Presentation is loading. Please wait.

Presentation is loading. Please wait.

S C I E N C E A P P L I C A T I O N S I N T E R N A T I O N A L C O R P O R A T I O N Open-Source Network Security Tools Scanning/Securing/Exploiting oh.

Published byLaureen Payne Modified over 8 years ago

Similar presentations

Presentation on theme: "S C I E N C E A P P L I C A T I O N S I N T E R N A T I O N A L C O R P O R A T I O N Open-Source Network Security Tools Scanning/Securing/Exploiting oh."— Presentation transcript:

1 S C I E N C E A P P L I C A T I O N S I N T E R N A T I O N A L C O R P O R A T I O N Open-Source Network Security Tools Scanning/Securing/Exploiting oh my.

2 Beyond Network Security…. We Build Peace of Mind 2 Disclaimer  The opinions expressed in this talk are just mine, and not the opinions of SAIC, nor ESS.  I have nothing against vendors, some of my best friends are vendors.  I was asked to do a talk on Open Source Network Security Tools, and not on commercial tools to avoid any vendor bias.  They made me do it.  I once saw a ghost cow in the road, honest.

3 Beyond Network Security…. We Build Peace of Mind 3 Agenda  What is Open Source?  Why should I care?  Why no Commercial tools?  What tools are available?  What do they do?  Where can I get them?  Q&A

4 Beyond Network Security…. We Build Peace of Mind 4 What’s OpenSource? From opensource.org  Open source doesn't just mean access to the source code. The distribution terms of open-source software must comply with the following criteria: 1.Free Redistribution 2.Source Code included/available 3.Derived Works allowed 4.Integrity of The Author's Source Code (patches/forks) 5.No Discrimination Against Persons or Groups 6.No Discrimination Against Fields of Endeavor 7.Distribution of License (no NDA) 8.License Must Not Be Specific to a Product 9.License Must Not Restrict Other Software 10.License Must Be Technology-Neutral

5 Beyond Network Security…. We Build Peace of Mind 5 Why does it matter?  Cost  Open Source is free. Zero acquisition cost.  Security  The source code is available for your review.  Many eyes look at code.  Find many bugs.  Patch Often  Support  Free – Web/Mailing-Lists/SIGs  $$$ - Commercial sites/ OS vendors…

6 Beyond Network Security…. We Build Peace of Mind 6 What about freeware / shareware / trialware etc. "Freeware" should not be confused with "free software" (roughly, software with unrestricted redistribution) or "shareware" (software distributed without charge for which users can pay voluntarily). “Shareware” Software that, like freeware, can be usually obtained (downloaded) and redistributed for free, but most often is under copyright and does legally require a payment in the EULA, at least beyond the evaluation period or for commercial applications.

7 Beyond Network Security…. We Build Peace of Mind 7 Why not use commercial products?  How much money do you have?  Why not use these tools at home?  At your sibling’s/nephew’s/parent’s house?  Typically has higher resource needs.  But, has much better support.  Better documentation.  Nice shiny packaging.

8 Beyond Network Security…. We Build Peace of Mind 8 Enough License talk, where’s the goods?  Categories of tools.  Scanning – To find hosts/targets/details  Accessing – To gauge security and baseline  Securing – To protect the host.  Exploiting – To pants the host.  Deception – To deceive the attacker.  Detection – To detect the attacker

9 Beyond Network Security…. We Build Peace of Mind 9 Scanning (The Basics) Nmap – Network Mapper  http://insecure.org http://insecure.org  OS Detection  Application Detection  High-Speed TCP/UDP scans  IPv4 & IPv6  Supports Unix / Linux / BSD / Mac OS X, and Windows  Even works with Windows XP SP2!  Extremely configurable and could be a talk by itself…

10 Beyond Network Security…. We Build Peace of Mind 10 Scanning for Wireless dstumbler  http://www.dachb0den.com/projects/dstumbler.html http://www.dachb0den.com/projects/dstumbler.html  AP/SSID detection  Detection of  weped networks  beacon interval for aps  maximum supported rate  Can crack WEP keys.

