SlideShare ist ein Scribd-Unternehmen logo

Assessing network security

Als PPTX, PDF herunterladen
Abhinit Kumar Sharma
Abhinit Kumar Sharma

Assessing Network Security and Vulnerability assessment of a Network Scanning using Ethical Hacking tools.

Technologie
1 von 57
Abhinit Kr Sharma Ravi Ranjan Assessing Network Security Appin
 Hands-on experience with Windows 7 or Linux  Working knowledge of networking, including basics of security and “Ethical Hacking”  Basic knowledge of network security-assessment strategies Appin
 Planning Security Assessments  Gathering Information About the Target  Vulnerability Assessment and Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for that Target Appin
 Planning Security Assessments  Gathering Information About the Target  Vulnerability Assessment and Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for that Target Appin
Network security fails in several common areas, including: Human awareness Policy factors Hardware or software misconfigurations Poor assumptions Ignorance Failure to stay up-to-date Appin
Increases an attacker’s risk of detection Reduces an attacker’s chance of success Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devicesPhysical security Application hardeningApplication OS hardening, authentication, security update management, antivirus updates, auditing Host Network segments,Internal network Firewalls, boarder routers, VPNs with quarantine procedures Perameter Strong passwords, backup and restore strategy Data Appin
Security assessments can: Answer the questions “Is our network secure?” and “How do we know that our network is secure?” Provide a baseline to help improve security Find configuration mistakes or missing security updates Reveal unexpected weaknesses in your organization’s security Ensure regulatory compliance Appin
Project phase Planning elements Pre-assessment Scope Goals Timelines Ground rules Assessment Choose technologies Perform assessment Organize results Preparing results Estimate risk presented by discovered weaknesses Create a plan for target Identify vulnerabilities that have not been remediated Determine improvement in network security over time Reporting your findings Create final report Present your findings Appin
Components Example Target All servers running: Windows 2005 Server Windows Server 2008 Target area All servers on the subnets: 192.168.0.0/24 192.168.1.0/24 Timeline Scanning will take place from Jan 31st to Jan 3rd during non- critical business hours Vulnerabilities to scan for Anonymous SAM enumeration Guest account enabled Greater than 10 accounts in the local Administrator group Appin
Vulnerability scanning: Focuses on known weaknesses Can be automated Does not necessarily require expertise Penetration testing: Focuses on known and unknown weaknesses Requires highly skilled testers Carries tremendous legal burden in certain countries/organizations IT security auditing: Focuses on security policies and procedures Used to provide evidence for industry regulations Appin
Develop a process for vulnerability scanning that will do the following: Detect vulnerabilities Assign risk levels to discovered vulnerabilities Identify vulnerabilities that have not been remediated Determine improvement in network security over time FACT!!!! 99.9% secure = 100%vulnerable! Appin
Steps to a successful penetration test include: Determine how the attacker is most likely to go about attacking a network or an application1 Determine how an attacker could exploit weaknesses3 Locate assets that could be accessed, altered, or destroyed4 Locate areas of weakness in network or application defenses2 Determine whether the attack was detected5 Determine what the attack footprint looks like6 Make recommendations7 Appin
Black Box  zero-knowledge testing  Tester need to acquire the knowledge and penetrate.  Acquire knowledge using tools or Social Engineering techniques  Publicly available information may be given to the penetration tester, Benefits: Black box testing is intended to closely replicate the attack made by an outsider without any information of the system. This kind of testing will give an insight of the robustness of the security when under attack by script kiddies Appin
White Box complete-knowledge testing Testers are given full information about the target system they are supposed to attack . Information includes , Technology overviews, Data flow diagrams Code snippets More….. Benefits reveals more vulnerabilities and may be faster. compared to replicate an attack from a criminal hacker that knows the company infrastructure very well. This hacker may be an employee of the company itself, doing an internal attack Appin
Gray-box or crystal-box test The tester simulates an inside employee. The tester is given an account on the internal network and standard access to the network. This test assesses internal threats from employees within the company. Appin
There are NO formal methods of Penetration testing!!!!!!!!  Typically has Seven Stages  Scope/Goal Definition  Information Gathering  Vulnerability Detection  Information Analysis and Planning.  Attack& Penetration/Privilege Escalation.  Result Analysis & Reporting.  Cleanup. Appin
Process Technology Implementation Documentation Operations Start with policy Build process Apply technology Security Policy Model Policy Appin
Compare each area to standards and best practices Security policy Documented procedures Operations What you must do What you say you do What you really do Appin
Organize information into the following reporting framework: Define the vulnerability Document mitigation plans Identify where changes should occur Assign responsibility for implementing approved recommendations Recommend a time for the next security assessment Appin
 Planning Security Assessments  Gathering Information About the Target  Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for Target Appin
Examples of nonintrusive attacks include: Information reconnaissance Port scanning Obtaining host information using fingerprinting techniques Network and host discovery Nonintrusive attack: The intent to gain information about an organization’s network in preparation for a more intrusive attack at a later time Appin
