Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

Published byKatrina Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications."— Presentation transcript:

1 Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications and purpose Network mapping Legal issues

2 Network Monitoring General Purpose Functions Applications Design NIDS – Network Intrusion Detection IPS – Intrusion Prevention System

3 Network and System Scanning What application versions are running? What services are running? What ports/services are open? What does the network look like? What can the external world see? Have any of these changed?

4 Network Assessment What do the other systems look like? What does my system look like to outsiders? Remote system characterization LAN topology Tools nmap nessus

5 Network Assessment Planning Initial reconnaissance System enumeration Service enumeration Vulnerability discovery

6 Planning Appropriate time You will probably crash operational systems You will need admin support Approximate possible risks Determine costs – man hours Management written approval Make sure every one buys into what you are doing

7 Initial Reconnaissance Corporate structure Web surfing » Web browser » www.copernic.com www.copernic.com whois host NetScanTools Pro » DNS information nslookup » DNS information » Should return minimal info if well configured

8 System Enumeration Using information from initial reconn phase Discover more hosts and servers Perimeter defense may block some scans Directly probe target network Combine discovery and analysis techniques Structure of network Perimeter design

9 Tools traceroute The important info for this phase » Target routers and DNS servers » What is the route form a server to the Internet » Often server names give geographic or organizational info

10 Tools Network scanners ICMP – fping and pinger » Looks for systems that return ICMP messages TCP, UDP – nmap » Searches the entire range of IP addresses allocated to a network

11 Service Enumeration Now find out what is available on each system Services Ports open, ports filtered, OS Application versions System policies Password policy Users, domains, system names

12 Tools nmap LANGuard ww.gfisoftware.com/languard/lanscan.htm Used as a LAN audit tool, $249 Telnet and banner retrieval :\:\>telent sou.edu 22 SSH-1.99-OpenSSH_3.1p1 :\:\>telent www.sou.edu 80www.sou.edu HEAD / HTTP/1.0 HTTP/1.1 50` Method not implemented Date: Sun, 02 Mar 2003 20:46:44 GMT Server: Apache/1.3.27 (Unix) (Red Hat/Linux mod_ssl/2.8.12 OpenSSL/0.9.6 DAV/1.0.2 PHP/4.1.2 mod_perl/1.24

13 Vulnerability Discovery Vulnerability scanners Work at the application layer Most of these scanners also do network and port scanning Best to start from the beginning » Network enumeration, System enumeration, Vulnerability discovery

14 Vulnerability Discovery Tools Nessus – open sourced, very complete ISS Internet Scanner – Windows, $$ Retina – Windows, good GUI, $$

15 Summary Network assessment CAREFUL This is ILLEGAL

Download ppt "Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications."

Similar presentations

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.

Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.

Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.

1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.
1 Presentation ISS Security Scanner & Retina by Adnan Khairi 100183586.

1 Presentation ISS Security Scanner & Retina by Adnan Khairi
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Networking in a Linux Environment Pete Eby Dan Thomas Robert Zurawski.

Networking in a Linux Environment Pete Eby Dan Thomas Robert Zurawski.
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

Similar presentations

Ads by Google