1. فصل هفتم Trust But Verify: Checking Security درس امنیت تجارت الکترونیک به نام خدا علی ناصراسدی 1

2. Objectives 2  How to define trust and decide on the level of security to apply to any given situation.  You must understand the target system.  Holistic Perspective  Detailed Perspective  Pitfalls

3. A Security Professional should 3  Ensure level of security  Discover the flaws  Understand the Risks  Put suitable countermeasure and safeguards  Evaluate protocols and application components  Evaluate the interactions among different system elements  Evaluate the Communication Topology  Evaluate the flow of sensitive data in the system

4. Requirements 4  Analyzing the security of system with tools.  then, System Hardening  Tools:  Application Survey tools Provide you very detailed insight into what the applications do how they behave from a security perspective whether there are hidden vulnerabilities in them  Protocols and Network tools Provide you flaws in communication infrastructure when individual applications exchange data

5. Tools 5  By applying these tools to your applications and network infrastructure  you set up what are called reconnaissance posts around your system.  Better results on virtualization softwares VMWare KVM Sun xVM VirtualBox  Isolation  Heterogeneous operating system environments

6. Vulnerability Assessment and Threat Analysis 6  Performing a thorough system survey from a security perspective is referred to as Vulnerability Assessment and Threat Analysis (VATA).  One of the most useful techniques to assist in performing an effective VATA is to compose what is called an attack tree.  a structure that illustrates the system components and the links through which they are connected.

7. Sample Attack Tree 7

8. Attack Tree 8  Composing a complete attack tree is practically impossible.  combinatorial explosion  state-space explosion  You need to be selective and choose the most important components and links  Unfortunately there is no automated tool to compose an attack tree.

9. Intrusion Detection and Prevention Using Snort 9  One of the worst things that can happen is entering your house and realizing that it has been broken into.  But the next worse thing that can happen is that you enter your house, it has been broken into, and you don’t know it.  Your computer system is no different than your house from a protection perspective.  Need some intrusion-prevention mechanisms  Snort 2.9.8.0 (http://www.snort.org)http://www.snort.org

10. Snort 10  Snort is a rule-based Network Intrusion Prevention System (NIPS) and Network Intrusion Detection System (NIDS) that operates using sensors.  Created by Martin Roesch in 1998.  It is available in both open source and a commercial version offered by Sourcefire.  Operates in three modes  intrusion detection  intrusion prevention  packet sniffing  Several sub-modes depending on detection and prevention requirements of your network  packet logging  traffic analysis on an IP network

11. Snort - 2 11  Snort is rule-based  you could define a set of conditions based on how your evaluation is conducted  look for packets that are sent from a specific network address, or are destined to a particular address.  Snort uses sensors  points of interest in your network topology  a specific router in an office building

12. Network Scanning Using Nmap 12  Sometimes you need to audit and explore your network to perform inventory, upgrade schedules, and monitor your network for security-related activities.  Nmap (Network Mapper) is the perfect tool in your toolbox for this task. network scanner Nmap can map the network based on hosts, services, ports, topology, timing, and various other profiles. it can guess (with a reasonable accuracy) the operating system that a host runs by sending a network packet to the target host, examining the response header, and comparing it with known patterns in its database.

13. Nmap 13  Nmap discovers various elements and produces a map of the network.  It can discover passive services.  whether or not a service is available  written by Gordon Lyon

14. Web Application Survey 14  The most important piece of your website is its front-end.  You need to evaluate the logic and the flow of this layer extremely carefully.  The best way to do this is to manually click through all the links to check their integrity and ensure every page is operating as intended by the designer.  However, for a complex site, this is not always practical.  Tools  Lynx  Wget  Teleport Pro  BlackWidow  BrownRecluse Pro

15. Lynx 15  Lynx is a text browser for the World Wide Web.  allows the user to dynamically traverse the target site and evaluate its contents.  As of 2015, it is the oldest web browser currently in general use and development, having started in 1992.

16. Wget 16  Wget is a free software package provided by GNU for retrieving files using HTTP, HTTPS, and FTP protocols.  Using a script and Wget, you could automatically download an entire website for static analysis.  Latest Version: 1.17 (12.2015)

17. Teleport Pro 17  Teleport Pro is shareware for offline browsing by Tennyson Maxwell Information Systems, Inc.  provides cookie support  JavaScript parsing capability  simultaneous retrieval threads  Java Applet retrieval  retrieval filters

18. BlackWidow 18  BlackWidow is shareware from SoftByte Labs.  For scanning a site and creating a complete profile of its structure and external and internal links, and even figuring out link errors.  has a powerful filtering capability to download all the file’s contents for further offline analysis.  scan a site remotely (that is, without downloading it to the local system).

