SlideShare a Scribd company logo

2016 TTL Security Gap Analysis with Kali Linux

Download as PPTX, PDF
Jason Murray
Jason Murray

Using Kali Linux to scan a network, we observe the current state of a network. Gap analysis road maps benchmarks to arrive at the desired state.

Technology
1 of 36
Gap Analysis & Security Evaluation Jason Murray, D.CS Cornwall-Lebanon SD www.slideshare.net/jasonmurray72
Goals • Awareness • Information Gathering • Phases of Exploitation – Think like a hacker • Security Gap Analysis Framework • Demonstrate a few Kali Linux tools
How vulnerable are you?
How easy is it to gather information?
FireForce
sqlmap –u [URL]
What happens if we become a target?
5 Phases of Exploitation 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks
Reconnaissance • Target – Internal DNS – Private Website – Dumpster Diving – Shoulder Surfing – Eavesdropping
Reconnaissance – Whiteboarding • Phone • Network • Websites • Email • Google • WhoIs • AnyWho • DNS • Social Network • IP Blocks • Net Blocks • Web Server Content • Source Code • Directories • Databases • Search Engines • URL Analysis • Google Earth • People Sites • Financial Analysis • Job Sites • Alert Websites • Archive Sites • Web Monitoring • Google Dorking
Target - Demo
Scanning • Layer 4 – TCP (flags) & UDP • Layer 3 – IP (v4 or v6) & ICMP – Host – Ports & Services – Vulnerabilities – Diagrams
Scanning - Tools • DNS Enumeration • nikTo • hping3 • NMAP – ZenMap
Advanced • Gaining Access • Maintaining Access • Covering Tracks
Avoid Getting Targeted
Security Gap Analysis
Team • Considerations – IT staff – Security – End Users • Teachers • Students • Community – Management – Tech savvy & non-savvy
Step 1: Policy, Procedure, & Guideline • Standards – COBIT – ISO 27001
Step 1: Policy, Procedure, & Guideline • Pen Testing Standards – Open Web Application Security Project – Penetration Testing Execution Standard – Open Source Security Testing Methodology Manual – Penetration Testing Framework
Step 1: Policy, Procedure, & Guideline • Who has access/privileges? – For how long? – Vendors vpn? – Retirees/terminations? – Logging? • Updates? – Every node? • Passwords – Saved in browser? – Frequency of changes?
Step 2: Audit • Permission • Scope – Physical and/or electronic • Social engineering – Timetable – Resources (outsourced/in house) • Review Framework – Following policies (awareness) • Openings – Ports – Human Factor – Physical equipment
Step 2: Audit • Device Security – Encryption – Password – Device storage – Device on a non-secure network
Step 2: Audit • Physical Security – Access to infrastructure – Environmental safeguards • Temperature • Humidity – Protection safeguards • Fire • Water
Step 2: Audit • Personnel Security – Staff backgrounds – Security awareness programs that discourage insider attacks – Protection against terminated staff – Repercussions of malicious violation of information security
Step 2: Audit • OpenVAS
Step 3: Technical Review • Up to date – Software/patches – Policies • Awareness – Justification for openings • Consistency – OS, antivirus, update procedures • Vulnerability/risk management • Encryption
Step 4: Findings & Prioritization Summary • Review the findings • Organize & arrange tasks to fix gaps – Electronic – Policy, procedures, guidelines – Physical • Update Risk Management Strategy
Questions
Resources • CIO • Faulkner Information Services • Forbes • Pen Test Frameworks • Tech Target • University of Minnesota • YouSigma
Kali Resources • Free Education For All (120 lessons) • JackkTutorials • Royal Hacks • Royal Hacks (advanced) • Kali Linux Tutorials
2016 TTL Security Gap Analysis with Kali Linux

Recommended

Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Linux/Unix Night - (PEN) Testing Toolkits (English)
Linux/Unix Night - (PEN) Testing Toolkits (English)Linux/Unix Night - (PEN) Testing Toolkits (English)
Linux/Unix Night - (PEN) Testing Toolkits (English)Jelmer de Reus
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 

Recommended

Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Linux/Unix Night - (PEN) Testing Toolkits (English)
Linux/Unix Night - (PEN) Testing Toolkits (English)Linux/Unix Night - (PEN) Testing Toolkits (English)
Linux/Unix Night - (PEN) Testing Toolkits (English)Jelmer de Reus
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarisedSanchit Srivastava
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxChanchal Dabriya
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXDeborah Akuoko
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxshamsaot
 
Kali linux
Kali linuxKali linux
Kali linuxafraalfalasii
 
Kali linux
Kali linuxKali linux
Kali linuxAadhithyanPandian
 
Kali linux
Kali linuxKali linux
Kali linuxMaryamAlR
 
Kali linux
Kali linuxKali linux
Kali linuxfutaimbinlahej
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxShubham Agrawal
 
kali linux
kali linuxkali linux
kali linuxDarshan Dalwadi
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar reportAbhayNaik8
 
Kalilinux
KalilinuxKalilinux
Kalilinuxalmuhairi2000
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5Ayush Goyal
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 
Kali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsKali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsRassoul Ghaznavi Zadeh
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 