Common types of information sought by attackers include: System configuration Valid user accounts Contact information Extranet and remote access servers Information about your network may be obtained by: Querying registrar information Determining IP address assignments Organization Web pages Search engines Public discussion forums Appin
Port scanning tips include: Start by scanning slowly, a few ports at a time To avoid detection, try the same port across several hosts Run scans from a number of different systems, optimally from different networks Typical results of a port scan include: Discovery of ports that are listening or open Determination of which ports refuse connections Determination of connections that time out Appin
Port scanning countermeasures include: Implement defense-in-depth to use multiple layers of filtering Plan for misconfigurations or failures Run only the required services Implement an intrusion-detection system     Expose services through a reverse proxy Appin
Types of information that can be collected using fingerprinting techniques include: IP and ICMP implementation TCP responses Listening ports Banners Service behavior Remote operating system queries Appin
Fingerprinting source Countermeasures IP, ICMP, and TCP Be conservative with the packets that you allow to reach your system Use a firewall or inline IDS device to normalize traffic Assume that your attacker knows what version of operating system is running, and make sure it is secure Port scanning, service behavior, and remote queries Disable unnecessary services Filter traffic coming to isolate specific ports on the host Implement IPSec on all systems in the managed network Appin
"… a firewall is a piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewalls in building construction." Types of Firewalls • Packet filtering gateways • Stateful inspection firewalls • Application proxies • Guards • Personal firewalls Appin
Appin The first firewalls were application gateways, and are sometimes known as proxy gateways. These are made up of bastion hosts that run special software to act as a proxy server. This software runs at the Application Layer of our old friend the ISO/OSI Reference Model, hence the name. Clients behind the firewall must be prioritized (that is, must know how to use the proxy, and be configured to do so) in order to use Internet services. Traditionally, these have been the most secure, because they don't allow anything to pass by default, but need to have the programs written and turned on in order to begin passing traffic.
Appin Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on. By default, a router will pass all traffic sent it, and will do so without any sort of restrictions. Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa. There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer (typically, the transport or session layer). Due to the lower overhead and the fact that packet filtering is done with routers, which are specialized computers optimized for tasks related to networking, a packet filtering gateway is often much faster than its application layer cousins.
Appin IDS and IPS work together to provide a network security solution. An IDS captures packets in real time, processes them, and can respond to threats, but works on copies of data traffic to detect suspicious activity by using signatures. This is called promiscuous mode. In the process of detecting malicious traffic, an IDS allows some malicious traffic to pass before the IDS can respond to protect the network. An IDS analyzes a copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating on a copy of the traffic is that the IDS does not affect the packet flow of the forwarded traffic. The disadvantage of operating on a copy of the traffic is that the IDS cannot stop malicious traffic from single-packet attacks from reaching the target system before the IDS can apply a response to stop the attack. An IDS often requires assistance from other networking devices, such as routers and firewalls, to respond to an attack.
Appin An IPS works inline in the data stream to provide protection from malicious attacks in real time. This is called inline mode. Unlike an IDS, an IPS does not allow packets to enter the trusted side of the network. An IPS monitors traffic at Layer 3 and Layer 4 to ensure that their headers, states, and so on are those specified in the protocol suite. However, the IPS sensor analyzes at Layer 2 to Layer 7 the payload of the packets for more sophisticated embedded attacks that might include malicious data. This deeper analysis lets the IPS identify, stop, and block attacks that would normally pass through a traditional firewall device. An IPS builds upon previous IDS technology; Cisco IPS platforms use a blend of detection technologies, including profile-based intrusion detection, signature-based intrusion detection, and protocol analysis intrusion detection. The key to differentiating an IDS from an IPS is that an IPS responds immediately and does not allow any malicious traffic to pass, whereas an IDS allows malicious traffic to pass before it can respond.
Appin IDS ■ Analyzes copies of the traffic stream ■ Does not slow network traffic ■ Allows some malicious traffic into the network IPS ■ Works inline in real time to monitor Layer 2 through Layer 7 traffic and content ■ Needs to be able to handle network traffic ■ Prevents malicious traffic from entering the network IDS and IPS technologies share several characteristics:
"… a honeypot is a trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers.” The term "honeypot" is often understood to refer to the British children's character Winnie-the-Pooh, a stuffed bear who was lured into various predicaments by his desire for pots of honey. Uses of Honeypots Preventing attacks Detecting attacks Responding to attacks Research HoneyPot Appin
 Firewalls are a prevention technology; they are network or host solutions that keep attackers out.  IDSs are a detection technology; their purpose is to detect and alert security professionals about unauthorized or malicious activity.  Honeypots are tougher to define because they can be involved in aspects of prevention, detection, information gathering, and much more. Appin External DNS IDS Web Server E-Commerce VPN Server Firewall Hony Pot
