Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006
2 Objectives Conduct basic system reconnaissance Use port scanners Derive useful information about a Web site Locate useful information from newsgroup postings Use vulnerability scanners Use port monitoring utilities
3 Introduction Hacker’s goals Footprint a system Examining a potential target system Compromise a target Gain access to that system Your goals Understanding system auditing Examining your own system Understanding how hackers gain access Understanding hacker’s tools
4 Basic Reconnaissance ( 偵察 ) Windows tools for reconnaissance Nslookup (name server lookup) Whois ( ARIN (en.wikipedia.org/wiki/ARIN) Web-based tools Target Web site Social engineering
5 Basic Reconnaissance (cont.) Netcraft is an online utility that tells What Web server software a site is running What operating system it is using Other important information Go to “What’s that site running?” Type in Press Enter
6 Basic Reconnaissance (cont.) Tracing IP address Map all addresses between a system and a target Trace route VisualRoute
7 Basic Reconnaissance (cont.) Use this information “Google” names found in your search “Google” addresses of the administrators, using Google groups
8 Basic Reconnaissance (cont.) Social Engineering Getting information in a non-technical manner “Dumpster diving” Dupe employees into compromising security
9 Scanning Use information gathered by research and social engineering Scan target for information that reveals vulnerabilities
10 Scanning (cont.) Nmap – Unix or Windows Hping2 – Unix Netcat – Cross-platform Ping – Cross-platform Traceroute – Cross-platform
11 Scanning (cont.) Nmap ICMP echo request packets SYN scanning Version scanning RPC scans g/wiki/Remote_proce dure_call g/wiki/Remote_proce dure_call OS fingerprinting capabilities
12 Scanning (cont.) Port and network scanning Identify which ports are open Port numbers identify services These ports should be closed: Unnecessary services Vulnerable services
13 Scanning (cont.) Ports s00000.htm s00000.htm _ports.htm _ports.htm
14 Scanning (cont.) NetBrute Scans a range of IP addresses For network administrators testing their own networks Targets one IP Locates open ports Locates all shared drives Identifies O/S and Web server software
15 Scanning (cont.) Cerberus Various download locations Checks for a variety of services Generates an html report Identifies security flaws in the registry, other areas
16 Scanning (cont.) SATAN Security Administrator Tool for Analyzing Networks Unix
17 Scanning (cont.) Vulnerability ( 弱點 ) Scanning m m SAINT Prioritizes results Fast assessment Configurable for increased efficiency Nessus Up to date and easy to use Updateable plug-ins Detailed reports
18 Port Monitoring and Managing A deeper layer of information gathering Netstat Netstat Live k/nsl.htm k/nsl.htm Active Ports Fport TCPView
19 In-Depth Searches Take investigation to a deeper level Search engines Newsgroups Information can be used for good or bad purposes
20 Summary Information The more information you have about the vulnerabilities and weaknesses of your system, the better prepared you are to defend it. The more information the hacker has about your system’s vulnerabilities and weaknesses, the sooner it will be violated. The tools in this chapter are for the network and security administrator and are to be used for legal, not illegal, purposes.