Presentation is loading. Please wait.

Presentation is loading. Please wait.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Published byChristian Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03."— Presentation transcript:

1 Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang ge.zhang@kau.se Dvg-C03

2 Karlstad University Schedule 3 Attacking methods –Password cracking –ARP spoofing & sniffing –Port Scanning 1 Defense methods –Firewall configuration 2 Vulnerability assessment tool –Nessus –Bastille

3 Karlstad University Environment 3 VM images ( c:\vmware\valab-ht11 )

4 Karlstad University Password Cracking Authentication: –Something you know –Something you have –Something you are Password need to be transferred Password need to be stored

5 Karlstad University Brute Force Attempts all possible combinations of letters and numbers Possible Solution – Limit amount of unsuccessful logins – Change password often –The length should be at least 8 characters

6 Karlstad University Dictionary Type of Brute Force Only tries possibilities that are likely to succeed List are derived from dictionary Possible Solutions –Mix and match numbers, letters, upper and lower case –Avoid passwords based on dictionary words, letter or number sequences, usernames, or biographical information

7 Karlstad University John the ripper Traditionally the account information is stored in the /etc/passwd file The /etc/passwd file is world-readable Shadow password system stores passwords in the file /etc/shadow which is not world-readable Have a look on –/usr/share/doc/john-1.7.0.2/EXAMPLES Then create your own account and password, run “john” again to see the result useradd [your account] passwd [your account]

8 Karlstad University Sniffing Hub : a hub simply receives incoming packets and broadcasts these packets out to all devices on the network Adapt promiscuous mode : an adapter can receive all frames on the network, not just frames are addressed to that adapter

9 Karlstad University Wireshark

10 Karlstad University Wireshark

11 Karlstad University Hub v.s. switch Hub: Layer 1 (physical) Switch: Layer 2 (data-link)

12 Karlstad University ARP (Address Resolution Protocol) MAC address (layer 2) –Global unique –Unchangeable IP address (layer 3) –Network unique –Changeable

13 Karlstad University ARP spoofing (cache poisoning) on switch

14 Karlstad University Preparation ipconfig /all Let me know the last number of your ip address and mac address ping [IP address] –t

15 Karlstad University Cain

16 Karlstad University Cain

17 Karlstad University Cain

18 Karlstad University Port Scanning Attackers wish to discover services they can break into. Whether the service existing? sending a packet to each port, once at a time. –Based on the type of response, an attacker knows if the port is used. –The used ports can be probed further for weakness. Well-known: tcp 21, tcp 22, tcp 23, tcp 80 …

19 Karlstad University Nmap -sT (scanning by TCP connections) -sS (SYN scanning) -sU (UDP scanning) -sV (Version detection) -O (OS fingerprinting) -T[0-5] (time interval) -f (fragmenting)

20 Karlstad University Nmap

21 Karlstad University Nmap Zenmap: graphical interface

22 Karlstad University Firewall A set of related programs that protects the resources of a private network or a host from external environment. A mechanism for filtering network packets based on information contained within the IP header.

23 Karlstad University IPtables 3 default chains input Used to control packets entering the interface. (The packets will be ended in this machine) output Used to control packets leaving the interface. (The packets are originated from this machine) forward Used to control packets being masqueraded, or sent to remote hosts.

24 Karlstad University IPtables iptables command [match] [target] Command: -A, -I, -D, -F, -L Match: -p [protocol], -s [source IP], -d [destination IP], -i [interface], -- sport [source port], --dport [destination port] Target: -j [ACCEPT/DROP/LOG…] Example: –iptables –I INPUT –p ICMP –j DROP –iptables –I INPUT –p ICMP –icmp-type 0 –j ACCEPT Our task: restrict all inbound traffic, except SSH requests on port 22. However, any outgoing requests should not be affected.

25 Karlstad University Nessus Remote vulnerability scanner Nessus will –Perform over 900 security checks –Accept new plugins to expand new checks –List security concerns and recommend actions to correct them

26 Karlstad University Nessus Client/server architecture –Server: perform checking –Client: Front-end Can test unlimited amount of hosts in each scan

27 Karlstad University Nessus

28 Karlstad University Nessus

29 Karlstad University Bastille Operating System Hardening –Remove unnecessary processes –Setting file permissions –Patching and updating –Setting networking access controls Generate your own hardening policy Can be run manually to provide advice and information

30 Karlstad University Bastille Assessment mode: bastille -a

31 Karlstad University Bastille Configuration mode: bastille -x

Download ppt "Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03."

Similar presentations

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Port Scanning.

Port Scanning.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

Similar presentations

Ads by Google