1 Scope of Assessment



Similar documents
NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Lab Objectives & Turn In

Vulnerability Scan. January 6, 2015

Penetration Testing Workshop

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Penetration Testing with Kali Linux

Vulnerability analysis

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Vulnerability Assessment Lab

ASV Scan Report Attestation of Scan Compliance

Vulnerability Assessment and Penetration Testing

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Payment Card Industry (PCI) Executive Report 08/04/2014

Cyber Essentials. Test Specification

Penetration Testing. What Is a Penetration Testing?

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Firewall Firewall August, 2003

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Software Vulnerability Assessment

Running head: USING NESSUS AND NMAP TOOLS 1

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Penetration Testing SIP Services

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

SCP - Strategic Infrastructure Security

Medical Device Security Health Group Digital Output

Firewall Access Request Form

Payment Card Industry (PCI) Executive Report 10/27/2015

IBM. Vulnerability scanning and best practices

Cyber Security Scan Report

SNI Vulnerability Assessment Report

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

Introduction to Laboratory Assignment 3 Vulnerability scanning with OpenVAS

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux

Payment Card Industry (PCI) Executive Report. Pukka Software

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Penetration Testing Report Client: Business Solutions June 15 th 2015

CIT 380: Securing Computer Systems

Linux MDS Firewall Supplement

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

EVALUATION OF TOOLS FOR CYBER SECURITY

The Trivial Cisco IP Phones Compromise

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

FREQUENTLY ASKED QUESTIONS

PIX/ASA 7.x with Syslog Configuration Example

Firewalls and Software Updates

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.


Lab 9: Pen Testing (NESSUS)

Vulnerability Management in Software: Before Patch Tuesday KYMBERLEE PRICE BUGCROWD

Vulnerability Scanning & Management

User Manual of the Pre-built Ubuntu Virutal Machine

Intelligence Gathering. n00bpentesting.com

Firewall implementation and testing

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

Pwning Intranets with HTML5

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

Running a Default Vulnerability Scan SAINTcorporation.com

Lab 10: Security Testing Linux Server

Metasploit Lab: Attacking Windows XP and Linux Targets

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

noway.toonux.com 09 January 2014

SCADA Security Example

Running a Default Vulnerability Scan

Attack Graph Techniques

Real Time Performance of a Security Hardened RedHawk Linux System During Denial of Service Attacks

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

State of Minnesota. Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

SERVICE SCHEDULE PULSANT ENTERPRISE CLOUD SERVICES

Security of IPv6 and DNSSEC for penetration testers

Laboration 3 - Administration

Cannot send Autosupport , error message: Unknown User

GL550 - Enterprise Linux Security Administration

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

External Network Penetration Test Report

ENTERPRISE LINUX SECURITY ADMINISTRATION

8 Steps for Network Security Protection

How to build a security assessment program. Dan Boucaut

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

How To Fix A Snare Server On A Linux Server On An Ubuntu (Amd64) (Amd86) (For Ubuntu) (Orchestra) (Uniden) (Powerpoint) (Networking

Penetration Testing LAB Setup Guide

Network Traffic Analysis

Background (

Transcription:

CIT 380 Project Network Security Assessment Due: April 30, 2014 This project is a security assessment of a small group of systems. In this assessment, students will apply security tools and resources learned in labs to a a set of unknown systems. They will synthesize the output of security tools and the results of research into a report evaluating the security of each unknown system. This document is divided into the following sections: scope of the assessment (which resources are to be assessed), the rules of engagement (specification of what actions are permitted during the assessment), resources required (security tools), references (information sources), procedure, and report format and submission details. 1 Scope of Assessment The assessment is limited to the following IP addresses. 10.2.3.220 10.2.3.221 2 Rules of Engagement Students may use any security tools to perform a security evaluation of the systems listed in the Scope of Assessment. These tools should include but are not limited to those listed in the Resources Required. Security tools can be used to identify potential vulnerabilities and verify these potential vulnerabilities through the use of exploits. However, no tools that are designed to crash a system or otherwise create a denial of service attack may be used. Students may not port scan, vulnerability scan, or attempt to exploit any IP addresses outside those listed in the Scope of Assessment. In general, no security tool may be deployed against any IP addresses outside of the ones listed. Of course, students may contact other servers to search the web and perform research, such as by using the references below. 1

3 Resources Required Students will need the following data and tools to create and test the software: Kali VM nmap port scanner OpenVAS vulnerability scanner Metasploit 4 References Students will find the following references useful in performing the assessment and writing the assessment report. Kali Linux Documentation, http://www.kali.org/official-documentation/. CVE Details, http://www.cvedetails.com/, provides information about reported vulnerabilities and can be searched by vendor, service, and vulnerability. Metasploit Unleashed, http://www.offensive-security.com/metasploit-unleashed/, provides information on how to use Metasploit to exploit systems. Nmap Documentation, http://nmap.org/docs.html, will help to find scan options and show how to best understand nmap output. 5 Procedure 5.1 Network Scanning and Enumeration Scan each IP address listed in the Scope with nmap. Scans should verify that the systems are up before proceeding, then identify the operating systems of each system, and finally identify both the names and versions of the running 2

