Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scanning with ISS Security-SIG 15 December 2005 David Taylor & John Lupton ISC Information Security ISC/Information Security.

Published bySilvia Carroll Modified over 8 years ago

Similar presentations

Presentation on theme: "Scanning with ISS Security-SIG 15 December 2005 David Taylor & John Lupton ISC Information Security ISC/Information Security."— Presentation transcript:

1 Scanning with ISS Security-SIG 15 December 2005 David Taylor & John Lupton ISC Information Security ISC/Information Security

2 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu ISS - Internet Security Scanner Commercial product of Internet Security Systems Provides Windows-based scanning for vulnerabilities on hosts running all major PC operating systems –Windows –Mac OS X –Unix/Linux

3 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Which Windows? Dave Taylor sez… –Windows 2000 or above, BUT… –Win 2003 and XP/SP2 have been problematic –Win 2000 or XP/SP1 seem to work best

4 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Who’s Allowed to Scan? Anyone is permitted to scan their own system Penn Sysadmins and LSP’s are permitted to scan IP addresses/ranges for which they have responsibility

5 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Scanning Etiquette The “Golden Rule”…you don’t appreciate someone else scanning your addresses without your knowledge or permission, right? “Let My People Know”…unless there’s a good reason to keep it secret, tell your users when you will be scanning, and from which IP address

6 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Firewalls If you are scanning from inside a firewall, you will need to disable it to prevent problems with scan accuracy If your target(s) is/are behind a firewall, you will need to: –Disable the firewall during the scan, OR –Locate the scanning system inside the firewall

7 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Downloading & Installing ISS Go to www.iss.net/download Set up an account (necessary, but free) Sign in to the Download Center Search for Internet Scanner 7.0 SP2 –Allows installation of SQL desktop engine as part of single installation –Dave sez: older versions require separate installations, and are “a pain in the bootie”. Click on colored “FULL INSTALLS” tab Download file (there’s only one) and install as per instructions

8 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu OK, what next?… The software “as is” will allow scanning of the localhost (127.0.0.1) To scan other hosts, you need to obtain and install a “key” Send email to security@isc - we will “cut” you a key and transmit it to you, along with instructions how to import it into ISS

9 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

10 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Installing Updates After installing the ISS application, update the scanning modules by running “X-Press Update Install” –Located in ‘Start’ menu –Go to Starbucks…it will take a while Once the updated modules have been installed, you’re ready to roll

11 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

12 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Scanning Credentials From a stand-alone, non-domain system: –Results similar to what outside hacker could see From a standard domain user account: –Results similar to what other domain users could see From a Domain Administrator account: –Results will show much more detail, e.g. patch level

13 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Set Up a Session From ‘Start’ Menu… –Create a new session –Choose a template, OR start with a blank session and construct your own new policy –Give it a name, and click ‘OK’ –Edit the policy and select your scan target(s) Be Aware!…Plugins for Destructive Denial of Service vulnerabilities may cause a remote system to become unresponsive - or crash altogether

14 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

15 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

16 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

17 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

18 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

19 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

20 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

21 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Set Up a Session (cont.) Save the policy and close the Policy Editor Select the policy, then name the session Enter a host range, or load from a list –Remember the “Golden Rule” - don’t scan anyone’s space but your own

22 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

23 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

24 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

25 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu To Ping, or not to Ping? You have an option to “ping” the hosts in your target range before the scan is performed Many hosts are configured to block all ICMP activity, but can still be scanned Generally better to NOT use the “ping” option –Scans take longer, but are usually more accurate –If hosts you know are present return “unreachable”: Use ‘Tools->Session Properties’ and choose ‘Scan Always’ Forces ISS to run all modules in the policy

26 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Running the Scan Let ‘er rip… Go to Starbucks again

27 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

28 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Result Reports Results can be presented in several escalating levels, e.g.: –Executive summary –Technically detailed, with step-by-step mitigation procedures Need help? Write to us at security@iscsecurity@isc

29 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

30 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

31 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

32 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu

33 Scanning with ISS 15 December 2005 ISC/Information Security security@isc.upenn.edu Useful Links Download: www.iss.net/download Support: www.iss.net/support Plug-in Info: xforce.iss.net/ SANS Internet Storm Center: isc.sans.org SANS@Risk: www.sans.org/newsletters/risk French Security Incident Response Team (known for releasing Zero-Day Advisories): www.frsirt.com/english/ Metasploit: www.metasploit.com

Download ppt "Scanning with ISS Security-SIG 15 December 2005 David Taylor & John Lupton ISC Information Security ISC/Information Security."

Similar presentations

How to download and install Sharpdesk

How to download and install Sharpdesk
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Calendar Browser is a groupware used for booking all kinds of resources within an organization. Calendar Browser is installed on a file server and in a.

Calendar Browser is a groupware used for booking all kinds of resources within an organization. Calendar Browser is installed on a file server and in a.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.

1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
Panasonic Computer Products Europe CF-08 Live Set up.

Panasonic Computer Products Europe CF-08 Live Set up.
A common error that appears on the copier’s screen is seen here when a scan to Sharpdesk is not sent to the computer successfully. This guide intends to.

A common error that appears on the copier’s screen is seen here when a scan to Sharpdesk is not sent to the computer successfully. This guide intends to.
Format Scandisk Defragmentation Antivirus Compression Software

Format Scandisk Defragmentation Antivirus Compression Software
Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.

Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.
Installing and running COMSOL on a Windows HPCS2008(R2) cluster

Installing and running COMSOL on a Windows HPCS2008(R2) cluster
1 of 13 Back to Start Working Remotely Your company’s Windows SBS computer network makes it easy for you and your coworkers to work remotely—and to stay.

1 of 13 Back to Start Working Remotely Your company’s Windows SBS computer network makes it easy for you and your coworkers to work remotely—and to stay.
File sharing. Connect the two win 7 systems with LAN card Open the network.

File sharing. Connect the two win 7 systems with LAN card Open the network.
Copyright © 2013 FingerTec Worldwide Sdn.Bhd. All rights reserved.

Copyright © 2013 FingerTec Worldwide Sdn.Bhd. All rights reserved.
Document Processing Ways to centralize and streamline your Endangered Species Act document processing procedures.

Document Processing Ways to centralize and streamline your Endangered Species Act document processing procedures.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.
SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.

SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.
How To Batch Register Your Students

How To Batch Register Your Students

Similar presentations

Ads by Google