Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Slides:

Advertisements

Similar presentations

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Advertisements

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

COEN 252: Computer Forensics Router Investigation.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Ana Chanaba Robert Huylo

Module 7: Configuring TCP/IP Addressing and Name Resolution.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

COEN 252 Computer Forensics

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.

Linux Networking and Security

Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.

T. Lopatic, J. McDonald, D. Song, "A Stateful Inspection of FireWall-1", Black Hat Briefings A Stateful Inspection of FireWall-1 Thomas Lopatic,

CHAPTER 9 Sniffing.

1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

Security fundamentals Topic 10 Securing the network perimeter.

Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF

Firewalls Group 11Group 12 Bryan Chapman Richard Dillard Rohan Bansal Huang Chen Peijie Shen.

Retina Network Security Scanner

Firewall C. Edward Chow CS691 – Chapter 26.3 of Matt Bishop Linux Iptables Tutorial by Oskar Andreasson.

Introduction to Linux Firewall

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

Fall  Computer Crimes  Operating System Identification  Firewalking 2.

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.

Securing your network But still be able to access it Hugh Mahon.

Firewalls. A Firewall is: a) Device that interconnects two networks b) Network device that regulates the access to an internal network c) Program that.

Security fundamentals

Protection (tools).

An Introduction To ARP Spoofing & Other Attacks

Penetration Testing Scanning

Networks Fall 2009.

MAC Address Tables on Connected Switches

FIREWALL configuration in linux

Lab 2: Packet Capture & Traffic Analysis with Wireshark

CITA 352 Chapter 5 Port Scanning.

The Linux Operating System

Domain 4 – Communication and Network Security

LAN Vulnerabilities.

Packet Sniffers Lecture 10 - NETW4006 NETW4006-Lecture09.

Introduction to Networking

Chapter 4: Access Control Lists (ACLs)

* Essential Network Security Book Slides.

Setting Up Firewall using Netfilter and Iptables

– Chapter 3 – Device Security (B)

OPS235: Configuring a Network Using Virtual Machines – Part 2

Firewalls By conventional definition, a firewall is a partition made

EVAPI - Enumeration Auburn Hacking club

Presentation transcript:

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03

Schedule 4 Attacking methods –Traffic sniffing –ARP spoofing –Password cracking –Port Scanning 1 Defense methods –Firewall configuration 2 Vulnerability assessment tool –Nessus –Bastille Summarizing Report on its learning (1-2 pages)

Environment 3 VM images ( c:\VMware\valab-ht10\) –Windows, Fedora (angel), Fedora (devil)

Sniffing Hub: a hub simply receives incoming packets and broadcasts these packets out to all devices on the network Adapt promiscuous mode: an adapter can receive all frames on the network, not just frames are addressed to that adapter

Wireshark

Sniffing practice Surfing with the browser on the host machine Sniff the HTTP traffic using wireshark on the VM

Hub v.s. switch Hub: Layer 1 (physical) Switch: Layer 2 (data-link)

ARP (Address Resolution Protocol) MAC address (layer 2) –Global unique –Unchangeable IP address (layer 3) –Network unique –Changeable

ARP spoofing (cache poisoning) on switch

Preparation ipconfig /all Let me know the last number of your ip address and mac address ping [hostname] –t

Cain

Password Cracking Authentication: –Something you know –Something you have –Something you are Password need to be transferred Password need to be stored

Brute Force Attempts all possible combinations of letters and numbers Possible Solution – Limit amount of unsuccessful logins – Change password often –The length should be at least 8 characters

Dictionary Type of Brute Force Only tries possibilities that are likely to succeed List are derived from dictionary Possible Solutions –Mix and match numbers, letters, upper and lower case –Avoid passwords based on dictionary words, letter or number sequences, usernames, or biographical information

John the ripper Traditionally the account information is stored in the /etc/passwd file The /etc/passwd file is world-readable Shadow password system stores passwords in the file /etc/shadow which is not world-readable unshadow /etc/passwd /etc/shadow > tmp less tmp /*have a look*/ john tmp Then create your own account and password, run “john” again to see the result useradd [your account] passwd [your account]

Port Scanning Attackers wish to discover services they can break into. Whether the service existing? sending a packet to each port, once at a time. –Based on the type of response, an attacker knows if the port is used. –The used ports can be probed further for weakness. Well-known: tcp 21, tcp 22, tcp 23, tcp 80 …

Nmap -sT (scanning by TCP connections) -sS (SYN scanning) -sU (UDP scanning) -sV (Version detection) -O (OS fingerprinting) -T[0-5] (time interval) -f (fragmenting)

Nmap

Zenmap: graphical interface

Firewall A set of related programs that protects the resources of a private network or a host from external environment. A mechanism for filtering network packets based on information contained within the IP header.

IPtables 3 default chains input Used to control packets entering the interface. (The packets will be ended in this machine) output Used to control packets leaving the interface. (The packets are originated from this machine) forward Used to control packets being masqueraded, or sent to remote hosts.

IPtables iptables command [match] [target] Command: -A, -I, -D, -F, -L Match: -p [protocol], -s [source IP], -d [destination IP], -i [interface], --sport [source port], --dport [destination port] Target: -j [ACCEPT/DROP/LOG…] Example: –iptables –I INPUT –p ICMP –j DROP –iptables –I INPUT –p ICMP –icmp-type 0 –j ACCEPT Our task: restrict all inbound traffic, except SSH requests on port 22. However, any outgoing requests should not be affected.

Nessus Remote vulnerability scanner Nessus will –Perform over 900 security checks –Accept new plugins to expand new checks –List security concerns and recommend actions to correct them

Nessus Client/server architecture –Server: perform checking –Client: Front-end Can test unlimited amount of hosts in each scan

Nessus

Bastille Operating System Hardening –Remove unnecessary processes –Setting file permissions –Patching and updating –Setting networking access controls Generate your own hardening policy Can be run manually to provide advice and information

Bastille Assessment mode: bastille -a

Bastille Configuration mode: bastille -x