Presentation is loading. Please wait.

Presentation is loading. Please wait.

Great Tools for Securing and Testing Your Network Ernest Staats MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+,

Published byNathaniel McDougall Modified over 10 years ago

Similar presentations

Presentation on theme: "Great Tools for Securing and Testing Your Network Ernest Staats MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+,"— Presentation transcript:

1 Great Tools for Securing and Testing Your Network Ernest Staats erstaats@gcasda.org MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ http://www.es-es.nethttp://www.es-es.net

2 Outline Silver Bullet Most Used Tools CD/USB Security Perimeter Security Vulnerability Assessment Password Recovery Networking Scanning Data Rescue and Restoration Application and Data Base Tools Encryption Software Wireless Tools Virtual Machines New USB Exploits Digital Forensic Tools Backup Software Tools that Cost but Have Great Value

3 No Silver Bullet No Silver Bullet for network and system testing: –Determine your needs –Finding the right tools –Using the right tool for the job

4 My Most Used Tools: Google (Get Google Hacking book) –The Google Hacking Database (GHDB) http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index SuperScan 4 –Network Scanner find open ports (I prefer version 3) http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/ resources/proddesc/superscan.htmhttp://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/ resources/proddesc/superscan.htm Cain and Abel –(the Swiss Army knife) Crack passwords crack VOIP and so much more http://www.oxid.it/cain.html NMap –(Scanning and Foot printing) http://insecure.org/nmap/download.html Nessus –(Great system wide Vulnerability scanner) http://www.nessus.org/download/

5 Cain and Abel Local Passwords

6 Nessus Summary

7 My Most Used Tools 2: Ethereal or Wireshark –(packet sniffers Use to find passwords going across network) SSL Passwords are often sent in clear text before logging on –http://www.wireshark.org/download.htmlhttp://www.wireshark.org/download.html »http://www.ethereal.com/download.htmlhttp://www.ethereal.com/download.html Metasploit –(Hacking made very easy) http://www.metasploit.com/ BackTrack or UBCD4WIN Boot CD –(Cleaning infected PCs or ultimate hacking environment will run from USB) http://www.remote-exploit.org/index.php/BackTrack_Downloads –http://www.ubcd4win.com/downloads.htmhttp://www.ubcd4win.com/downloads.htm Read notify –(registered email) http://www.readnotify.com/ Virtual Machine for pen testing –(Leaves no trace)

8 Security Testing Boot CD/USB: Bart PE or UBCD4WIN –http://www.bartpe.comhttp://www.bartpe.com –http://www.ubcd4win.comhttp://www.ubcd4win.com Back Track (one of the more powerful cracking network auditing packages) –http://www.remoteexploit.orghttp://www.remoteexploit.org Other Linux CD –Trinity Rescue Kit (recover/repair dead Windows or Linux systems) http://trinityhome.org/Home/index.php?wpid=28&fr ont_id=12http://trinityhome.org/Home/index.php?wpid=28&fr ont_id=12 –KNOPPIX (recover/repair dead systems and several security tools) http://www.knoppix.net/

9 Demo of UBCD/BackTrack

10 BackTrack

11 Secure Your Perimeter: DNS-stuff and DNS-reports http://www.dnsstuff.com http://www.dnsreports.comhttp://www.dnsstuff.comhttp://www.dnsreports.com –Are you blacklisted? –Test your e-mail system –Check your HTML code for errors – (Also use WIN HTTrack for offline testing) Shields UP and Leak test –https://www.grc.com/x/ne.dll?rh1dkyd2https://www.grc.com/x/ne.dll?rh1dkyd2 –http://grc.com/default.htmhttp://grc.com/default.htm Other Firewall checkers –www.firewallcheck.comwww.firewallcheck.com

12 Tools to Assess Vulnerability Nessus(vulnerability scanners) –http://www.nessus.orghttp://www.nessus.org Snort (IDS - intrusion detection system) –http://www.snort.orghttp://www.snort.org Metasploit Framework (vulnerability exploitation tools) Use with great caution and have permission –http://www.metasploit.com/projects/Frame work/http://www.metasploit.com/projects/Frame work/

13 Password Recovery Tools: Fgdump (Mass password auditing for Windows) –http://foofus.net/fizzgig/fgdumphttp://foofus.net/fizzgig/fgdump Cain and Abel (password cracker and so much more….) –http://www.oxid.it/cain.htnlhttp://www.oxid.it/cain.htnl John The Ripper (password crackers) –http://www.openwall.org/john/http://www.openwall.org/john/ RainbowCrack : An Innovative Password Hash Cracker tool that makes use of a large-scale time-memory trade-off. –http://www.rainbowcrack.com/downloads/?PHPSESSI D=776fc0bb788953e190cf415e60c781a5http://www.rainbowcrack.com/downloads/?PHPSESSI D=776fc0bb788953e190cf415e60c781a5