More Related Content

What's hot

penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXDeborah Akuoko
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxshamsaot
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar reportAbhayNaik8
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 

What's hot (20)

kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarised
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUX
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
kali linux
kali linuxkali linux
kali linux
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux Presentaion
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar report
 
Kalilinux
KalilinuxKalilinux
Kalilinux
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short description
 

Viewers also liked

Kali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsKali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsRassoul Ghaznavi Zadeh
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Business gap analysis pdf
Business gap analysis pdfBusiness gap analysis pdf
Business gap analysis pdfKalpana Venky
 

Viewers also liked (12)

Kali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsKali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration Tools
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Gap analysis
Gap analysisGap analysis
Gap analysis
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 
Business gap analysis pdf
Business gap analysis pdfBusiness gap analysis pdf
Business gap analysis pdf
 

Similar to 2016 TTL Security Gap Analysis with Kali Linux

SECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxSECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxFarzanMansoor1
 
The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…Christopher Kranich
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOAPeter Henley
 
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdfGnanavi2
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im finalcavapyta
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im finalcavapyta
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion DetectionAPNIC
 
educational content,educational content,educational content,
educational content,educational content,educational content,educational content,educational content,educational content,
educational content,educational content,educational content,Olajide Kuku
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
Threat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseThreat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseShivamSharma909
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunk
 
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.pptch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.pptgealehegn
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
 

Similar to 2016 TTL Security Gap Analysis with Kali Linux (20)

SECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxSECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptx
 
The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im final
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im final
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
 
educational content,educational content,educational content,
educational content,educational content,educational content,educational content,educational content,educational content,
educational content,educational content,educational content,
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
 
Threat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseThreat Hunting Professional Online Training Course
Threat Hunting Professional Online Training Course
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCP
 
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.pptch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
ch03Threat Modeling - Locking the Door to Vulnerabilities.ppt
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
 

More from Jason Murray

Desktop Support Essentials
Desktop Support EssentialsDesktop Support Essentials
Desktop Support EssentialsJason Murray
 
Schoology Features
Schoology FeaturesSchoology Features
Schoology FeaturesJason Murray
 
Literacy Resources
Literacy ResourcesLiteracy Resources
Literacy ResourcesJason Murray
 
Technology Leadership: Transforming a Culture
Technology Leadership: Transforming a CultureTechnology Leadership: Transforming a Culture
Technology Leadership: Transforming a CultureJason Murray
 
Creating Effective elearning
Creating Effective elearningCreating Effective elearning
Creating Effective elearningJason Murray
 
Gamification – Instructional Design Strategy
Gamification – Instructional Design StrategyGamification – Instructional Design Strategy
Gamification – Instructional Design StrategyJason Murray
 
Virtualized Professional Development
Virtualized Professional DevelopmentVirtualized Professional Development
Virtualized Professional DevelopmentJason Murray
 
Second Life: The Distance Ed Vehicle
Second Life: The Distance Ed VehicleSecond Life: The Distance Ed Vehicle
Second Life: The Distance Ed VehicleJason Murray
 
CLSD Technology Partial Roadmap - Admin Retreat
CLSD Technology Partial Roadmap - Admin RetreatCLSD Technology Partial Roadmap - Admin Retreat
CLSD Technology Partial Roadmap - Admin RetreatJason Murray
 
A strategic view of mobile device management
A strategic view of mobile device managementA strategic view of mobile device management
A strategic view of mobile device managementJason Murray
 
Student Tech Possibilities
Student Tech PossibilitiesStudent Tech Possibilities
Student Tech PossibilitiesJason Murray
 
Mobile Apps for Education
Mobile Apps for EducationMobile Apps for Education
Mobile Apps for EducationJason Murray
 
Flavors of linux - framework
Flavors of linux - frameworkFlavors of linux - framework
Flavors of linux - frameworkJason Murray
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Virtualized professional development
Virtualized professional developmentVirtualized professional development
Virtualized professional developmentJason Murray
 
Mobile learning tools
Mobile learning toolsMobile learning tools
Mobile learning toolsJason Murray
 

More from Jason Murray (20)

Desktop Support Essentials
Desktop Support EssentialsDesktop Support Essentials
Desktop Support Essentials
 
Schoology Features
Schoology FeaturesSchoology Features
Schoology Features
 
Literacy Resources
Literacy ResourcesLiteracy Resources
Literacy Resources
 
Technology Leadership: Transforming a Culture
Technology Leadership: Transforming a CultureTechnology Leadership: Transforming a Culture
Technology Leadership: Transforming a Culture
 
Creating Effective elearning
Creating Effective elearningCreating Effective elearning
Creating Effective elearning
 
1 to 1 Logistics
1 to 1 Logistics1 to 1 Logistics
1 to 1 Logistics
 
Refining Linux
Refining LinuxRefining Linux
Refining Linux
 
Gamification – Instructional Design Strategy
Gamification – Instructional Design StrategyGamification – Instructional Design Strategy
Gamification – Instructional Design Strategy
 
