Retina Network Security Scanner By Ajith U Kamath 60-564 Project Frequently, presenters must deliver material of a technical nature to an audience unfamiliar with the topic or vocabulary. The material may be complex or heavy with detail. To present technical material effectively, use the following guidelines from Dale Carnegie Training®. Consider the amount of time available and prepare to organize your material. Narrow your topic. Divide your presentation into clear segments. Follow a logical progression. Maintain your focus throughout. Close the presentation with a summary, repetition of the key steps, or a logical conclusion. Keep your audience in mind at all times. For example, be sure data is clear and information is relevant. Keep the level of detail and vocabulary appropriate for the audience. Use visuals to support key points or steps. Keep alert to the needs of your listeners, and you will have a more receptive audience.
AGENDA Introduction Installation procedure Features Test cases and results Points noted during testing Conclusion In your opening, establish the relevancy of the topic to the audience. Give a brief preview of the presentation and establish value for the listeners. Take into account your audience’s interest and expertise in the topic when choosing your vocabulary, examples, and illustrations. Focus on the importance of the topic to your audience, and you will have more attentive listeners.
INTRODUCTION Importance of Network Security Scanner Retina Network Security Scanner If you have several points, steps, or key ideas use multiple slides. Determine if your audience is to understand a new idea, learn a process, or receive greater depth to a familiar concept. Back up each point with adequate explanation. As appropriate, supplement your presentation with technical support data in hard copy or on disc, e-mail, or the Internet. Develop each point adequately to communicate with your audience.
INSTALLATION System Requirements Download from Install http://www.eeye.com/html/products/retina/download/index.html Install
FEATURES – Retina Session
FEATURES (Cont…) Discover Tab Discover network machines Customizable TCP, UDP, and ICMP discovery, OS detection, and general machine information Retina can also be configured to discover active wireless devices Additional IP’s with Retina licenses on the network
FEATURES (Cont…) Target Types
FEATURES (Cont…) Audit Tab
FEATURES (Cont…) Modifying the Port Groups All Ports Discovery Ports HTTP Ports NetBIOS Ports Custom Ports added
FEATURES (Cont…) Modifying Audit Groups All Audits SANS20 [All] SANS20 [Unix] SANS20 [Windows] Custom Audit Groups
FEATURES (Cont…) Remediate Tab Generate reports used in remediation management Create customized reports
FEATURES (Cont…) Configurations pane Scan Jobs Results
FEATURES (Cont…) Report Tab Detailed information gathered by the scanner Customized reports Report can be opened in MS Word or Internet Explorer
TEST CASES AND RESULTS Network Configuration
TEST CASES AND RESULTS Test Case One Aim: To scan the ports on the windows server. Description: To run the complete scan of all the ports on the windows server. Test Result: Passed
TEST CASES AND RESULTS
TEST CASES AND RESULTS Test Case Two Aim: To scan the Red Hat Linux server and match the result with other security tool. Description: By comparing the result with other network security tool like GFI LANguard we can actually check whether the result produced by Retina Scanner is proper or it lacks in giving some information. Test Result: Failed.
TEST CASES AND RESULTS The result obtained from Retina
TEST CASES AND RESULTS The result obtained from GFI LANguard
TEST CASES AND RESULTS Test Case Three Aim: To test whether retina network scanner will detect the users weak passwords Description: The user account in question could have a password that is exactly the same as the account name except for it is backwards. Therefore an attacker could easily guess this password and gain access to your system via this account and then further their access into your network. Test Condition: Created a user account ‘kamath’ with password as ‘htamak’ i.e. opposite to the user login name on 137.207.234.151 machine. Test Result: Passed
TEST CASES AND RESULTS
TEST CASES AND RESULTS Test Case Four Aim: To test the windows server 2003 for CVE-2000-1200. Description: Windows NT allows remote attackers to list all users in a domain by obtaining the domain security identifier (SID) with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users. Test Result: Passed
TEST CASES AND RESULTS
POINTS NOTED DURING TESTING The results were not consistent in few test cases. The following diagrams shows while the network is discovered using the software.
POINTS NOTED DURING TESTING In the following diagram, the Mac address for machine 137.207.234.151 is not displayed.
POINTS NOTED DURING TESTING When the same machine is discovered again, Mac address is displayed.
POINTS NOTED DURING TESTING The software was unstable during testing. When the link connecting to the destination went down while the retina was still scanning the machine, scanner hanged. The scanner was not responding for any commands. But the problem could not be reproduced when tested under the same conditions again.
Conclusion The 2004 Readers' Choice Best Security Scanner award User friendly interface Many features included Could not scan medium risk vulnerabilities when compared to other tools. Determine the best close for your audience and your presentation. Close with a summary; offer options; recommend a strategy; suggest a plan; set a goal. Keep your focus throughout your presentation, and you will more likely achieve your purpose.