14 Change/Discover Win Passwords Windows Password recovery - Can retrieve forgotten admin and users' passwords in minutes. Safest possible option, does not write anything to hard drive.Windows Password recovery Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator's password.Offline NT Password & Registry Editor John the Ripper - Good boot floppy with cracking capabilities.John the Ripper Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults.Emergency Boot CD Austrumi - Bootable CD for recovering passwords and other cool tools.Austrumi

15 Networking Scanning MS Baseline Analyzer –http://www.microsoft.com/downloads/details.aspx?FamilyId=4B4ABA06-B5F9-4DAD-BE9D- 7B51EC2E5AC9&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=4B4ABA06-B5F9-4DAD-BE9D- 7B51EC2E5AC9&displaylang=en The Dude (Great mapper and traffic analyzer) –http://www.mikrotik.com/thedude.phphttp://www.mikrotik.com/thedude.php Getif (Network SNMP discovery and exploit tool) –http://www.wtcs.org/snmp4tpc/getif.htmhttp://www.wtcs.org/snmp4tpc/getif.htm SoftPerfect Network Scanner –http://www.softperfect.com/http://www.softperfect.com/ HPing2 (Packet assembler/analyzer) –http://www.hping.orghttp://www.hping.org Netcat (TCP/IP Swiss Army Knife) –http://netcat.sourceforge.nethttp://netcat.sourceforge.net TCPDump (packet sniffers) Linux or Windump for windows –http://www.tcpdump.org and http://www.winpcap.org/windump/http://www.tcpdump.orghttp://www.winpcap.org/windump/ LanSpy (local, Domain, NetBios, and much more) –http://www.lantricks.com/http://www.lantricks.com/

16 File Rescue and Restoration: Zero Assumption Digital Image rescue http://www.z-a-recovery.com/digital-image- recovery.htmhttp://www.z-a-recovery.com/digital-image- recovery.htm Restoration File recovery –http://www.snapfiles.com/get/restoration.htmlhttp://www.snapfiles.com/get/restoration.html Free undelete –http://www.pc- facile.com/download/recupero_eliminazione_dati/drive_resc ue/http://www.pc- facile.com/download/recupero_eliminazione_dati/drive_resc ue/ Effective File Search : Find data inside of files or data bases –http://www.sowsoft.com/search.htmhttp://www.sowsoft.com/search.htm

17 Discover & Securely Delete Important Information: Windows and Office Key finder/Encrypting –Win KeyFinder (also encrypts the keys) http://www.winkeyfinder.tk/ –ProduKey (also finds SQL server key) http://www.nirsoft.net Secure Delete software –Secure Delete http://www.objmedia.demon.co.uk/freeSoftware/secureDelete.html DUMPSEC (Dump all of the registry and share permissions) –http://www.somarsoft.com/http://www.somarsoft.com/ Win Finger Print (Scans for Windows shares, enumerates usernames, groups, sids and much more ) –http://winfingerprint.sourceforge.nethttp://winfingerprint.sourceforge.net

18 Application and Data Base Tools N-Stealth – an effective HTTP Security Scanner –https://secure.nstalker.com/https://secure.nstalker.com/ WINHTTrack – Website copier http://www.httrack.com/page/2/en/index.html SQLRecon (SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations) –http://www.sqlsecurity.com/Tools/FreeTools/tabid/ 65/Default.aspxhttp://www.sqlsecurity.com/Tools/FreeTools/tabid/ 65/Default.aspx Absinthe (Tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.) –http://www.0x90.org/releases/absinthe/index.phphttp://www.0x90.org/releases/absinthe/index.php

19 AppDetective AppDetective discovers database applications and assesses their security strength AppDetective assess two primary application tiers - application / middleware, and back-end databases - through a single interface AppDetective locates, examines, reports, and fixes security holes and misconfigurations www.appsecinc.com/products/appdetective/ mssqlwww.appsecinc.com/products/appdetective/ mssql Cost $900

20 Encryption Software: Hard drive or Jump Drives –True Crypt for cross platform encryption with lots of options http://www.truecrypt.org/downloads.php –Dekart its free version is very simple to use paid version has more options http://www.dekart.com/free_download/ –http://www.dekart.com/http://www.dekart.com/ Email or messaging –PGP for encrypting email http://www.pgp.com/downloads/index.html

21 Wireless Tools: Aircrack : The fastest available WEP/WPA cracking tool Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP or WPA 1 or 2Aircrack –The suite includes airodump (an 802.11 packet capture program) aireplay (an 802.11 packet injection program) aircrack (static WEP and WPA-PSK cracking) airdecap (decrypts WEP/WPA capture files) –http://www.aircrack-ng.org/doku.php#downloadhttp://www.aircrack-ng.org/doku.php#download Net Stumbler (finds wireless networks works well) –http://wwww.netsumbler.comhttp://wwww.netsumbler.com Kismet (wireless tools or packet sniffers) –http://wwww.kismetwireless.nethttp://wwww.kismetwireless.net