11 Beyond Network Security…. We Build Peace of Mind 11 Scanning (Advanced) Paketto Keiretsu 1.10  http://www.doxpara.com/paketto/ http://www.doxpara.com/paketto/  Scanrand, an unusually fast network service and topology discovery system  Minewt, a user space NAT/MAT router  Linkcat, which presents a Ethernet link to stdio  Paratrace, which traces network paths without spawning new connections  Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space.

12 Beyond Network Security…. We Build Peace of Mind 12 Assessing Web Sites Nikto  http://www.cirt.net/code/nikto.shtml http://www.cirt.net/code/nikto.shtml  Web/CGI scanner  Finds vulnerable CGI  Can do IDS evasion  Has over 2,600 checks. $ nikto.pl –host 192.168.42.27 –verbose –web –output \ > nikto80_192.168.42.27.html.raw Nikto’s output provides notes on reasons why a finding may be a security risk: Target IP: 192.168.42.27 Target Hostname: www.victim.com Target Port: 80 -------------------------------------------------------------------- o Scan is dependent on "Server" string which can be faked, use -g to override o Server: WebSTAR/4.2 (Unix) mod_ssl/2.8.6 OpenSSL/0.9.6c o Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE o Server allows PUT method, may be able to store files. o CONNECT method is enabled, server may act as a proxy or relays. o Server allows DELETE method, may be able to remove files. o Server allows PROPFIND or PROPPATCH methods, which indicates DAV/WebDAV is installed. Both allow remote admin and have had security problems. o WebSTAR/4.2(Unix)mod_ssl/2.8.6OpenSSL/0.9.6c appears to be outdated (current is at least mod_ssl/2.8.7) (may depend on server version) o /public/ Redirects to 'http://www.foundstone.com/public', this might be interesting... o robots.txt - This file tells web spiders where they can and cannot go (if they follow RFCs). You may find interesting directories listed here. (GET) o cgi-bin/htsearch?-c/nonexistant - The ht::/Dig install may let an attacker force ht://Dig to read arbitrary config files for itself. (GET) 885 items checked on remote host

13 Beyond Network Security…. We Build Peace of Mind 13 Assessing Websites (continued) pavuk  http://www.idata.sk/~ondrej/pavuk/ http://www.idata.sk/~ondrej/pavuk/  Not really assessment.  Very effcient Web Spider  Can copy content off sites  Supports authentication  SSL support  FTP, HTTP, Gopher

14 Beyond Network Security…. We Build Peace of Mind 14 Assessing Passwords hydra  http://thc.org/thc-hydra/ http://thc.org/thc-hydra/  Brute-Force Password Guesser  Can run in parallel to improve performance.  Is able to assess passwords in…  TELNET, FTP, HTTP, HTTPS, HTTP-PROXY,  LDAP, SMB, SMBNT, MS-SQL, MYSQL,  REXEC, CVS, SNMP, SMTP-AUTH, SOCKS5,  VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3,  Cisco auth, Cisco enable, Cisco AAA

15 Beyond Network Security…. We Build Peace of Mind 15 Assessing Networks, Hosts, etc. Nessus – Security Scanner  http://nessus.org http://nessus.org  Uses NMap, Nikto, Hydra,  Server supports Unix *  Clients for Windows & Unix  Has thousands of checks.  Scriptable Attack language  If you don’t use it yet, you should.

16 Beyond Network Security…. We Build Peace of Mind 16 Assessing Wireless kismet  http://www.kismetwireless.net/ http://www.kismetwireless.net/  Manufacturer and model identification  Runtime decoding of WEP packets for known networks  Network IP range detection  Finds hidden SSIDs  Detects wireless attacks  Finds defaults configs.

