Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Published byEunice Wright Modified over 7 years ago

Similar presentations

Presentation on theme: "Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03."— Presentation transcript:

1 Introduction to Vulnerability Assessment Labs Ge Zhang ge.zhang@kau.se Dvg-C03

2 Schedule 4 Attacking methods –Traffic sniffing –ARP spoofing –Password cracking –Port Scanning 1 Defense methods –Firewall configuration 2 Vulnerability assessment tool –Nessus –Bastille Summarizing Report on its learning (1-2 pages)

3 Environment 3 VM images ( c:\VMware\valab-ht10\) –Windows, Fedora (angel), Fedora (devil)

4 Sniffing Hub: a hub simply receives incoming packets and broadcasts these packets out to all devices on the network Adapt promiscuous mode: an adapter can receive all frames on the network, not just frames are addressed to that adapter

5 Wireshark

6

7 Sniffing practice Surfing with the browser on the host machine Sniff the HTTP traffic using wireshark on the VM

8 Hub v.s. switch Hub: Layer 1 (physical) Switch: Layer 2 (data-link)

9 ARP (Address Resolution Protocol) MAC address (layer 2) –Global unique –Unchangeable IP address (layer 3) –Network unique –Changeable

10 ARP spoofing (cache poisoning) on switch

11 Preparation ipconfig /all Let me know the last number of your ip address and mac address ping [hostname] –t

12 Cain

13

14

15 Password Cracking Authentication: –Something you know –Something you have –Something you are Password need to be transferred Password need to be stored

16 Brute Force Attempts all possible combinations of letters and numbers Possible Solution – Limit amount of unsuccessful logins – Change password often –The length should be at least 8 characters

17 Dictionary Type of Brute Force Only tries possibilities that are likely to succeed List are derived from dictionary Possible Solutions –Mix and match numbers, letters, upper and lower case –Avoid passwords based on dictionary words, letter or number sequences, usernames, or biographical information

18 John the ripper Traditionally the account information is stored in the /etc/passwd file The /etc/passwd file is world-readable Shadow password system stores passwords in the file /etc/shadow which is not world-readable unshadow /etc/passwd /etc/shadow > tmp less tmp /*have a look*/ john tmp Then create your own account and password, run “john” again to see the result useradd [your account] passwd [your account]

19 Port Scanning Attackers wish to discover services they can break into. Whether the service existing? sending a packet to each port, once at a time. –Based on the type of response, an attacker knows if the port is used. –The used ports can be probed further for weakness. Well-known: tcp 21, tcp 22, tcp 23, tcp 80 …

20 Nmap -sT (scanning by TCP connections) -sS (SYN scanning) -sU (UDP scanning) -sV (Version detection) -O (OS fingerprinting) -T[0-5] (time interval) -f (fragmenting)

21 Nmap

22 Zenmap: graphical interface

23 Firewall A set of related programs that protects the resources of a private network or a host from external environment. A mechanism for filtering network packets based on information contained within the IP header.

24 IPtables 3 default chains input Used to control packets entering the interface. (The packets will be ended in this machine) output Used to control packets leaving the interface. (The packets are originated from this machine) forward Used to control packets being masqueraded, or sent to remote hosts.

25 IPtables iptables command [match] [target] Command: -A, -I, -D, -F, -L Match: -p [protocol], -s [source IP], -d [destination IP], -i [interface], --sport [source port], --dport [destination port] Target: -j [ACCEPT/DROP/LOG…] Example: –iptables –I INPUT –p ICMP –j DROP –iptables –I INPUT –p ICMP –icmp-type 0 –j ACCEPT Our task: restrict all inbound traffic, except SSH requests on port 22. However, any outgoing requests should not be affected.

26 Nessus Remote vulnerability scanner Nessus will –Perform over 900 security checks –Accept new plugins to expand new checks –List security concerns and recommend actions to correct them

27 Nessus Client/server architecture –Server: perform checking –Client: Front-end Can test unlimited amount of hosts in each scan

28 Nessus

29

30 Bastille Operating System Hardening –Remove unnecessary processes –Setting file permissions –Patching and updating –Setting networking access controls Generate your own hardening policy Can be run manually to provide advice and information

31 Bastille Assessment mode: bastille -a

32 Bastille Configuration mode: bastille -x

Download ppt "Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03."

Similar presentations

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Port Scanning.

Port Scanning.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Ana Chanaba Robert Huylo

Ana Chanaba Robert Huylo
Module 7: Configuring TCP/IP Addressing and Name Resolution.

Module 7: Configuring TCP/IP Addressing and Name Resolution.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
COEN 252 Computer Forensics

COEN 252 Computer Forensics

Similar presentations

Ads by Google