Vulnerability Scanning - PowerPoint PPT Presentation

About This Presentation
Title:

Vulnerability Scanning

Description:

Re-ordered the report to indicate which CVEs were reported by the most ... Many frivolous 'vulnerabilities' detected, making it difficult to get useful results ... – PowerPoint PPT presentation

Number of Views:1721
Avg rating:3.0/5.0
Slides: 9
Provided by: mo489
Category:

less

Transcript and Presenter's Notes

Title: Vulnerability Scanning


1
Vulnerability Scanning
  • Michael Overton, Jason Ferris, Erik Brown

2
Scanners Used
  • Nessus
  • Covered the most CVEs, but missed some things
  • SARA
  • Only gave a subset of Nessus results
  • X-Scan
  • Also only a subset of Nessus results
  • ISS
  • Not particularly useful (though only the trial)
  • Retina
  • Gave a lot of results
  • Little intersection with the others

3
Network Scanned
  • Small private network
  • Benefits
  • Feasible to use trial version software
  • Viable simulation of larger network running
    several machines using the same hard disk image
  • Issues
  • Hard to gather statistically significant data

4
Reporting Methodology
  • Compilation of scan results done by hand
  • No team members particularly skilled in a viable
    scripting language
  • Small number of reports made hand compilation
    more feasible, but it became quickly apparent
    that this method would not scale well
  • Sorted final results both by majority voting and
    severity rating

5
Majority Voting
  • Compiled the list of CVEs found by each scanner
  • Re-ordered the report to indicate which CVEs were
    reported by the most number of scanners
  • Top Five

CVE Retina Nessus X-Scan SARA ISS
CVE-1999-0505 x x x x
CVE-1999-0519 x x x x
CVE-2000-1200 x x x x
CVE-1999-0504 x x
CVE-1999-0524 x x
6
Severity Rating
  • Cross correlated CVEs with CVSS base score
  • Nessus and Retina covered the top five
    predominately
  • Top Five

CVE CVSS Base Score Retina Nessus X-Scan SARA ISS
CVE-2000-0222 10 x x
CVE-1999-0535 10 x
CVE-2004-1094 10 x
CVE-2005-3595 10 x
CVE-2007-2446 10 x
7
Metasploit
  • Because of the small size of the network, the
    number of possible exploits were limited
  • Many required user interaction or previously
    established host access
  • Setup, but did not utilize a Samba exploit

8
Conclusions
  • Nessus and Retina seemed to be the best of the
    ones we used
  • Many scanners seemed to focus on detecting
    vulnerabilities specifically not detected by
    other scanners, requiring the use of many
    scanners to detect most vulnerabilities
  • Many frivolous vulnerabilities detected, making
    it difficult to get useful results
Write a Comment
User Comments (0)
About PowerShow.com