 Planning Security Assessments  Gathering Information About the Target  Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for Target Appin
Examples of penetration testing for intrusive attack methods include: Automated vulnerability scanning Network Attacks Denial-of-service Attacks Password Attacks Network Sniffing Intrusive attack: Performing specific tasks that result in a compromise of system information, stability, or availability Appin
Automated vulnerability scanning makes use of scanning tools to automate the following tasks: Banner grabbing and fingerprinting Exploiting the vulnerability Inference testing Security update detection Appin
Throughout the document, each vulnerability or risk identified has been labeled as a Finding and Categorized as a High-Risk, Medium-Risk, or Low-Risk. In addition, each supplemental testing note. Appin
DoS attacks can be divided into three categories: Flooding attacks Resource starvation attacks Disruption of service Denial-of-Service (DoS) attack: Any attempt by an attacker to deny his victim’s access to a resource Note: Denial-of-service attacks should not be launched against your own live production network Appin
DoS attack Countermeasures Flooding attacks Ensure that your routers have anti-spoofing rules in place and rules that block directed broadcasts Set rate limitations on devices to mitigate flooding attacks Consider blocking ICMP packets Disruption of service Make sure that the latest update has been applied to the operating system and applications Test updates before applying to production systems Disable unneeded services Appin
An attacker can perform network sniffing by performing the following tasks: Compromising the host Installing a network sniffer Using a network sniffer to capture sensitive data such as network credentials Using network credentials to compromise additional hosts Network sniffing: The ability of an attacker to eavesdrop on communications between network hosts 1 2 3 4 Appin
To reduce the threat of network sniffing attacks on your network consider the following: Use encryption to protect data Use switches instead of hubs Secure core network devices Use crossover cables Develop policy Conduct regular scans Appin
Common ways that attackers avoid detection include: Flooding log files Using logging mechanisms Attacking detection mechanisms Using canonicalization attacks Using decoys Appin
Common ways that attackers avoid detection after an attack include: Installing rootkits Tampering with log files Appin
Avoidance Technique Countermeasures Flooding log files Back up log files before they are overwritten Using logging mechanisms Ensure that your logging mechanism is using the most updated version of software and all updates Using canonicalization attacks Ensure that applications normalize data to its canonical form Using decoys Secure the end systems and networks being attacked Using rootkits Implement defense-in-depth strategies Appin
 Planning Security Assessments  Gathering Information About the Target  Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for Target Appin
Project goal LON-SRV1 will be scanned for the following vulnerabilities and will be remediated as stated Vulnerability Remediation Network Scan Require developers to fix Network based applications Guest account enabled Disable guest account RPC-over-DCOM vulnerability Network Vulnerability Scan Appin
The tools that will be used for the Target security assessment include the following: Nmap GFI Lan Guard Nessus Wireshark Netcut Metasploit Hydra Ettercap-NG, etc Appin
 Significant, timely, and relevant vulnerability checks available.  It’s easy to write your own checks that are not available.  Engine requires a Linux server, client can be Linux or Microsoft Windows based Intelligent, assumes little, but uses what it learns as it scans.  Vendor neutral, so nothing is “sugar coated” and recommended fixes don’t point you towards their products. 49Appin
50 Nmap is a free, open source tool that quickly and efficiently performs ping sweeps, port scanning, service identification, IP address detection, and operating system detection. Nmap has the benefit of scanning a large number of machines in a single session. It’s supported by many operating systems, including Unix, Windows, and Linux. The state of the port as determined by an nmap scan can be open, filtered, or unfiltered. Open means that the target machine accepts incoming request on that port. Filtered means a firewall or network filter is screening the port and preventing nmap from discovering whether it’s open. Unfiltered mean the port is determined to be closed, and no firewall or filter is interfering with the nmap requests. Nmap supports several types of scans. Table 3.2 details some of the common scan methods. Appin
51  Simple Netcat connection between a Linux and Microsoft Windows machine. Appin
52 Similar to dsniff, Ettercap seems to be a little bit moreversatile and up to date. Appin
 Perform port scanning using Nmap  Use Nmap and nessus to perform a vulnerability scan  Determine buffer overflow vulnerabilities  Use the Microsoft Baseline Security Analyzer to perform a vulnerability scan  Hydra can perform rapid dictionary attack against more then 30 protocols, including telnet, FTP, http, https and much more Appin
Answer the following questions to complete the report: What risk does the vulnerability present? What is the source of the vulnerability? What is the potential impact of the vulnerability? What is the likelihood of the vulnerability being exploited? What should be done to mitigate the vulnerability? Where should the mitigation be done? Who should be responsible for implementing the mitigations? Appin
Plan your security assessment to determine scope and goals Educate users to use strong passwords or pass-phrases Assume that the attacker already knows the exact operating system and version and take as many steps as possible to secure those systems    Keep systems up-to-date on security updates and service packs  Appin
 Find additional security training events: http://www.microsoft.com/ireland/events/default.asp  Sign up for security communications: http://www.microsoft.com/technet/security/signup/d efault.mspx  Find additional e-learning clinics https://www.microsoftelearning.com/security/  Refer to Assessing Network Security Appin
Abhinit Kumar SharmaAppin

