Northwestern University MSIT 458 Information Security

Similar documents
Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

Network Security. Network Scanning

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

CIT 380: Securing Computer Systems

Penetration Testing. What Is a Penetration Testing?

Nmap Cookbook The fat-free guide to network scanning

Nmap: Scanning the Internet

SECURITY. Risk & Compliance Services

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

NETWORK SECURITY WITH OPENSOURCE FIREWALL

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Information Security Services

Chapter 1 The Principles of Auditing 1

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

How To Hack A Nmap Port Scan With A 10 Second Delay On A Network With A Network On A Windows Server (For A Freebie) On A Linux Computer (For Freebie). For A Free Download) On An Ipnet (For

SCP - Strategic Infrastructure Security

The Value of Vulnerability Management*

CISO's Guide to. Penetration Testing. James. S. Tiller. A Framework to Plan, Manage, and Maximize Benefits. CRC Press. Taylor & Francis Group

Introduction to Network Security Lab 2 - NMap

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Information Security Office

Network Security Audit. Vulnerability Assessment (VA)

Penetration Testing 2014

INFORMATION SECURITY TRAINING CATALOG (2015)

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

Practical Guidance for Auditing IT General Controls. September 2, 2009

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus.

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Firewalls. Pehr Söderman KTH-CSC

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Network Security CS 192

Learn Ethical Hacking, Become a Pentester

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Strategies to Protect Against Distributed Denial of Service (DD

Network and Services Discovery


Host Fingerprinting and Firewalking With hping

Running a Default Vulnerability Scan SAINTcorporation.com

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

Vulnerability Assessment and Penetration Testing

Certified Ethical Hacker (CEH)

Introduction. Nmap from an Ethical Hacker's View Part 1. By Kirby Tucker

Cybersecurity and internal audit. August 15, 2014

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

Using Nessus In Web Application Vulnerability Assessments

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. ID: My Blog:

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

Installing and Configuring Nessus by Nitesh Dhanjani

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

Presented by Evan Sylvester, CISSP

Penetration Testing Report Client: Business Solutions June 15 th 2015

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Footprinting and Reconnaissance Tools

Cybersecurity The role of Internal Audit

CYBERTRON NETWORK SOLUTIONS

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Unix System Administration

Penetration Testing SIP Services

June 2014 WMLUG Meeting Kali Linux

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

STATE OF NEW JERSEY IT CIRCULAR

Malicious Network Traffic Analysis

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Client logo placeholder XXX REPORT. Page 1 of 37

Running head: USING NESSUS AND NMAP TOOLS 1

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

Lecture 5: Network Attacks I. Course Admin

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Keywords Vulnerability Scanner, Vulnerability assessment, computer security, host security, network security, detecting security flaws, port scanning.

Host Discovery with nmap

A Decision Maker s Guide to Securing an IT Infrastructure

Hacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Enterprise Computing Solutions

Security of IPv6 and DNSSEC for penetration testers

Attack and Defense Techniques

Intelligence Gathering. n00bpentesting.com

Nessus Agents. October 2015

TRIPWIRE NERC SOLUTION SUITE

Service Definition (Q-D1) Penetration Testing. Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition

IDS and Penetration Testing Lab ISA656 (Attacker)

Transcription:

Northwestern University MSIT 458 Information Security Security Policy & Ethical Hacking Brandon Hoffman KPMG, LLP

Topics for Discussion IT Security in the Business Risk, Audit Support, Compliance Policies, Standards, and Procedures IT Security s Role in Creation and Enforcement Typical IT Security Technical Work Ethical Hacking/Penetration Testing Backtrack 4 Common Methods and Sample Outputs

Technology Enablement Strategy High Availability Evolving Threats Culture / Awareness M&A The CISO Agenda Business Metrics / Benchmarking Business Continuity Privacy / Security Breach Brand Protection & Enhancement Alignment with Business Goals / Objectives Disaster Recovery CISO Identity Management Mobile Computing Managing 3rd Party Risk (Outsourcers) Executive / Board Reporting Linkage to Enterprise Risk Mgmt Compliance / Internal Audit Regulatory Compliance Staffing Support Vulnerability / Patch Management Core Functions

Risk IT Security performs a critical role in assessing risk in the organization. Vulnerability Scanning Penetration Testing Industry Trends IT Strategy Familiarity with Audit and Compliance measures

Audit Support In many cases, IT Security is heavily relied upon to perform in depth testing required by an audit organization. Security is enlisted by audit because: Technical expertise Familiarity with current issues from internal testing Familiarity with Policies, Standards, and Procedures