17 Beyond Network Security…. We Build Peace of Mind 17 Securing Hosts p0f/pf/iptables  p0f – Passive OS fingerprinting  http://lcamtuf.coredump.cx/p0f.shtml http://lcamtuf.coredump.cx/p0f.shtml  Can work with pf/iptables to create special rules. Only Windows 2000 and newer can connect out Restrict in-bound Windows SMTP to 1 per client. Only allow OpenBSD SSH to firewall  pf – Berkely Packet Filter  http://www.openbsd.org/faq/pf/ http://www.openbsd.org/faq/pf/  iptables – Linux IP Firewall  http://www.netfilter.org/ http://www.netfilter.org/

18 Beyond Network Security…. We Build Peace of Mind 18 Securing OS through Hardening Bastille  http://www.bastille-linux.org/ http://www.bastille-linux.org/  Tightens permissions  Changes to secure defaults  Removes unneeded services  Enables better logging  Locks down subsystems  Is a slicer/dicer  Available for Linux, HP-UX, & Mac-OS.

19 Beyond Network Security…. We Build Peace of Mind 19 Securing Passwords John the Ripper  http://www.openwall.com/john/ http://www.openwall.com/john/  Brute-forces local password files.  Supports  most Unix password file types.  Windows NT/2000/XP LanMan Hashes  OpenVMS and SYSUAF.DAT  AFS/Kerberos v4 TGT  S/Key skeykeys files  Netscape LDAP server passwords  MySQL passwords

20 Beyond Network Security…. We Build Peace of Mind 20 Securing Users/Roles (Advanced) selinux  http://www.nsa.gov/selinux/ http://www.nsa.gov/selinux/  Security Enhanced Linux  Establish MAC (Mandatory Access Controls)  Controls based on Objects not permissions.  Root is not all powerful.  Allows compartmentalized controls.  Really confusing for most mortals.

21 Beyond Network Security…. We Build Peace of Mind 21 Exploiting Switched Networks Ettercap  http://ettercap.sourceforge.net/ http://ettercap.sourceforge.net/  Enables the sniffing and capture of switched networks.  ARP poisoning  Man in the Middle  Passive OS identification  Password capture  Passive Portmap

22 Beyond Network Security…. We Build Peace of Mind 22 Exploiting EndUser Machines Metasploit  http://www.metasploit.com/ http://www.metasploit.com/  Framework for exploits  Able to execute multiple options vs. a single vulnerability.  32 separate exploits  23 separate shellcodes

23 Beyond Network Security…. We Build Peace of Mind 23 Deceptive Services dtk – Deception ToolKit  http://www.all.net/dtk/dtk.html http://www.all.net/dtk/dtk.html  Pretend to run other services.  Pretend to be other OS’s  Prevent the attacker for gaining knowledge

24 Beyond Network Security…. We Build Peace of Mind 24 Deceptive Networks honeyd  http://www.honeyd.org/ http://www.honeyd.org/  Simulates thousands of virtual hosts at the same time.  Configuration of arbitrary services via simple configuration file:  Includes proxy connects.  Passive fingerprinting to identify remote hosts.  Random sampling for load scaling.  Simulates operating systems at TCP/IP stack level:  Fools nmap and xprobe,  Simulation of arbitrary routing topologies:  Subsystem virtualization:  Run real UNIX applications under virtual Honeyd IP addresses: web servers, ftp servers, etc...

25 Beyond Network Security…. We Build Peace of Mind 25 Detecting Network Attacks Snort with ACID  Snort – Network IDS  http://www.snort.org/ http://www.snort.org/  Rules based detection of network threats. Detects buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.  ACID – Web front-End to Snort  http://acidlab.sourceforge.net/ http://acidlab.sourceforge.net/  Enables rapid queries  Displays threats graphically  Uses back-end DB

26 Beyond Network Security…. We Build Peace of Mind 26 Detecting Network Traffic Ethereal  http://www.ethereal.com/ http://www.ethereal.com/  Not really a Detection, but a GREAT sniffer!  Decodes over 600 protocols  FTP, SMTP, ICMP, RIP,…  Has statistical analysis tools  Allows deep inspection of network traffic

27 Beyond Network Security…. We Build Peace of Mind 27 Detecting Compromised Boxes chkrootkit  http://www.chkrootkit.org/ http://www.chkrootkit.org/  Detects 56 different root-kits  Detects unknown deletions and clean-ups  Works on  Linux 2.0.x, 2.2.x and 2.4.x,  FreeBSD 2.2.x, 3.x, 4.x and 5.x,  OpenBSD 2.x and 3.x.,  NetBSD 1.5.2,  Solaris 2.5.1, 2.6 and 8.0,  HP-UX 11,  Tru64 and BSDI.