Empfohlen

Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Edwin A. Opare
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
RomSoft SRL
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security Testing
Sanjulika Rastogi
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 

Empfohlen

Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Edwin A. Opare
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
RomSoft SRL
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security Testing
Sanjulika Rastogi
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
ShafeeqaFarsana
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop
Ivan Novikov
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
leminhvuong
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
Marcelo Silva
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static Analysis
Hossein Yavari
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 
Burp Suite v1.1 Introduction
Burp Suite v1.1 IntroductionBurp Suite v1.1 Introduction
Burp Suite v1.1 Introduction
Ashraf Bashir
 
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentationA8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles
OWASP
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
Aviva Spectrum™
 
Facebook Analysis and Study
Facebook Analysis and StudyFacebook Analysis and Study
Facebook Analysis and Study
Ouriel Ohayon
 

Weitere ähnliche Inhalte

Was ist angesagt?

Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
leminhvuong
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 

Was ist angesagt? (20)

Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
System hacking
System hackingSystem hacking
System hacking
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static Analysis
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Burp Suite v1.1 Introduction
Burp Suite v1.1 IntroductionBurp Suite v1.1 Introduction
Burp Suite v1.1 Introduction
 
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentationA8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrf
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Computer Security
Computer SecurityComputer Security
Computer Security
 

Andere mochten auch

LinkedIn Infographic draft 11_1200
LinkedIn Infographic draft 11_1200LinkedIn Infographic draft 11_1200
LinkedIn Infographic draft 11_1200
AMComms
 
Leadership development model npm
Leadership development model npmLeadership development model npm
Leadership development model npm
Anna Leth Clante
 

Andere mochten auch (20)

Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
 
Facebook Analysis and Study
Facebook Analysis and StudyFacebook Analysis and Study
Facebook Analysis and Study
 
U.S. Department of Labor - OFFCP Contracts Compliance Officer Roles and Respo...
U.S. Department of Labor - OFFCP Contracts Compliance Officer Roles and Respo...U.S. Department of Labor - OFFCP Contracts Compliance Officer Roles and Respo...
U.S. Department of Labor - OFFCP Contracts Compliance Officer Roles and Respo...
 
