology
Computer Security and Penetration Testing

21 Review of Scanner Technology
Computer Security and Penetration Testing

22 Review of Scanner Technology
Reconnaissane - Tcpdump: An open-source command-line packet analyzer. - Wireshark: Similar to tcpdump but contains a GUI interface. Computer Security and Penetration Testing

23 Review of Scanner Technology
Computer Security and Penetration Testing

24 Review of Scanner Technology
Computer Security and Penetration Testing

25 Review of Scanner Technology
Vulnerability Identification - Nessus: A remote security scanner designed to be run on linux, BSD, Solaris, and other versions of Unix. - NeXpose: A commercial enterprise Vulnerability testing tool. - Nipper: A commercial software using C++ that is both open source and sold by license by Titania. - OpenVAS: Open-source version of Nessus. Computer Security and Penetration Testing

26 Review of Scanner Technology
Computer Security and Penetration Testing

27 Review of Scanner Technology
Computer Security and Penetration Testing

28 Review of Scanner Technology
Computer Security and Penetration Testing

29 Review of Scanner Technology
Computer Security and Penetration Testing

30 Review of Scanner Technology
Vulnerability Identification - QualysGuard (SaaS): vulnerability tool that is designed to support penetration testing and includes features for discovery and enforcement of policies. - SAINT: Security Administrator’s Integrated Network Tool Computer Security and Penetration Testing

31 Review of Scanner Technology
Computer Security and Penetration Testing

32 Review of Scanner Technology
Computer Security and Penetration Testing

33 Review of Scanner Technology
Exploitation - CORE Impact: full-service commercial vulnerability testing and penetration tool. - MetaSploit: network vulnerability tool that, like CORE Impact, offers a wide range of functions. - Live Linux Distros: BackTrack Linux Computer Security and Penetration Testing

34 Review of Scanner Technology
Computer Security and Penetration Testing

35 Review of Scanner Technology
Computer Security and Penetration Testing

36 Review of Scanner Technology
Computer Security and Penetration Testing

37 Summary Scanning permits hackers to learn the vulnerabilities of the target system The most popular scanners are open source or freeware, made freely available across the Internet In the early days of computing, security vulnerabilities, while abundant, were not well known When hackers wanted to crack a system in the 1970s, they would examine the target system for all known vulnerabilities Computer Security and Penetration Testing

38 Summary (continued) As students and hobbyists started playing with scanning applications, new vulnerabilities were discovered In the early 1980s, most servers ran on UNIX platforms System administrators created shell scripts that let them check security weaknesses Scanners automate the process of examining network weaknesses, and check only for known vulnerabilities and open ports Computer Security and Penetration Testing

39 Summary (continued) Scanners can be set to target a single IP address or a range of addresses Scanners are available on UNIX, Windows, and Macintosh platforms Computer Security and Penetration Testing

Download ppt "Computer Security and Penetration Testing"

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
Review For Exam 2 March 9, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.

Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.

1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.

Similar presentations

Ads by Google