services on each system. Students will need to scan all TCP and UDP ports as well as obtain all of the detailed data that nmap can offer by using the -A option. 5.2 Vulnerability Research First, lookup the operating system type and version that were reported by network scanning tools on CVE details. Next, lookup any services, such as IIS or Apache, whose names were identified in the previous step. Use service versions to determine which vulnerabilities apply to the system under assessment. Compare these lists of vulnerabilities with the ones found in the next step: vulnerability scanning. 5.3 Vulnerability Scanning We configured and used the OpenVAS vulnerability scanner in lab. Students may need to restart the three server daemons as we did at the end of the OpenVAS setup process, but no other setup should be necessary. Create scan configurations for each of the targets. Be sure that you can ping a target before beginning an OpenVAS scan. If an OpenVAS scan reports zero vulnerabilities, then there was an error during the scan or the target was not up. 5.4 Vulnerability Validation With the exception of denial of service vulnerabilities, all reported vulnerabilities with a severity of high or medium must be validated. Severity levels are the level reported by OpenVAS or the CVSS score shown on CVE details. Students should first search Metasploit to find exploits for validation. Search terms should include vulnerability identifiers like CVE numbers, service names like Apache or IIS, service versions, and text from the OpenVAS or CVE Details vulnerability description. If an exploit is successful against a system, then the reported vulnerability has been validated. If an exploit cannot be found in Metasploit, research the vulnerability in 3

vulnerability databases, such as CVE Details. Use the vulnerability database to verify that the reported vulnerability affects the platform, service, and versions that the assessed system is running. If the vulnerability does affect the system according to the database, then the reported vulnerability has been validated. 6 Resolving Problems While students are not permitted to use tools that are designed to crash systems, it is possible for exploitation of vulnerabilities to crash target VMs. If a target VM is not responding for more than 5 minutes, notify the instructor about the problem. 7 Report The report will need to be at least 5 pages single spaced using a 12-point font. The report must be divided into six sections: the summary, procedure, one section for each assessed system, conclusion, and references. Sections must be identified by a heading in boldface in the same manner that sections in this document are formatted. References should include the references mentioned in this document that were used, along with any additional references found via the Sites page on the class web site or through other sources. The report must begin with a summary of findings of the security assessment. For each system, describe its operating systems and services, speculate on what purposes it may serve in an organization, and describe how vulnerable it is to attack. The level of vulnerability depends not only on the number of vulnerabilities found, but also on the number of validated vulnerabilities and on the severity of each the vulnerabilities found. The summary must include a table of the following form, summarizing the findings at a high level: IP Address MAC Address Operating System Number of Vulnerabilities 10.2.3.220 10.2.3.221 4

The procedure section of the report describes the precise procedure followed based on the Procedure above. Do not include setup of OpenVAS or Metasploit, but do include the setup of any additional tools used. Describe the order of steps and include the full command lines used with all arguments, except for Metasploit. Details of Metasploit commands will be included in the following sections. Each of the following sections will describe one of the systems assessed. These sections must have names of the form Assessment of IPADDRESS, where IPADDRESS is replaced by the IP address of the system whose assessment is described in that section. Each section should include an overall assessment of the security of the system, which will expand on the summary above. Following the summary, include a graph from CVE details showing vulnerabilities in the operating system type and version. Then create a table of the open ports, describing the services running on them, including their versions and vulnerabilities (if any). This table should summarize the results found via port scanning, vulnerability scanning, and vulnerability validation. Port Number Service Version Reported Vulnerabilities 21/tcp ftp vsftp 1.3.2 CVE-2006-1418, BID-1215 22/tcp ssh openssh 3.9 CVE-2005-2798, CVE-2006-5051, BID-1397 53/udp dns bind 4.1..................... Validated Vulnerabilities CVE-2006-1418 None Organize each section by service name, or port number if you were unable to identify the service running on the port. Under the service list the vulnerability details, including an identifier for the vulnerability, a one-line description, a detailed description, the results of validation, and how it was validated, in the format shown below. The best vulnerability identifier is a CVE number, but not all vulnerabilities will have those, and so another type of identifier, such as a BID or NVT number should be used. 5

CVE-2008-1414: One-line description Detailed Description: Paragraph long description Validation: msf> search DCE msf> use auxiliary/scanner/smb/smb_enumusers_domain msf auxiliary(smb_enumusers_domain) > show options msf auxiliary(smb_enumusers_domain) > set RHOSTS 10.2.3.220 msf auxiliary(smb_enumusers_domain) > exploit Results of validation: UUID 6bffd098-a112-3610-9833-46c3f87e345a 1.0 ERROR 0xc0000022 [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed For vulnerabilities with no exploits in Metasploit, the validation section would indicate whether validation was successful or not, along with links to specific vulnerability reports and/or exploits that show that this particular service at the specified version was or was not vulnerable. For example: Verified that vulnerability affects this service and version at http: //www.osvdb.org/83771 and http://www.exploit-db.com/exploits/ 19525. The penultimate section should summarize the findings of the assessment, repeating the information from the first section, and provide a short description of how to mitigate the discovered vulnerabilities through patching, upgrades, service changes (i.e., use ssh instead of telnet), or deployment of security devices like firewalls. Be specific about mitigations: include the version or service pack name to upgrade to, which vulnerabilities it would fix, specify which ports to block on a firewall to fix specified vulnerabilities, etc. The final section should list references used. 6

8 Submission The report must be turned in as a printed report at the beginning of the last class period, and it must also be sent as an attachment in Open Document Format (ODF) format named cit380-project-report.odt in an e-mail to the instructor with the following subject CIT 380 Project Report. The e-mail report is due at the same time as the printed report. The printed report must be turned in on the last day of class, April 30. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information