ระบบหายใจ
ระบบหายใจระบบหายใจ
ระบบหายใจ
 
การนำ
การนำการนำ
การนำ
 
Gym registration - 2014 Apps for Good Entry
Gym registration - 2014 Apps for Good EntryGym registration - 2014 Apps for Good Entry
Gym registration - 2014 Apps for Good Entry
 
LinkedIn Infographic draft 11_1200
LinkedIn Infographic draft 11_1200LinkedIn Infographic draft 11_1200
LinkedIn Infographic draft 11_1200
 
Hardware & networking
Hardware & networkingHardware & networking
Hardware & networking
 
Autoconcepto
AutoconceptoAutoconcepto
Autoconcepto
 
Generator dc
Generator dcGenerator dc
Generator dc
 
1. dasar pneumatik
1. dasar pneumatik1. dasar pneumatik
1. dasar pneumatik
 
Anti inflammatory agents
Anti inflammatory agentsAnti inflammatory agents
Anti inflammatory agents
 
Ppt pik sistem peredaran
Ppt pik sistem peredaranPpt pik sistem peredaran
Ppt pik sistem peredaran
 
Bramam047
Bramam047Bramam047
Bramam047
 
OSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security PresentationOSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security Presentation
 
U.S. Department of the Navy - Contracting Officer's Technical Representative ...
U.S. Department of the Navy - Contracting Officer's Technical Representative ...U.S. Department of the Navy - Contracting Officer's Technical Representative ...
U.S. Department of the Navy - Contracting Officer's Technical Representative ...
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
สารเคมีในเกษตรกรรมและอุตสาหกรรม
สารเคมีในเกษตรกรรมและอุตสาหกรรมสารเคมีในเกษตรกรรมและอุตสาหกรรม
สารเคมีในเกษตรกรรมและอุตสาหกรรม
 
Leadership development model npm
Leadership development model npmLeadership development model npm
Leadership development model npm
 
ความน่า
ความน่าความน่า
ความน่า
 

Ähnlich wie Assessing network security

Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
Emmanuel Udeagha B.
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
Rhys A. Mossom
 
Security testing
Security testingSecurity testing
Security testing
baskar p
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
richarddxd
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 

Ähnlich wie Assessing network security (20)

Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
 
Security testing
Security testingSecurity testing
Security testing
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Web application security measures
Web application security measuresWeb application security measures
Web application security measures
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
Iscsp apt
Iscsp aptIscsp apt
Iscsp apt
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 

Kürzlich hochgeladen

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Kürzlich hochgeladen (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Assessing network security

