Security Essentials Toolkit Nmap

1
Security Essentials ToolkitNmap
2
Outline

• Description
• Purpose
• Principle and Pre-Study
• Required Facilities
• Challenge Procedure
• Summary
• Reference

3
Description

• Reconnaissance is key for an attacker to be
  successful.
• To defend against attacks, you should examine
  your systems from the viewpoint of the attacker.
• Use some tools that you can see what the
  attackers see, and then you can patch any
  vulnerabilities.
• Nmap is a classic example of a reconnaissance
  tool.

4
Purpose

• To know
• The features and role of Nmap in auditing
  systems.
• How to install, use, and analyze the output of
  Nmap.

5
Principle and Pre-Study

• Hackers attack methodology.
• Why we need Scanning Tools ?

6
Required Facilities

• Permission
• Do not proceed without receiving the
  necessary permissions.
• Hardware
• Intel-based PC
• Software
• Windows OS and Linux OS
• Nmap
• http//www.insecure.org/nmap/

7
Challenge Procedure

• Step 1Install Nmap (Skip)
• Step 2Review Nmap Option
• Step 3Test Nmap

8
Step 2Nmap Option (1/2)

• By scan type
• Hosts (-sP)
• TCP Ports (-sT)
• RPC servers (-sR)
• SYN scan (-sS)
• FIN scan (-sF), Xmas tree (-sX), null scan (-sN)
• ACK scan (-sA)
• Scanning for UDP Ports (-sU)

9
Step 2Nmap Option (2/2)

• By other function
• Fragmentation (-f)
• Decoys (-D)
• OS Fingerprinting (-O)
• Timing (-T option)

10
Step 3Test Nmap (NMapWin v1.3.1)
11
Step 3Test Nmap (Linux Nmap)
12
Summary

• Nmap is an powerful tool that allows
  administrators, as well as attackers, to
  determine what services and ports are open on a
  particular device.
• Nmap scans of your network should be run
  frequently to verify that new services or ports
  have not been unknowingly add your environment.

13
The premier open source Vulnerability Assessment
tool
14
Outline

• Description
• Purpose
• Principle and Pre-Study
• Required Facilities
• Step by step
• Summary
• Reference

15
Description (I)

• A security scanner is a software which will audit
  remotely a given network and determine whether
  crackers may break into it, or misuse it in some
  way.
• Nessus is a free, open source vulnerability
  scanner that provide a view of your networks as
  seen by outsiders.

16
Description (II)

• Nessus also provide many kinds of detailed report
  that identifies the vulnerabilities and the
  critical issues that need to be corrected.
• Nessus Features
• Plugin-based
• Exportable report

customized security checks can be written in C or
NASL2(Nessuss Scripting Language ver. 2)
Support many kinds of export report, like ASCII
text, LaTex and HTML
17
Purpose

• Teach you how to install, configure and use
  Nessus.
• You will also learn how to interpret its output.

18
Principle and Pre-Study
Nessus Client and Server architecture
19
Required Facilities

• Permission
• Do not proceed without receiving the
  necessary permissions
• Hardware
• PC or Workstation with UNIX-based OS
• Software
• Client
• GTK- the gimp toolkit, version 1.2
• Server
• OpenSSL
• The latest stable release is nessus 2.0.9

20
Step (I) install nessus

• Some way to install
• lynx -source http//install.nessus.org sh
• dangerous
• sh nessus-installer.sh
• Easy and less dangerous
• Install the nessus tarball archives individually
• nessus-libraries
• libasl
• nessus-core
• nessus-plugins

Safe, but noisy
21
Step (II) create nessusd account
add the client users account
The authentication method by password check
Edit users right
22
Step (III) create nessusd account
The authentication method by key change
The key information of user
23
Step (IV) Configure your nessusd
Maximum number of simultaneous host tested

• Edit the file /usr/local/etc/nessus/nessus.conf
• plugins_folder /usr/local/lib/nessus/plugins
• max_hosts 30
• max_checks 10
• logfile /usr/local/var/nessus/logs/nessusd.messa
  ges
• log_whole_attack yes
• rules /usr/local/etc/nessus/nessusd.rules
• users /usr/local/etc/nessus/nessusd.users
• cgi_path /cgi-bin/scripts
• port_range default
• use_mac_addr no
• plugin_upload no
• slice_network_addresses no
• Execute nessusd D
• Default listen on TCP 1241
• Execute nessus

Maximum number of simultaneous checks
Scan the range of port found in /etc/services
Can users upload plugins?
Safely start nessusd as root on TCP 1241
24
Step (V) Nessus client configuration (UNIX)
The nessusd servers address
The open port number of nessusd
Login user name
User password
Click on Log in
25
The test would not cause the target host crash
26
The scan range
You can give extra information to some security
check so that the audit is more complete
Send the test result to defined mail address
Avoid the detection by IDS
Choice the scan tools
27
Input the targets address
allow a user to restrict his test. For instance,
I want to test 10.163.156.1/24, except
10.163.156.5. The ruleset I entered allows me to
do that.
A single IP address 10.163.156.1
A range of IP addresses 10.163.156.1-254
A range of IP addresses in CIDR 10.163.156.1/24
A hostname in Full Qualified Domain Name
notation hope.fr.nessus.org
28
The Nessus Knowledge Base Feature Allow user
can save the Knowledge base in client host
Nessus information
29
Step (VI) the scan process
The targets open port
Scaning
The security level
Comments of this note
The resource of this security include know-how
and the solution
30
Step (VI) the export of the data
Report in nessus clinent format
export to XML
LaTeX format can be output to PDF
Report in Html with graphs
Report in Html with graphs
31
Summary

• PC Magazine nominated Nessus as being one of the
  Best Products of 2003", in the "open-source"
  category !
• Nessus is a powerful vulnerability assessment and
  port scanner that allows you to see the same view
  of your network that an outsider sees.

32
Reference

• Nessus Nessus WX website
• http//www.nessus.org
• NeWT website
• http//www.tenablesecurity.com/newt.html
• PC Manage
• http//www.pcmag.com/article2/0,4149,1420870,00.as
  p

33
(No Transcript)
34
Appendix A other nessus commands

• nessus-build
• Script can be used to build a .nes nessus plugin
  from a .c source file.
• nessus-config
• Displays compiler/linker flags for the nessus
  libaries
• nessus-mkcert-client
• Create a client certificate
• Protects the communication between the client and
  the server by using SSL. SSL requires the server
  to present a certificate to the client, and the
  client can optionally present a certificate to
  the server.
• nessus-mkrand
• Create a file with random bytes
• nessus-adduser
• Is a simple program which will add a user in the
  proper nessusd configuration files, and wil send
  a singal to nessusd if it is running to notify it
  of the changes.

35
Appendix B - NessusWX

• Nessus Client for Win32 http//nessuswx.nessus.org
  /
• Current version 1.4.4

36
(No Transcript)
37
(No Transcript)
38
(No Transcript)
39
Options port scan properties
40
Connection comments
41
(No Transcript)
42
(No Transcript)
43
(No Transcript)
44
(No Transcript)
45
Applendix C commercial product

• NeWT 1.0
• A native port of Nessus under Windows, which is
  very easy to install and to use
• This is a commercial product from Tenable Network
  Security

46
Start Screen
47
Scan config
48
Scan in progress
49
Example report