19. Vulnerability Scanning 19  Vulnerability scanning is different than application survey and network scanning in that you already have knowledge of the existence of known flaws, you know how to detect them, and you go about finding them in target products.  Modes  destructive mode  non-destructive mode  Tools  Nessus  Nikto  Wireshark

20. Nessus 20  One of the most comprehensive vulnerability scanners available to security professionals is without a doubt Nessus.  Latest Ver: 6.3.3 (03-2015)  It is developed and maintained by Tenable Network Security, Inc.  Has a client and a server component.  The server piece is called Nessus vulnerability scanner.

21. Nessus - 2 21  Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.  Misconfiguration (e.g. open mail relay, missing patches, etc.).  Default passwords, a few common passwords, and blank/absent passwords on some system accounts.  Denials of service against the TCP/IP stack by using malformed packets.

22. Nikto 22  Nikto is an open source software package for Web server scanning.  Nikto is a good tool to reveal insecure configuration on web servers.  including over 6700 potentially dangerous files/CGIs  checks for outdated versions of over 1250 servers  version specific problems on over 270 servers  It also checks for server configuration items such as the presence of multiple index files

23. Wireshark 23  Wireshark (formerly known as Ethereal) is a very powerful network protocol analyzer.  Although its design purpose was not to perform vulnerability scanning, we place it in this category because it provides a very rich set of features that, combined with Nessus and Snort, make for a hacker’s dream toolset for network vulnerability scanning.  Initial Release: 1998  Latest Ver: 2.0 (11-2015)

24. Wireshark - 2 24  is licensed under GNU GPL v2  It can plug in to almost any known network interface: Ethernet, Token-Ring, FDDI, Serial (PPP and SLIP), 802.11 Wireless LAN, ATM connections, and many more.  Wireshark is a pluggable and extensible network packet analyzer.  Wireshark uses colors to help the user identify the types of traffic at a glance  By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems

25. Penetration Testing 25  Penetration testing (or PenTest) is a combination of methods to simulate an attack by adversary entities — machine, human, or a combination of both — to assess the system protection for potential vulnerabilities.  try to break the system yourself before a hacker does it for you.  There are two types of tests: destructive and non-destructive.  Tools  Metasploit  Aircrack-ng

26. Metasploit 26  Metasploit is one of the most advanced penetration testing tools available to security professionals.  Consists of  runtime environment (Metasploit Framework, or MSF)  a shell (Meterpreter attack platform)  predefined exploits (Payloads)  a well-defined function (Exploits)  Lates ver: 4.11 (18-12-2015)

27. Metasploit - 2 27  Metasploit deploys what is called a Soft Architecture. That is, it easily integrates with complementary tools such as Nmap, Nessus, Wireshark, code editors, and various types of debuggers and disassemblers, such as IDA Pro or SoftIce.

28. Aircrack-ng 28  Aircrack-ng is a key-cracking program for 802.11 WEP and WPA-PSK wireless protocols.  Latest ver: 1.2 (04-2015)  It cracks the keys by capturing enough data packets from the target wireless access point.  It can also be used as an auditing tool for wireless LANs.  Aircrack-ng is a network software suite consisting of a detector, packetsniffer, WEP and WPA/WPA2- PSK cracker and analysis tool for 802.11 wireless LANs.

29. Aircrack-ng - 2 29

30. Wireless Reconnaissance 30  Almost all corporate entities have both wired and wireless access points.  You have to determining what type of traffic is available, and how to circumvent security measures protecting it.  Tools  NetStumbler  Kismet  AirMagnet Wi-Fi Analyzer

31. NetStumbler 31  NetStumbler is a simple tool for detecting Wireless Local Area Networks (WLANs), or wireless hotspots.  It is available only for the Microsoft Windows operating system and is very easy to use.  facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards.  Latest ver: 0.4.0 (04-2014)

32. NetStumbler - 2 32  The program is commonly used for:  Wardriving  Verifying network configurations  finding locations with poor coverage in a WLAN  Detecting causes of wireless interference  Detecting unauthorized ("rogue") access points  Aiming directional antennas for long-haul WLAN links

33. Kismet 33  It is a feature-rich wireless network detector and Intrusion Detection System (IDS).  Kismet can sniff or intercept the content of all variants of the 802.11 protocol  Latest ver: 2013-03-R1b (04-2013)  Without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients, and to associate them with each other.