Virtualized Professional Development
Virtualized Professional DevelopmentVirtualized Professional Development
Virtualized Professional Development
 
Flipped Meetings
Flipped MeetingsFlipped Meetings
Flipped Meetings
 
Second Life: The Distance Ed Vehicle
Second Life: The Distance Ed VehicleSecond Life: The Distance Ed Vehicle
Second Life: The Distance Ed Vehicle
 
Alice training
Alice trainingAlice training
Alice training
 
CLSD Technology Partial Roadmap - Admin Retreat
CLSD Technology Partial Roadmap - Admin RetreatCLSD Technology Partial Roadmap - Admin Retreat
CLSD Technology Partial Roadmap - Admin Retreat
 
A strategic view of mobile device management
A strategic view of mobile device managementA strategic view of mobile device management
A strategic view of mobile device management
 
Student Tech Possibilities
Student Tech PossibilitiesStudent Tech Possibilities
Student Tech Possibilities
 
Mobile Apps for Education
Mobile Apps for EducationMobile Apps for Education
Mobile Apps for Education
 
Flavors of linux - framework
Flavors of linux - frameworkFlavors of linux - framework
Flavors of linux - framework
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Virtualized professional development
Virtualized professional developmentVirtualized professional development
Virtualized professional development
 
Mobile learning tools
Mobile learning toolsMobile learning tools
Mobile learning tools
 

Recently uploaded

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Recently uploaded (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

2016 TTL Security Gap Analysis with Kali Linux

  • 1. Gap Analysis & Security Evaluation Jason Murray, D.CS Cornwall-Lebanon SD www.slideshare.net/jasonmurray72
  • 2. Goals • Awareness • Information Gathering • Phases of Exploitation – Think like a hacker • Security Gap Analysis Framework • Demonstrate a few Kali Linux tools
  • 4.
  • 5. How easy is it to gather information?
  • 7.
  • 9. What happens if we become a target?
  • 10. 5 Phases of Exploitation 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks
  • 11. Reconnaissance • Target – Internal DNS – Private Website – Dumpster Diving – Shoulder Surfing – Eavesdropping
  • 12. Reconnaissance – Whiteboarding • Phone • Network • Websites • Email • Google • WhoIs • AnyWho • DNS • Social Network • IP Blocks • Net Blocks • Web Server Content • Source Code • Directories • Databases • Search Engines • URL Analysis • Google Earth • People Sites • Financial Analysis • Job Sites • Alert Websites • Archive Sites • Web Monitoring • Google Dorking
  • 14.
  • 15.
  • 16. Scanning • Layer 4 – TCP (flags) & UDP • Layer 3 – IP (v4 or v6) & ICMP – Host – Ports & Services – Vulnerabilities – Diagrams
  • 17. Scanning - Tools • DNS Enumeration • nikTo • hping3 • NMAP – ZenMap
  • 18. Advanced • Gaining Access • Maintaining Access • Covering Tracks
  • 20.
  • 22. Team • Considerations – IT staff – Security – End Users • Teachers • Students • Community – Management – Tech savvy & non-savvy
  • 23. Step 1: Policy, Procedure, & Guideline • Standards – COBIT – ISO 27001
  • 24. Step 1: Policy, Procedure, & Guideline • Pen Testing Standards – Open Web Application Security Project – Penetration Testing Execution Standard – Open Source Security Testing Methodology Manual – Penetration Testing Framework
  • 25. Step 1: Policy, Procedure, & Guideline • Who has access/privileges? – For how long? – Vendors vpn? – Retirees/terminations? – Logging? • Updates? – Every node? • Passwords – Saved in browser? – Frequency of changes?
  • 26. Step 2: Audit • Permission • Scope – Physical and/or electronic • Social engineering – Timetable – Resources (outsourced/in house) • Review Framework – Following policies (awareness) • Openings – Ports – Human Factor – Physical equipment
  • 27. Step 2: Audit • Device Security – Encryption – Password – Device storage – Device on a non-secure network
  • 28. Step 2: Audit • Physical Security – Access to infrastructure – Environmental safeguards • Temperature • Humidity – Protection safeguards • Fire • Water
  • 29. Step 2: Audit • Personnel Security – Staff backgrounds – Security awareness programs that discourage insider attacks – Protection against terminated staff – Repercussions of malicious violation of information security
  • 30. Step 2: Audit • OpenVAS
  • 31. Step 3: Technical Review • Up to date – Software/patches – Policies • Awareness – Justification for openings • Consistency – OS, antivirus, update procedures • Vulnerability/risk management • Encryption
  • 32. Step 4: Findings & Prioritization Summary • Review the findings • Organize & arrange tasks to fix gaps – Electronic – Policy, procedures, guidelines – Physical • Update Risk Management Strategy
  • 34. Resources • CIO • Faulkner Information Services • Forbes • Pen Test Frameworks • Tech Target • University of Minnesota • YouSigma
  • 35. Kali Resources • Free Education For All (120 lessons) • JackkTutorials • Royal Hacks • Royal Hacks (advanced) • Kali Linux Tutorials