  • 1. Abhinit Kr Sharma Ravi Ranjan Assessing Network Security Appin
  • 2.  Hands-on experience with Windows 7 or Linux  Working knowledge of networking, including basics of security and “Ethical Hacking”  Basic knowledge of network security-assessment strategies Appin
  • 3.  Planning Security Assessments  Gathering Information About the Target  Vulnerability Assessment and Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for that Target Appin
  • 4.  Planning Security Assessments  Gathering Information About the Target  Vulnerability Assessment and Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for that Target Appin
  • 5. Network security fails in several common areas, including: Human awareness Policy factors Hardware or software misconfigurations Poor assumptions Ignorance Failure to stay up-to-date Appin
  • 6. Increases an attacker’s risk of detection Reduces an attacker’s chance of success Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devicesPhysical security Application hardeningApplication OS hardening, authentication, security update management, antivirus updates, auditing Host Network segments,Internal network Firewalls, boarder routers, VPNs with quarantine procedures Perameter Strong passwords, backup and restore strategy Data Appin
  • 7. Security assessments can: Answer the questions “Is our network secure?” and “How do we know that our network is secure?” Provide a baseline to help improve security Find configuration mistakes or missing security updates Reveal unexpected weaknesses in your organization’s security Ensure regulatory compliance Appin
  • 8. Project phase Planning elements Pre-assessment Scope Goals Timelines Ground rules Assessment Choose technologies Perform assessment Organize results Preparing results Estimate risk presented by discovered weaknesses Create a plan for target Identify vulnerabilities that have not been remediated Determine improvement in network security over time Reporting your findings Create final report Present your findings Appin
  • 9. Components Example Target All servers running: Windows 2005 Server Windows Server 2008 Target area All servers on the subnets: 192.168.0.0/24 192.168.1.0/24 Timeline Scanning will take place from Jan 31st to Jan 3rd during non- critical business hours Vulnerabilities to scan for Anonymous SAM enumeration Guest account enabled Greater than 10 accounts in the local Administrator group Appin
  • 10. Vulnerability scanning: Focuses on known weaknesses Can be automated Does not necessarily require expertise Penetration testing: Focuses on known and unknown weaknesses Requires highly skilled testers Carries tremendous legal burden in certain countries/organizations IT security auditing: Focuses on security policies and procedures Used to provide evidence for industry regulations Appin
  • 11. Develop a process for vulnerability scanning that will do the following: Detect vulnerabilities Assign risk levels to discovered vulnerabilities Identify vulnerabilities that have not been remediated Determine improvement in network security over time FACT!!!! 99.9% secure = 100%vulnerable! Appin
  • 12. Steps to a successful penetration test include: Determine how the attacker is most likely to go about attacking a network or an application1 Determine how an attacker could exploit weaknesses3 Locate assets that could be accessed, altered, or destroyed4 Locate areas of weakness in network or application defenses2 Determine whether the attack was detected5 Determine what the attack footprint looks like6 Make recommendations7 Appin
  • 13. Black Box  zero-knowledge testing  Tester need to acquire the knowledge and penetrate.  Acquire knowledge using tools or Social Engineering techniques  Publicly available information may be given to the penetration tester, Benefits: Black box testing is intended to closely replicate the attack made by an outsider without any information of the system. This kind of testing will give an insight of the robustness of the security when under attack by script kiddies Appin
  • 14. White Box complete-knowledge testing Testers are given full information about the target system they are supposed to attack . Information includes , Technology overviews, Data flow diagrams Code snippets More….. Benefits reveals more vulnerabilities and may be faster. compared to replicate an attack from a criminal hacker that knows the company infrastructure very well. This hacker may be an employee of the company itself, doing an internal attack Appin
  • 15. Gray-box or crystal-box test The tester simulates an inside employee. The tester is given an account on the internal network and standard access to the network. This test assesses internal threats from employees within the company. Appin
  • 16. There are NO formal methods of Penetration testing!!!!!!!!  Typically has Seven Stages  Scope/Goal Definition  Information Gathering  Vulnerability Detection  Information Analysis and Planning.  Attack& Penetration/Privilege Escalation.  Result Analysis & Reporting.  Cleanup. Appin
  • 17. Process Technology Implementation Documentation Operations Start with policy Build process Apply technology Security Policy Model Policy Appin
  • 18. Compare each area to standards and best practices Security policy Documented procedures Operations What you must do What you say you do What you really do Appin
  • 19. Organize information into the following reporting framework: Define the vulnerability Document mitigation plans Identify where changes should occur Assign responsibility for implementing approved recommendations Recommend a time for the next security assessment Appin
  • 20.  Planning Security Assessments  Gathering Information About the Target  Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for Target Appin
  • 21. Examples of nonintrusive attacks include: Information reconnaissance Port scanning Obtaining host information using fingerprinting techniques Network and host discovery Nonintrusive attack: The intent to gain information about an organization’s network in preparation for a more intrusive attack at a later time Appin
  • 22. Common types of information sought by attackers include: System configuration Valid user accounts Contact information Extranet and remote access servers Information about your network may be obtained by: Querying registrar information Determining IP address assignments Organization Web pages Search engines Public discussion forums Appin
