SlideShare ist ein Scribd-Unternehmen logo

Network Security Tools

Emanuela Boroș
Emanuela Boroș
Technologie
1 von 44
Downloaden Sie, um offline zu lesen
Software Security Network Security Tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
Audit/Port Scanning Tools ● Nessus (Vulnerability scanner) #3 ● SAINT (Vulnerability scanner, Based on SATAN,developed by World Wide Security,Inc.) #110 ● Sara (Security Auditor’s Research Assistant, SANS Top 10 Threats, 1 May 2009) ● Nmap, strobe (Port scanners, strobe was one of the earliest port scanning tools, Nmap is the strobe's grandson)
Nessus Scanner
Nessus Scanner ● Available from http://www.nessus.org/products/nessus/ ● The world leading vulnerability scanner ● Free for home users, licensed on a yearly subscription for commercial businesses ● Easy-to-use tool ● Linux/Solaris/Windows/Android/iPhone ● Provides HTML based reports ● Client/server architecture: clients (Windows, Unix, Android, iPhone) & servers (Unix only)
Pros/Cons Pros ● Free vulnerability scanning ● Easy to install and use ● Up-to-date security vulnerability database ● Free for home users ● Powerful plug-in architecture Cons ● Needs activation code ● Some UI issues
Policies A Nessus “policy” consists of configuration options related to performing a vulnerability scan. ● External Network Scan ● scans externally facing hosts ● XSS plugin families ● all 65,535 ports are scanned ● Internal Network Scan ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned ● Web App Tests ● scans for vulnerabilities present in each of the parameters, including XSS, SQL, command injection ● Prepare for PCI DSS audits ● enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture
Server
Pros/Cons
Client
Case Studies Version: 4.4.1 Feed Type: Home OS: Windows 7/Android
Internal Network Scan ● Default policy ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned
Web Application Scanning With Credentials
Steps ● App that requires authentication ● Create a policy ● General - Port 80 ● Preferences ● HTTP login page ● Login page and login form (may be a different form) ● Look into you html and see what name fields or you can use a sniffer What it is used into a post request ● Ability to check for auth – login successfully with a timer – go to this page every delay to see if you're still logged – with a 120 seconds and you should see a regex Logout ● Web mirroring – regular expressions to exclude things – web spider to exclude logout.php cause that would log you out
Windows Scanning
Conclusions
Using Android Nessus app
Nmap
Nmap ● Insecure.Org ● free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network ● uses raw IP packets to determine what hosts are available on the network ● used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist
Nmap with Nessus
Advantages ● smart penetration testing ● nmap the best scanner ever and nessus one of our favorite vulnerability scanner ● effective and less time consumer
Case Study Steps ● used nmap for a quick scan on the local network to all the hosts in the subnet ● after the scan there will be different hosts and their open ports
Network Security Tools
Network Security Tools
Network Security Tools
Network Security Tools

Empfohlen

Snort
SnortSnort
SnortStickman Hai
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltegoChris Hammond-Thrasher
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAltacit Global
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 

Empfohlen

Snort
SnortSnort
SnortStickman Hai
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltegoChris Hammond-Thrasher
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAltacit Global
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Hacking_SharePoint_FINAL
Hacking_SharePoint_FINALHacking_SharePoint_FINAL
Hacking_SharePoint_FINALIan Naumenko, CISSP, CRISC
 
BTRisk Adli Bilişim Eğitimi Sunumu
BTRisk Adli Bilişim Eğitimi SunumuBTRisk Adli Bilişim Eğitimi Sunumu
BTRisk Adli Bilişim Eğitimi SunumuBTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Alphorm.com Formation Analyse de Malware 2/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 2/2 : Le guide completAlphorm.com Formation Analyse de Malware 2/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 2/2 : Le guide completAlphorm
 
SE_Lec 10_ Software Code of Ethics
SE_Lec 10_ Software Code of EthicsSE_Lec 10_ Software Code of Ethics
SE_Lec 10_ Software Code of EthicsAmr E. Mohamed
 
Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
Hping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıHping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıBGA Cyber Security
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Florian Roth
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasureskaranwayne
 
BTRisk - Siber Olay Tespit ve Mudahale Egitimi
BTRisk - Siber Olay Tespit ve Mudahale EgitimiBTRisk - Siber Olay Tespit ve Mudahale Egitimi
BTRisk - Siber Olay Tespit ve Mudahale EgitimiBTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Router forensics
Router forensicsRouter forensics
Router forensicsTaruna Chauhan
 
Netflow slides
Netflow slidesNetflow slides
Netflow slidesJose Manuel Vega Monroy
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRishab garg
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management Sam Bowne
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Sam Bowne
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 

Weitere ähnliche Inhalte

Was ist angesagt?

Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Alphorm.com Formation Analyse de Malware 2/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 2/2 : Le guide completAlphorm.com Formation Analyse de Malware 2/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 2/2 : Le guide completAlphorm
 
SE_Lec 10_ Software Code of Ethics
SE_Lec 10_ Software Code of EthicsSE_Lec 10_ Software Code of Ethics
SE_Lec 10_ Software Code of EthicsAmr E. Mohamed
 
Hping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıHping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıBGA Cyber Security
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Florian Roth
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasureskaranwayne
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management Sam Bowne
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Sam Bowne
 

Was ist angesagt? (20)

Network scanning
Network scanningNetwork scanning
Network scanning
 
Hacking_SharePoint_FINAL
Hacking_SharePoint_FINALHacking_SharePoint_FINAL
Hacking_SharePoint_FINAL
 