22 Virtual Machines Xen for Linux –http://www.xensource.com/download/http://www.xensource.com/download/ VM server or VM workstation for booting Part Pe ISOs or Remote Exploit –http://www.vmware.com/products/server/http://www.vmware.com/products/server/ MS Virtual Server (slower but very easy to use) –http://www.microsoft.com/windowsserversystem/v irtualserver/software/privacy.mspxhttp://www.microsoft.com/windowsserversystem/v irtualserver/software/privacy.mspx VMs can be used to run auditing applications that typically would require a dedicated server

23 Network Toolbox U3 Analyzers Network monitors Traffic Generators Network Scanners IDS Network Utilities Network Clients Secure Clients SNMP Web Auditing Tools Password revealers System Tools Supplementary tools (Dos prompt, Unix shell, etc..) –http://www.cacetech.com/products/toolkit. htmhttp://www.cacetech.com/products/toolkit. htm

24 USB Switchblade Access all stored passwords on a windows computer –[System info] [Dump SAM] [Dump Product Keys] [Dump LSA secrets (IE PWs)] [Dump Network PW] [Dump messenger PW] [Dump URL History] Available at http://www.hak5.org/wiki/USB_Switchbladehttp://www.hak5.org/wiki/USB_Switchblade Plug U3 Drive in any windows XP/2000/2003 computer Wait about 1 minute Eject Drive Go to run on the start menu, then type x:\Documents\logfiles (x = flash drive letter) then press enter Look at username and passwords or start cracking hashed windows passwords

25 Digital Forensic Tools The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (digital forensic tools) –http://www.sleuthkit.org/http://www.sleuthkit.org/ Boot CD –UBCD4WIN http://www.ubcd4win.com –BACKTRACK http://www.remoteexploit.org

26 Backup Software SyncBack –http://www.snapfiles.com/get/SyncBack.htmlhttp://www.snapfiles.com/get/SyncBack.html –Secure: Encrypt a zip file with a 256-bit AES encryption –Copy Open Files (XP/2003) –Compression: You can compress an unlimited size, and an unlimited number of files. (Paid) –Performance & Throttling limit bandwidth usage, (Paid) –FTP and Email :Backup or sync files with an FTP server. Auto email the results of your backup –Overview PPT on my web site http://www.es-es.net/

27 Tools That Cost But Have Great Value: Spy Dynamics Web Inspect QualysGuard EtherPeek Netscan tools Pro (250.00 full network forensic reporting and incident handling) LanGuard Network Scanner AppDetective (Data base scanner and security testing software) Air Magnet (one of the best WIFI analyzers and rouge blocking) RFprotect Mobile Core Impact (complete vulnerability scanning and reporting) WinHex– (Complete file inspection and recovery even if corrupt ) Forensics and data recovery

28 Q&A Resources are available at –Files and suggestions http://www.es-es.net/9.html –Security and Information Assurance Links http://www.es-es.net/6.html –PPT for this and VM Security http://www.es-es.net/3.html Best Step by Step Security Videos Free –http://www.irongeek.comhttp://www.irongeek.com Shameless plug –Virtual Server Security Presentation –Thursday 9:30AM Location: Salon 7

Download ppt "Great Tools for Securing and Testing Your Network Ernest Staats MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+,"

Similar presentations

Intrusion Prevention from the Inside Out

Intrusion Prevention from the Inside Out
Ernest Staats Director of Technology

Ernest Staats Director of Technology
No Worms or Viruses Allowed How to keep your computer Lab/Classroom computers Safe and Secure: Ernest Staats MS Information Assurance,

No Worms or Viruses Allowed How to keep your computer Lab/Classroom computers Safe and Secure: Ernest Staats MS Information Assurance,
Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Wireless Monitoring and Protection. Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion.

Wireless Monitoring and Protection. Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion.
5 th Annual Workshop on the Teaching Computer Forensics Virtualising Computer Forensics Dr. Jianming Cai Mr. Ayoola Afonja

5 th Annual Workshop on the Teaching Computer Forensics Virtualising Computer Forensics Dr. Jianming Cai Mr. Ayoola Afonja
Web Hosting Lan Vu. How does a Website work ? Web development concepts Web Design Web Hosting Domain Name.

Web Hosting Lan Vu. How does a Website work ? Web development concepts Web Design Web Hosting Domain Name.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 11 Virtual Machines, Network Forensics, and Live Acquisitions.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 11 Virtual Machines, Network Forensics, and Live Acquisitions.
Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.

Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.

Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
DVG-N5402SP.

DVG-N5402SP.

Similar presentations

Ads by Google