Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.

Published byHelen Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification."— Presentation transcript:

1 Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration ○ Gaining Access & Privilege Escalation ○ Enumerating Further ○ Compromise Remote Users/Sites ○ Maintaining Access ○ Cover the Tracks Heorot.net

2 Vulnerability Identification  Purpose behind Vulnerability Identification “... find flaws within the network, servers, services and other attached information resources.” Heorot.net

3 Vulnerability Identification  Identify vulnerable services using service banners  Perform vulnerability scan to search for known vulnerabilities  Perform false positive and false negative  Enumerate discovered vulnerabilities  Estimate probable impact (classify vulnerabilities found)‏  Identify attack paths and scenarios for exploitation Heorot.net

4 Identify Vulnerable Services Using Service Banners Heorot.net

5 Identify Vulnerable Services Using Service Banners Apache Demonstration

6 Perform Vulnerability Scan  *Tools: Nessus Sara Internet Scanner Retina Network Security Scanner Netrecon Core IMPACT *None of these tools are found on the BackTrack Disk Heorot.net

7 Perform Vulnerability Scan  Advantage of Vulnerability Scanners: “Click-and-Go” Basic knowledge of IT and Security Powerful Up-to-date  Disadvantage of Vulnerability Scanners: “Click-and-Go” Basic knowledge of IT and Security Heorot.net

8 Perform False Positive and False Negative “False positives refer to non-issues that were incorrectly detected. Accordingly, false negatives refer to existent issues that were not detected during an assessment. In every assessment there is always the risk of any of these being present.”

9 Enumerate Discovered Vulnerabilities  Identified Vulnerability Apache/2.0.55 (UNIX) PHP/5.1.2  Tools : Web Sites: ○ Milw0rm.org ○ Securityfocus.com ○ Cert.org ○ Packetstormsecurity.com ○ National Vunerability Database http://nvd.nist.gov/ Metasploit Vulnerability Scanners Heorot.net

10 Enumerate Discovered Vulnerabilities Apache / milw0rm Demonstration

11 Estimate Probable Impact  High Risk Vulnerability ○ “...immediate threat of high and adverse impact on the business critical processes of the target organization”  Medium Risk Vulnerability ○ “...threat of high and adverse impact to non-critical systems in terms of business. ○ “...no immediate threat nor a big impact and the vulnerability affects critical business systems.”  Low Risk Vulnerability ○...”the technical and business impact is low.” Heorot.net

12 Identify Attack Paths and Scenarios for Exploitation  Game plan on how to attack the system  List of vulnerabilities Threat Level based on Impact to business goals  Measures to mitigate vulnerabilities  Stopping point About to move away from “Blue Team” and move into “Red Team” Heorot.net

13 Hands-On Exercise Identify Live Hosts  Tools: The Internet List of Services ○ Version Information Operating System ○ Version Information  Find known Vulnerabilities Bugtraq ○ http://securityfocus.com/archive/1 National Vunerability Database ○ http://nvd.nist.gov/  Find Potential Exploits milw0rm.org (that’s a “zero”) Securityfocus.com Cert.org Packetstormsecurity.com Heorot.net

14 Module 5 – Conclusion  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification Identify vulnerable services using service banners Perform vulnerability scan Perform false positive and false negative Enumerate discovered vulnerabilities Estimate probable impact Identify attack paths and scenarios for exploitation Heorot.net

Download ppt "Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification."

Similar presentations

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.
Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.

Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Module 2 – PenTest Overview

Module 2 – PenTest Overview
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.

9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan

Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.

Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Comp 8130 Presentation Security Testing Group Members: U4266680 Hui Chen U4242754 Ming Chen U4266538 Xiaobin Wang.

Comp 8130 Presentation Security Testing Group Members: U Hui Chen U Ming Chen U Xiaobin Wang.
1 Presentation ISS Security Scanner & Retina by Adnan Khairi 100183586.

1 Presentation ISS Security Scanner & Retina by Adnan Khairi
Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.

Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.
Application Threat Modeling Workshop

Application Threat Modeling Workshop
The Business of Penetration Testing

The Business of Penetration Testing

Similar presentations

Ads by Google