Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Published byJasmin Golden Modified over 8 years ago

Similar presentations

Presentation on theme: "Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs."— Presentation transcript:

1 Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs. non-credentialed Example: – Microsoft Baseline Security Analyzer

2 How Vulnerability Scanners Work Similar to virus scanning software: – Contain a database of vulnerability signatures that the tool searches for on a target system – Cannot find vulnerabilities not in the database New vulnerabilities are discovered often Vulnerability database must be updated regularly

3 Typical Vulnerabilities Checked Network vulnerabilities Host-based (OS) vulnerabilities – Misconfigured file permissions – Open services – Missing patches – Vulnerabilities in commonly exploited applications (e.g. Web, DNS, and mail servers)

4 Vulnerability Scanners - Benefits Very good at checking for hundreds (or thousands) of potential problems quickly – Automated – Regularly May catch mistakes/oversights by the system or network administrator Defense in depth

5 Vulnerability Scanners - Drawbacks Report “potential” vulnerabilities Only as good as the vulnerability database Can cause complacency Cannot match the skill of a talented attacker Can cause self-inflicted wounds

6 Credentialed Vulnerability Scanners A Windows security template is a file (.inf) that lists recommended configuration parameters for various system settings: – Account policies – Local policies – Event log – Restricted groups – System services – Registry – File system

7 Security Templates (cont) There are several default security templates defined by Microsoft: – Default security – from a default installation of the OS – Compatible – modifies permissions on files and registry to loosen security settings for user accounts (designed to increase application compatibility) – Secure – increases security by modifying password, lockout, and audit settings – Highly secure – does everything the secure template does plus more There are templates defined by others, and an administrator can customize his/her own templates

8 Security Configuration and Analysis Utility Can be used to: – Save current system settings to a template – Compare the current system settings against a preconfigured template – Apply the settings in a preconfigured template to the system

9 Security Configuration and Analysis Utility (cont) Running: – Run Microsoft Management Console (MMC) – Add Security Configuration and Analysis Snap-in – Open a (new) database – Analyze/Configure computer now Demo

10 Security Configuration Wizard An attack surface reduction tool For Windows 2003 Server SP1 and later Determines the minimum functionality for server’s role or roles Disables functionality that is not required Run off of a file (.xml) that lists recommended configuration parameters for various system settings

11 Security Configuration Wizard (cont) Disables functionality that is not required – Disables unneeded services – Blocks unused ports – Allows further address or security restrictions for ports that are left open – Prohibits unnecessary IIS web extensions, if applicable – Reduces protocol exposure to server message block (SMB), LanMan, and Lightweight Directory Access Protocol (LDAP) – Defines a high signal-to-noise audit policy

12 Security Configuration Wizard (cont) Running – From Control Panel -> Add/Remove New Programs – Add/Remove Windows Components – Security Configuration Wizard – Run from Administrative Tools Analyze system settings Configure system settings Demo

13 Windows Malicious Software Removal Tool Checks for specific malicious software – Trojans – Spyware – Worms – Viruses – Bots Helps remove any infection found Updated monthly (via automatic updates)

14 Popular Security Tools “the network security community's favorite tools” We will talk about/demo many of these during this class The list: – http://sectools.org/

15 Attackers use Vulnerability Scanners Too From network scanning an attacker has learned: – List of addresses of live hosts – Network topology – OS on live hosts – Open ports on live hosts – Service name and program version on open ports

16 Uncredentialed Vulnerability Scanning After network scanning, an attacker probably has enough information to begin searching for vulnerabilities that will enable attacks –Manually –Automatically Vulnerability scanner Credentialed vs. non-credentialed Used along with other reconnaissance information to prepare for and plan attacks

17 Manually Researching Vulnerabilities Many sources for vulnerability information: –Web sites: General: –www.cert.org/ –http://www.securityfocus.com/ Vendor: –http://technet.microsoft.com/en-us/security/bulletin –http://httpd.apache.org/security_report.html Questionable –Books E.g. Hacking Exposed –Other

18 Automated Vulnerability Scanners Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs. non-credentialed Used along with other reconnaissance information to prepare for and plan attacks

19 How Vulnerability Scanners Work Vulnerability Database Scanning Engine Knowledge Base GUI Results Target 2 Target 1 Target 3 Target 4

20 Typical Vulnerabilities Checked Common configuration errors –Examples: weak/no passwords Default configuration weaknesses –Examples: default accounts and passwords Well-known system/application vulnerabilities –Examples: Missing OS patches An old, vulnerable version of a web server

21 Nessus Free, open-source vulnerability scanner URL: http://www.tenable.com/products/nessus Two major components: –Server Vulnerability database Scanning engine –(Web) Client Configure a scan View results of a scan

22 Nessus Plug-ins Vulnerability checks are modularized: –Each vulnerability is checked by a small program called a plug-in –More than 20,000 plug-ins form the Nessus vulnerability database (updated regularly) –Customizable – user can write new plug-ins In C In Nessus Attack-Scripting Language (NASL)

23 Vulnerabilities Checked by Nessus Some major plug-in groups: –Windows –Backdoors –CGI abuses –Firewalls –FTP –Remote file access –RPC –SMTP –DOS

24 Running a Nessus Scan Make sure the server is running and has the latest vulnerability database Start the client Connect to the server Select which plug-ins to use Select target systems to scan Execute the scan View the results

25 Nessus Results Vulnerabilities ranked as high, medium, or low risk Need to be checked (and interpreted) Can be used to search for/create exploits along with previous information collected: –OS type –List of open ports –List of services and versions –List of vulnerabilities

26 Nikto – a Web Vulnerability Scanner URL: http://cirt.net/nikto2 Vulnerability scanner for web servers –Similar to Nessus - runs off plug-ins Tests for: –Web server version –Known dangerous files/CGI scripts –Version-specific problems

27 Summary Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Used by defenders to automatically check for many known problems Used by attackers to prepare for and plan attacks

Download ppt "Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs."

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.

Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.

Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008

Similar presentations

Ads by Google