Introduction to Vulnerability Assessment Labs - PowerPoint PPT Presentation

About This Presentation
Title:

Introduction to Vulnerability Assessment Labs

Description:

Nessus Remote vulnerability scanner Nessus will Perform over 900 security checks Accept new plugins to expand new checks List security concerns and recommend ... – PowerPoint PPT presentation

Number of Views:229
Avg rating:3.0/5.0
Slides: 33
Provided by: nic1162
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Vulnerability Assessment Labs


1
Introduction to Vulnerability Assessment Labs
  • Ge Zhang
  • ge.zhang_at_kau.se
  • Dvg-C03

2
Schedule
  • 4 Attacking methods
  • Traffic sniffing
  • ARP spoofing
  • Password cracking
  • Port Scanning
  • 1 Defense methods
  • Firewall configuration
  • 2 Vulnerability assessment tool
  • Nessus
  • Bastille
  • Summarizing Report on its learning (1-2 pages)

3
Environment
  • 3 VM images (c\VMware\valab-ht10\)
  • Windows, Fedora (angel), Fedora (devil)

4
Sniffing
  • Hub a hub simply receives incoming packets and
    broadcasts these packets out to all devices on
    the network
  • Adapt promiscuous mode an adapter can receive
    all frames on the network, not just frames are
    addressed to that adapter

5
Wireshark
6
Wireshark
7
Sniffing practice
  • Surfing with the browser on the host machine
  • Sniff the HTTP traffic using wireshark on the VM

8
Hub v.s. switch
  • Hub Layer 1 (physical)
  • Switch Layer 2 (data-link)

9
ARP (Address Resolution Protocol)
  • MAC address (layer 2)
  • Global unique
  • Unchangeable
  • IP address (layer 3)
  • Network unique
  • Changeable

10
ARP spoofing (cache poisoning) on switch
11
Preparation
  • ipconfig /all
  • Let me know the last number of your ip address
    and mac address
  • ping hostname t

12
Cain
13
Cain
14
Cain
15
Password Cracking
  • Authentication
  • Something you know
  • Something you have
  • Something you are
  • Password need to be transferred
  • Password need to be stored

16
Brute Force
  • Attempts all possible combinations of letters and
    numbers
  • Possible Solution
  • Limit amount of unsuccessful logins
  • Change password often
  • The length should be at least 8 characters

17
Dictionary
  • Type of Brute Force
  • Only tries possibilities that are likely to
    succeed
  • List are derived from dictionary
  • Possible Solutions
  • Mix and match numbers, letters, upper and lower
    case
  • Avoid passwords based on dictionary words, letter
    or number sequences, usernames, or biographical
    information

18
John the ripper
  • Traditionally the account information is stored
    in the /etc/passwd file
  • The /etc/passwd file is world-readable
  • Shadow password system stores passwords in the
    file /etc/shadow which is not world-readable
  • unshadow /etc/passwd /etc/shadow gt tmp
  • less tmp /have a look/
  • john tmp
  • Then create your own account and password, run
    john again to see the result
  • useradd your account
  • passwd your account

19
Port Scanning
  • Attackers wish to discover services they can
    break into.
  • Whether the service existing?
  • sending a packet to each port, once at a time.
  • Based on the type of response, an attacker knows
    if the port is used.
  • The used ports can be probed further for
    weakness.
  • Well-known tcp 21, tcp 22, tcp 23, tcp 80

20
Nmap
  • -sT (scanning by TCP connections)
  • -sS (SYN scanning)
  • -sU (UDP scanning)
  • -sV (Version detection)
  • -O (OS fingerprinting)
  • -T0-5 (time interval)
  • -f (fragmenting)

21
Nmap
22
Nmap
  • Zenmap graphical interface

23
Firewall
  • A set of related programs that protects the
    resources of a private network or a host from
    external environment.
  • A mechanism for filtering network packets based
    on information contained within the IP header.

24
IPtables
  • 3 default chains
  • input Used to control packets entering the
    interface. (The packets will be ended in this
    machine)
  • output Used to control packets leaving the
    interface. (The packets are originated from this
    machine)
  • forward Used to control packets being
    masqueraded, or sent to remote hosts.

25
IPtables
  • iptables command match target
  • Command -A, -I, -D, -F, -L
  • Match -p protocol, -s source IP, -d
    destination IP, -i interface, --sport source
    port, --dport destination port
  • Target -j ACCEPT/DROP/LOG
  • Example
  • iptables I INPUT p ICMP j DROP
  • iptables I INPUT p ICMP icmp-type 0 j ACCEPT
  • Our task restrict all inbound traffic, except
    SSH requests on port 22. However, any outgoing
    requests should not be affected.

26
Nessus
  • Remote vulnerability scanner
  • Nessus will
  • Perform over 900 security checks
  • Accept new plugins to expand new checks
  • List security concerns and recommend actions to
    correct them

27
Nessus
  • Client/server architecture
  • Server perform checking
  • Client Front-end
  • Can test unlimited amount of hosts in each scan

28
Nessus
29
Nessus
30
Bastille
  • Operating System Hardening
  • Remove unnecessary processes
  • Setting file permissions
  • Patching and updating
  • Setting networking access controls
  • Generate your own hardening policy
  • Can be run manually to provide advice and
    information

31
Bastille
  • Assessment mode bastille -a

32
Bastille
  • Configuration mode bastille -x
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Introduction to Vulnerability Assessment Labs" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!