  • 23. Port scanning tips include: Start by scanning slowly, a few ports at a time To avoid detection, try the same port across several hosts Run scans from a number of different systems, optimally from different networks Typical results of a port scan include: Discovery of ports that are listening or open Determination of which ports refuse connections Determination of connections that time out Appin
  • 24. Port scanning countermeasures include: Implement defense-in-depth to use multiple layers of filtering Plan for misconfigurations or failures Run only the required services Implement an intrusion-detection system     Expose services through a reverse proxy Appin
  • 25. Types of information that can be collected using fingerprinting techniques include: IP and ICMP implementation TCP responses Listening ports Banners Service behavior Remote operating system queries Appin
  • 26. Fingerprinting source Countermeasures IP, ICMP, and TCP Be conservative with the packets that you allow to reach your system Use a firewall or inline IDS device to normalize traffic Assume that your attacker knows what version of operating system is running, and make sure it is secure Port scanning, service behavior, and remote queries Disable unnecessary services Filter traffic coming to isolate specific ports on the host Implement IPSec on all systems in the managed network Appin
  • 27. "… a firewall is a piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewalls in building construction." Types of Firewalls • Packet filtering gateways • Stateful inspection firewalls • Application proxies • Guards • Personal firewalls Appin
  • 28. Appin The first firewalls were application gateways, and are sometimes known as proxy gateways. These are made up of bastion hosts that run special software to act as a proxy server. This software runs at the Application Layer of our old friend the ISO/OSI Reference Model, hence the name. Clients behind the firewall must be prioritized (that is, must know how to use the proxy, and be configured to do so) in order to use Internet services. Traditionally, these have been the most secure, because they don't allow anything to pass by default, but need to have the programs written and turned on in order to begin passing traffic.
  • 29. Appin Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on. By default, a router will pass all traffic sent it, and will do so without any sort of restrictions. Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa. There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer (typically, the transport or session layer). Due to the lower overhead and the fact that packet filtering is done with routers, which are specialized computers optimized for tasks related to networking, a packet filtering gateway is often much faster than its application layer cousins.
  • 30. Appin IDS and IPS work together to provide a network security solution. An IDS captures packets in real time, processes them, and can respond to threats, but works on copies of data traffic to detect suspicious activity by using signatures. This is called promiscuous mode. In the process of detecting malicious traffic, an IDS allows some malicious traffic to pass before the IDS can respond to protect the network. An IDS analyzes a copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating on a copy of the traffic is that the IDS does not affect the packet flow of the forwarded traffic. The disadvantage of operating on a copy of the traffic is that the IDS cannot stop malicious traffic from single-packet attacks from reaching the target system before the IDS can apply a response to stop the attack. An IDS often requires assistance from other networking devices, such as routers and firewalls, to respond to an attack.
  • 31. Appin An IPS works inline in the data stream to provide protection from malicious attacks in real time. This is called inline mode. Unlike an IDS, an IPS does not allow packets to enter the trusted side of the network. An IPS monitors traffic at Layer 3 and Layer 4 to ensure that their headers, states, and so on are those specified in the protocol suite. However, the IPS sensor analyzes at Layer 2 to Layer 7 the payload of the packets for more sophisticated embedded attacks that might include malicious data. This deeper analysis lets the IPS identify, stop, and block attacks that would normally pass through a traditional firewall device. An IPS builds upon previous IDS technology; Cisco IPS platforms use a blend of detection technologies, including profile-based intrusion detection, signature-based intrusion detection, and protocol analysis intrusion detection. The key to differentiating an IDS from an IPS is that an IPS responds immediately and does not allow any malicious traffic to pass, whereas an IDS allows malicious traffic to pass before it can respond.
  • 32. Appin IDS ■ Analyzes copies of the traffic stream ■ Does not slow network traffic ■ Allows some malicious traffic into the network IPS ■ Works inline in real time to monitor Layer 2 through Layer 7 traffic and content ■ Needs to be able to handle network traffic ■ Prevents malicious traffic from entering the network IDS and IPS technologies share several characteristics:
  • 33. "… a honeypot is a trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers.” The term "honeypot" is often understood to refer to the British children's character Winnie-the-Pooh, a stuffed bear who was lured into various predicaments by his desire for pots of honey. Uses of Honeypots Preventing attacks Detecting attacks Responding to attacks Research HoneyPot Appin
  • 34.  Firewalls are a prevention technology; they are network or host solutions that keep attackers out.  IDSs are a detection technology; their purpose is to detect and alert security professionals about unauthorized or malicious activity.  Honeypots are tougher to define because they can be involved in aspects of prevention, detection, information gathering, and much more. Appin External DNS IDS Web Server E-Commerce VPN Server Firewall Hony Pot
  • 35.  Planning Security Assessments  Gathering Information About the Target  Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for Target Appin
