SlideShare ist ein Scribd-Unternehmen logo

Network Security Tools

Emanuela Boroș
Emanuela Boroș
Technologie
1 von 44
Downloaden Sie, um offline zu lesen
Software Security Network Security Tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
Audit/Port Scanning Tools ● Nessus (Vulnerability scanner) #3 ● SAINT (Vulnerability scanner, Based on SATAN,developed by World Wide Security,Inc.) #110 ● Sara (Security Auditor’s Research Assistant, SANS Top 10 Threats, 1 May 2009) ● Nmap, strobe (Port scanners, strobe was one of the earliest port scanning tools, Nmap is the strobe's grandson)
Nessus Scanner
Nessus Scanner ● Available from http://www.nessus.org/products/nessus/ ● The world leading vulnerability scanner ● Free for home users, licensed on a yearly subscription for commercial businesses ● Easy-to-use tool ● Linux/Solaris/Windows/Android/iPhone ● Provides HTML based reports ● Client/server architecture: clients (Windows, Unix, Android, iPhone) & servers (Unix only)
Pros/Cons Pros ● Free vulnerability scanning ● Easy to install and use ● Up-to-date security vulnerability database ● Free for home users ● Powerful plug-in architecture Cons ● Needs activation code ● Some UI issues
Policies A Nessus “policy” consists of configuration options related to performing a vulnerability scan. ● External Network Scan ● scans externally facing hosts ● XSS plugin families ● all 65,535 ports are scanned ● Internal Network Scan ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned ● Web App Tests ● scans for vulnerabilities present in each of the parameters, including XSS, SQL, command injection ● Prepare for PCI DSS audits ● enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture
Server
Pros/Cons
Client
Case Studies Version: 4.4.1 Feed Type: Home OS: Windows 7/Android
Internal Network Scan ● Default policy ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned
Web Application Scanning With Credentials
Steps ● App that requires authentication ● Create a policy ● General - Port 80 ● Preferences ● HTTP login page ● Login page and login form (may be a different form) ● Look into you html and see what name fields or you can use a sniffer What it is used into a post request ● Ability to check for auth – login successfully with a timer – go to this page every delay to see if you're still logged – with a 120 seconds and you should see a regex Logout ● Web mirroring – regular expressions to exclude things – web spider to exclude logout.php cause that would log you out
Windows Scanning
Conclusions
Using Android Nessus app
Nmap
Nmap ● Insecure.Org ● free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network ● uses raw IP packets to determine what hosts are available on the network ● used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist
Nmap with Nessus
Advantages ● smart penetration testing ● nmap the best scanner ever and nessus one of our favorite vulnerability scanner ● effective and less time consumer
Case Study Steps ● used nmap for a quick scan on the local network to all the hosts in the subnet ● after the scan there will be different hosts and their open ports
Network Security Tools
Network Security Tools
Network Security Tools
Network Security Tools

Empfohlen

Security tools
Security toolsSecurity tools
Security toolsarfan shahzad
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
 
Introduction to Internet And Web
Introduction to Internet And WebIntroduction to Internet And Web
Introduction to Internet And WebRanjith Siji
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Security and Viruses
Security and VirusesSecurity and Viruses
Security and VirusesAmrit Kaur
 
virtual hosting and configuration
virtual hosting and configurationvirtual hosting and configuration
virtual hosting and configurationHAMZA AHMED
 

Empfohlen

Security tools
Security toolsSecurity tools
Security toolsarfan shahzad
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
 
Introduction to Internet And Web
Introduction to Internet And WebIntroduction to Internet And Web
Introduction to Internet And WebRanjith Siji
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Security and Viruses
Security and VirusesSecurity and Viruses
Security and VirusesAmrit Kaur
 
virtual hosting and configuration
virtual hosting and configurationvirtual hosting and configuration
virtual hosting and configurationHAMZA AHMED
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Data security
Data securityData security
Data securitySoumen Mondal
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.pptAfricaRealInformatic
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Threat Hunting with Data Science
Threat Hunting with Data ScienceThreat Hunting with Data Science
Threat Hunting with Data ScienceAustin Taylor
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptOECLIB Odisha Electronics Control Library
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN securityRajan Kumar
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Securityyousef emami
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 
05. performance-concepts
05. performance-concepts05. performance-concepts
05. performance-conceptsMuhammad Ahad
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Threat Hunting with Data Science
Threat Hunting with Data ScienceThreat Hunting with Data Science
Threat Hunting with Data ScienceAustin Taylor
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN securityRajan Kumar
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 
05. performance-concepts
05. performance-concepts05. performance-concepts
05. performance-conceptsMuhammad Ahad
 

Was ist angesagt? (20)