BTRisk Adli Bilişim Eğitimi Sunumu
BTRisk Adli Bilişim Eğitimi SunumuBTRisk Adli Bilişim Eğitimi Sunumu
BTRisk Adli Bilişim Eğitimi Sunumu
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Alphorm.com Formation Analyse de Malware 2/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 2/2 : Le guide completAlphorm.com Formation Analyse de Malware 2/2 : Le guide complet
Alphorm.com Formation Analyse de Malware 2/2 : Le guide complet
 
SE_Lec 10_ Software Code of Ethics
SE_Lec 10_ Software Code of EthicsSE_Lec 10_ Software Code of Ethics
SE_Lec 10_ Software Code of Ethics
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
Hping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif ÇalışmalarıHping Kullanarak Ağ Keşif Çalışmaları
Hping Kullanarak Ağ Keşif Çalışmaları
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasures
 
BTRisk - Siber Olay Tespit ve Mudahale Egitimi
BTRisk - Siber Olay Tespit ve Mudahale EgitimiBTRisk - Siber Olay Tespit ve Mudahale Egitimi
BTRisk - Siber Olay Tespit ve Mudahale Egitimi
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
 
Router forensics
Router forensicsRouter forensics
Router forensics
 
Netflow slides
Netflow slidesNetflow slides
Netflow slides
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging
 

Andere mochten auch

Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.pptDreamMalar
 
Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tulisan Komputer
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkAnimesh Roy
 
OpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerOpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerChandrak Trivedi
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 

Andere mochten auch (18)

Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
Nmap
NmapNmap
Nmap
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
Security tools
Security toolsSecurity tools
Security tools
 
Linux dasar
Linux dasarLinux dasar
Linux dasar
 
Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit Framework
 
OpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerOpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment Scanner
 
Nessus and Reporting Karma
Nessus and Reporting KarmaNessus and Reporting Karma
Nessus and Reporting Karma
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Nessus Scanner Vulnerabilidades
Nessus Scanner VulnerabilidadesNessus Scanner Vulnerabilidades
Nessus Scanner Vulnerabilidades
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

Ähnlich wie Network Security Tools

20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsxSuman Garai
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
INSECT | Security System Project | 2011
INSECT | Security System Project | 2011INSECT | Security System Project | 2011
INSECT | Security System Project | 2011Rainer Arencibia
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeMichele Chubirka
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityLumension
 
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanOSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanNETWAYS
 

Ähnlich wie Network Security Tools (20)

20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability Detection
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdf
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
INSECT | Security System Project | 2011
INSECT | Security System Project | 2011INSECT | Security System Project | 2011
INSECT | Security System Project | 2011
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
Port scanning
Port scanningPort scanning
Port scanning
 
Port scanning
Port scanningPort scanning
Port scanning
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New Hope
 
Computer security
Computer securityComputer security
Computer security
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Ready set hack
Ready set hackReady set hack
Ready set hack
 
nessus
nessusnessus
nessus
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditors
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs Security
 
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanOSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
 

Kürzlich hochgeladen

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Kürzlich hochgeladen (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Network Security Tools

  • 1. Software Security Network Security Tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
  • 2. Audit/Port Scanning Tools ● Nessus (Vulnerability scanner) #3 ● SAINT (Vulnerability scanner, Based on SATAN,developed by World Wide Security,Inc.) #110 ● Sara (Security Auditor’s Research Assistant, SANS Top 10 Threats, 1 May 2009) ● Nmap, strobe (Port scanners, strobe was one of the earliest port scanning tools, Nmap is the strobe's grandson)
  • 4. Nessus Scanner ● Available from http://www.nessus.org/products/nessus/ ● The world leading vulnerability scanner ● Free for home users, licensed on a yearly subscription for commercial businesses ● Easy-to-use tool ● Linux/Solaris/Windows/Android/iPhone ● Provides HTML based reports ● Client/server architecture: clients (Windows, Unix, Android, iPhone) & servers (Unix only)
  • 5. Pros/Cons Pros ● Free vulnerability scanning ● Easy to install and use ● Up-to-date security vulnerability database ● Free for home users ● Powerful plug-in architecture Cons ● Needs activation code ● Some UI issues
  • 6. Policies A Nessus “policy” consists of configuration options related to performing a vulnerability scan. ● External Network Scan ● scans externally facing hosts ● XSS plugin families ● all 65,535 ports are scanned ● Internal Network Scan ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned ● Web App Tests ● scans for vulnerabilities present in each of the parameters, including XSS, SQL, command injection ● Prepare for PCI DSS audits ● enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture
  • 9.
  • 11. Case Studies Version: 4.4.1 Feed Type: Home OS: Windows 7/Android
  • 12. Internal Network Scan ● Default policy ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18. Web Application Scanning With Credentials
  • 19. Steps ● App that requires authentication ● Create a policy ● General - Port 80 ● Preferences ● HTTP login page ● Login page and login form (may be a different form) ● Look into you html and see what name fields or you can use a sniffer What it is used into a post request ● Ability to check for auth – login successfully with a timer – go to this page every delay to see if you're still logged – with a 120 seconds and you should see a regex Logout ● Web mirroring – regular expressions to exclude things – web spider to exclude logout.php cause that would log you out
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 28.
  • 29.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36. Nmap
  • 37. Nmap ● Insecure.Org ● free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network ● uses raw IP packets to determine what hosts are available on the network ● used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist
  • 39. Advantages ● smart penetration testing ● nmap the best scanner ever and nessus one of our favorite vulnerability scanner ● effective and less time consumer
  • 40. Case Study Steps ● used nmap for a quick scan on the local network to all the hosts in the subnet ● after the scan there will be different hosts and their open ports