  • 36. Examples of penetration testing for intrusive attack methods include: Automated vulnerability scanning Network Attacks Denial-of-service Attacks Password Attacks Network Sniffing Intrusive attack: Performing specific tasks that result in a compromise of system information, stability, or availability Appin
  • 37. Automated vulnerability scanning makes use of scanning tools to automate the following tasks: Banner grabbing and fingerprinting Exploiting the vulnerability Inference testing Security update detection Appin
  • 38. Throughout the document, each vulnerability or risk identified has been labeled as a Finding and Categorized as a High-Risk, Medium-Risk, or Low-Risk. In addition, each supplemental testing note. Appin
  • 39. DoS attacks can be divided into three categories: Flooding attacks Resource starvation attacks Disruption of service Denial-of-Service (DoS) attack: Any attempt by an attacker to deny his victim’s access to a resource Note: Denial-of-service attacks should not be launched against your own live production network Appin
  • 40. DoS attack Countermeasures Flooding attacks Ensure that your routers have anti-spoofing rules in place and rules that block directed broadcasts Set rate limitations on devices to mitigate flooding attacks Consider blocking ICMP packets Disruption of service Make sure that the latest update has been applied to the operating system and applications Test updates before applying to production systems Disable unneeded services Appin
  • 41. An attacker can perform network sniffing by performing the following tasks: Compromising the host Installing a network sniffer Using a network sniffer to capture sensitive data such as network credentials Using network credentials to compromise additional hosts Network sniffing: The ability of an attacker to eavesdrop on communications between network hosts 1 2 3 4 Appin
  • 42. To reduce the threat of network sniffing attacks on your network consider the following: Use encryption to protect data Use switches instead of hubs Secure core network devices Use crossover cables Develop policy Conduct regular scans Appin
  • 43. Common ways that attackers avoid detection include: Flooding log files Using logging mechanisms Attacking detection mechanisms Using canonicalization attacks Using decoys Appin
  • 44. Common ways that attackers avoid detection after an attack include: Installing rootkits Tampering with log files Appin
  • 45. Avoidance Technique Countermeasures Flooding log files Back up log files before they are overwritten Using logging mechanisms Ensure that your logging mechanism is using the most updated version of software and all updates Using canonicalization attacks Ensure that applications normalize data to its canonical form Using decoys Secure the end systems and networks being attacked Using rootkits Implement defense-in-depth strategies Appin
  • 46.  Planning Security Assessments  Gathering Information About the Target  Penetration Testing for Intrusive Attacks  Case Study: Assessing Network Security for Target Appin
  • 47. Project goal LON-SRV1 will be scanned for the following vulnerabilities and will be remediated as stated Vulnerability Remediation Network Scan Require developers to fix Network based applications Guest account enabled Disable guest account RPC-over-DCOM vulnerability Network Vulnerability Scan Appin
  • 48. The tools that will be used for the Target security assessment include the following: Nmap GFI Lan Guard Nessus Wireshark Netcut Metasploit Hydra Ettercap-NG, etc Appin
  • 49.  Significant, timely, and relevant vulnerability checks available.  It’s easy to write your own checks that are not available.  Engine requires a Linux server, client can be Linux or Microsoft Windows based Intelligent, assumes little, but uses what it learns as it scans.  Vendor neutral, so nothing is “sugar coated” and recommended fixes don’t point you towards their products. 49Appin
  • 50. 50 Nmap is a free, open source tool that quickly and efficiently performs ping sweeps, port scanning, service identification, IP address detection, and operating system detection. Nmap has the benefit of scanning a large number of machines in a single session. It’s supported by many operating systems, including Unix, Windows, and Linux. The state of the port as determined by an nmap scan can be open, filtered, or unfiltered. Open means that the target machine accepts incoming request on that port. Filtered means a firewall or network filter is screening the port and preventing nmap from discovering whether it’s open. Unfiltered mean the port is determined to be closed, and no firewall or filter is interfering with the nmap requests. Nmap supports several types of scans. Table 3.2 details some of the common scan methods. Appin
  • 51. 51  Simple Netcat connection between a Linux and Microsoft Windows machine. Appin
  • 52. 52 Similar to dsniff, Ettercap seems to be a little bit moreversatile and up to date. Appin
  • 53.  Perform port scanning using Nmap  Use Nmap and nessus to perform a vulnerability scan  Determine buffer overflow vulnerabilities  Use the Microsoft Baseline Security Analyzer to perform a vulnerability scan  Hydra can perform rapid dictionary attack against more then 30 protocols, including telnet, FTP, http, https and much more Appin
  • 54. Answer the following questions to complete the report: What risk does the vulnerability present? What is the source of the vulnerability? What is the potential impact of the vulnerability? What is the likelihood of the vulnerability being exploited? What should be done to mitigate the vulnerability? Where should the mitigation be done? Who should be responsible for implementing the mitigations? Appin
  • 55. Plan your security assessment to determine scope and goals Educate users to use strong passwords or pass-phrases Assume that the attacker already knows the exact operating system and version and take as many steps as possible to secure those systems    Keep systems up-to-date on security updates and service packs  Appin
  • 56.  Find additional security training events: http://www.microsoft.com/ireland/events/default.asp  Sign up for security communications: http://www.microsoft.com/technet/security/signup/d efault.mspx  Find additional e-learning clinics https://www.microsoftelearning.com/security/  Refer to Assessing Network Security Appin