Ransomware
RansomwareRansomware
Ransomware
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Data security
Data securityData security
Data security
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.ppt
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Threat Hunting with Data Science
Threat Hunting with Data ScienceThreat Hunting with Data Science
Threat Hunting with Data Science
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentation
 
05. performance-concepts
05. performance-concepts05. performance-concepts
05. performance-concepts
 

Andere mochten auch

Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.pptDreamMalar
 
Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tulisan Komputer
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkAnimesh Roy
 
OpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerOpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerChandrak Trivedi
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 

Andere mochten auch (18)

Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
Nmap
NmapNmap
Nmap
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
Linux dasar
Linux dasarLinux dasar
Linux dasar
 
Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit Framework
 
OpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerOpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment Scanner
 
Nessus and Reporting Karma
Nessus and Reporting KarmaNessus and Reporting Karma
Nessus and Reporting Karma
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Nessus Scanner Vulnerabilidades
Nessus Scanner VulnerabilidadesNessus Scanner Vulnerabilidades
Nessus Scanner Vulnerabilidades
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

Ähnlich wie Network Security Tools

20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsxSuman Garai
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
INSECT | Security System Project | 2011
INSECT | Security System Project | 2011INSECT | Security System Project | 2011
INSECT | Security System Project | 2011Rainer Arencibia
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeMichele Chubirka
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityLumension
 
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanOSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanNETWAYS
 

Ähnlich wie Network Security Tools (20)

20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability Detection
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdf
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
INSECT | Security System Project | 2011
INSECT | Security System Project | 2011INSECT | Security System Project | 2011
INSECT | Security System Project | 2011
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
Port scanning
Port scanningPort scanning
Port scanning
 
Port scanning
Port scanningPort scanning
Port scanning
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New Hope
 
Computer security
Computer securityComputer security
Computer security
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Ready set hack
Ready set hackReady set hack
Ready set hack
 
nessus
nessusnessus
nessus
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditors
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs Security
 
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanOSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
 

Kürzlich hochgeladen

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

Network Security Tools

  • 1. Software Security Network Security Tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
  • 2. Audit/Port Scanning Tools ● Nessus (Vulnerability scanner) #3 ● SAINT (Vulnerability scanner, Based on SATAN,developed by World Wide Security,Inc.) #110 ● Sara (Security Auditor’s Research Assistant, SANS Top 10 Threats, 1 May 2009) ● Nmap, strobe (Port scanners, strobe was one of the earliest port scanning tools, Nmap is the strobe's grandson)
  • 4. Nessus Scanner ● Available from http://www.nessus.org/products/nessus/ ● The world leading vulnerability scanner ● Free for home users, licensed on a yearly subscription for commercial businesses ● Easy-to-use tool ● Linux/Solaris/Windows/Android/iPhone ● Provides HTML based reports ● Client/server architecture: clients (Windows, Unix, Android, iPhone) & servers (Unix only)
  • 5. Pros/Cons Pros ● Free vulnerability scanning ● Easy to install and use ● Up-to-date security vulnerability database ● Free for home users ● Powerful plug-in architecture Cons ● Needs activation code ● Some UI issues
  • 6. Policies A Nessus “policy” consists of configuration options related to performing a vulnerability scan. ● External Network Scan ● scans externally facing hosts ● XSS plugin families ● all 65,535 ports are scanned ● Internal Network Scan ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned ● Web App Tests ● scans for vulnerabilities present in each of the parameters, including XSS, SQL, command injection ● Prepare for PCI DSS audits ● enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture
  • 9.
  • 11. Case Studies Version: 4.4.1 Feed Type: Home OS: Windows 7/Android
  • 12. Internal Network Scan ● Default policy ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18. Web Application Scanning With Credentials
  • 19. Steps ● App that requires authentication ● Create a policy ● General - Port 80 ● Preferences ● HTTP login page ● Login page and login form (may be a different form) ● Look into you html and see what name fields or you can use a sniffer What it is used into a post request ● Ability to check for auth – login successfully with a timer – go to this page every delay to see if you're still logged – with a 120 seconds and you should see a regex Logout ● Web mirroring – regular expressions to exclude things – web spider to exclude logout.php cause that would log you out
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 28.
  • 29.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36. Nmap
  • 37. Nmap ● Insecure.Org ● free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network ● uses raw IP packets to determine what hosts are available on the network ● used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist
  • 39. Advantages ● smart penetration testing ● nmap the best scanner ever and nessus one of our favorite vulnerability scanner ● effective and less time consumer
  • 40. Case Study Steps ● used nmap for a quick scan on the local network to all the hosts in the subnet ● after the scan there will be different hosts and their open ports