28 Beyond Network Security…. We Build Peace of Mind 28 So where can I get this stuff easily?  Many ISO images of bootable linux available.  [P]rofessional [H]acker's [L]inux [A]ssault [K]it http://www.phlak.org  Local Area Security http://www.localareasecurity.com/  Knoppix security tools distribution http://www.knoppix-std.org/

29 Beyond Network Security…. We Build Peace of Mind 29 What about Windows?  Most tools have Windows versions  Nmap, pavuk, ettercap, Metasploit, etc..  Some are not Open-Source, but are available for private use  Nessus Windows Technology http://www.tenablesecurity.com/newt.html  Others will work under cygwin  Linux/Unix for Windows  http://www.cygwin.com/ http://www.cygwin.com/

30 Beyond Network Security…. We Build Peace of Mind 30 Questions?  This is when you complain that I did not include your favorite tool.  Or when you tell me what a great time you had.

31 S C I E N C E A P P L I C A T I O N S I N T E R N A T I O N A L C O R P O R A T I O N Scott C. Kennedy Chief Engineer, Secure Networking Engineering 4224 Campus Point Court San Diego, CA 92121 858.826.3035

32 Beyond Network Security…. We Build Peace of Mind 32 SANS 2003 Top 20 Vulnerabilities Windows 1.Internet Information Server (IIS) 2.Microsoft SQL Server (MSSQL) 3.Windows Authentication (LANMAN) 4.Internet Explorer (IE) 5.Windows Remote Access Service 6.Microsoft Data Access Components (MDAC) 7.Windows Scripting Host (WSH) 8.Microsoft Outlook & Outlook Express 9.Windows Peer to Peer Sharing (P2P) 10.Simple Network Management Protocol (SNMP) Unix/Linux 1.BIND Domain Name System (DNS) 2.Remote Procedure Call (RPC) 3.Apache Web Server 4.General Unix Authentication 5.Clear Text Services (Telnet/ftp/rsh) 6.Sendmail (SMTP) 7.Simple Network Management Protocol (SNMP) 8.Secure Shell (SSH) 9.Misconfiguration of Enterprise Services (NIS/NFS) 10.Open Secure Sockets Layer (OpenSSL)

33 Beyond Network Security…. We Build Peace of Mind 33 SANS 2004 Top 20 Vulnerabilities Windows 1.Web Servers & Services 2.Workstation Service 3.Windows Remote Access Service 4.Microsoft SQL Server (MSSQL) 5.Windows Authentication 6.Web Browsers 7.File Sharing Applications 8.LSASS Exposures 9.Mail Client 10. Instant Messaging Unix/Linux 1.BIND Domain Name System (DNS) 2.Web Server 3.Authentication 4.Version Control Systems 5.Mail Transport Service 6.Simple Network Management Protocol (SNMP) 7.Open Secure Sockets Layer (OpenSSL) 8.Misconfiguration of Enterprise Services (NIS/NFS) 9.Databases 10. Kernel

Download ppt "S C I E N C E A P P L I C A T I O N S I N T E R N A T I O N A L C O R P O R A T I O N Open-Source Network Security Tools Scanning/Securing/Exploiting oh."

Similar presentations

System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
INNOV-04 The SANS Top 20 Internet Security Vulnerabilities Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. www.solomonconsulting.com (Thanks to.

INNOV-04 The SANS Top 20 Internet Security Vulnerabilities Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. (Thanks to.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Similar presentations

Ads by Google