Compliance Compliance may relate to internal compliance or external compliance. Internal compliance: Policies and Standards Security and Configuration baselines Framework use ISO, COBIT, ITIL, GAISP, NIST Best Practices

Compliance cont d External compliance: SOX (Sarbanes Oxley) COSO Framework HIPAA PCI Safe Harbor

ISO Leading Practices Source: www.rsa.com

Compliance in Action Source: www.rsa.com

Internal Policy IT Security is regularly tasked with creation and enforcement of IT policies, standards, and procedures. Creation and enforcement of these documents require: Understanding of audit roles and procedures Familiarity with all systems, networks, and applications Compliance considerations

Internal Policy cont d Definitions: A Policy is a set of directional statements and requirements aiming to protect corporate values, assets and intelligence. Policies serve as the foundation for related standards, procedures and guidelines. A Standard is a set of practices and benchmarks employed to comply with the requirements set forth in policies. A standard should always be a derivation of a policy, as it is the second step in the process of a company s policy propagation. A Procedure is a set of step-by-step instructions for implementing policy requirements and executing standard practices.

Internal Policy cont d

Internal Policy cont d Policy creation and enforcement cycle

Policy Business Case A top 5 global food retailer has a massive IT/IS infrastructure and good governance.but no real policies! Policies are the foundation for enforcing IT compliance and governance. What policies were written for the client

Policy Business Case cont d Policies written for IT Security: Acceptable Use Policy Information Classification & Ownership Policy Risk Assessment & Mitigation Policy Access Control Policy Network Configuration and Communication Policy Remote Access Policy Business Continuity Policy Incident Response Policy Third Party Data Sharing Policy System Implementation & Maintenance Secure Application Development Cryptography & Key Management Mobile Computing Physical & Environmental Security

Policy Business Case cont d Sample Policies

Ethical Hacking Ethical hacking is a very common profession within the IT security industry. White hat, Grey hat, Black hat Sometimes synonymous with penetration testing A method of assessing the security posture of a system or network by simulating an attack

Ethical Hacking Why perform an ethical hack? Determine flaws and vulnerabilities Provide a quantitative metric for evaluating systems and networks Measure against pre-established baselines Determine risk to the organization Design mitigating controls

Ethical Hacking

Ethical Hacking Administrative items: Authorization letter Get out of jail free card Risk report Likelihood of risk Mitigation plans Trends (performed with recurring clients)

Backtrack Backtrack is a Linux based hacking toolkit provided by the people at www.remoteexploit.com It includes a massive amount of hacking tools all for free Compile tools yourself? Maybe check this out instead.

Backtrack Tool categories in BT4: Digital Forensics Information Gathering Access Maintenance Network Mapping Penetration Privilege Escalation Radio Network Analysis (Wireless) Reverse Engineering VOIP Vulnerability Identification Web Applications Miscellaneous

Backtrack Demo Backtrack

Backtrack Ways to use backtrack Live CD: The most popular method No state save Highly portable USB Drive/Stick Highly portable (more so than CD) Can make stateful Prone to loss Full HD install Using your machine as a hacktop Dual boot Virtual Machine Networking gets tricky Resource availability

Wanna Break In? The first step in any ethical hack is to obtain information in the most stealth fashion. USE NMAP!!

NMAP Powerful free linux tool www.insecure.org Syntax: nmap [ <Scan Type>...] [ <Options> ] { <target specification> } TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc. Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 -il <inputfilename>: Input from list of hosts/networks -ir <num hosts>: Choose random targets --exclude <host1[,host2][,host3],...>: Exclude hosts/networks --excludefile <exclude_file>: Exclude list from file

NMAP cont d HOST DISCOVERY: -sl: List Scan - simply list targets to scan -sp: Ping Scan - go no further than determining if host is online -PN: Treat all hosts as online -- skip host discovery -PS/PA/PU[portlist]: TCP SYN/ACK or UDP discovery to given ports -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes -PO[protocol list]: IP Protocol Ping -n/-r: Never do DNS resolution/always resolve [default: sometimes] --dns-servers <serv1[,serv2],...>: Specify custom DNS servers --system-dns: Use OS's DNS resolver --traceroute: Trace hop path to each host SCAN TECHNIQUES: -ss/st/sa/sw/sm: TCP SYN/Connect()/ACK/Window/Maimon scans -su: UDP Scan -sn/sf/sx: TCP Null, FIN, and Xmas scans --scanflags <flags>: Customize TCP scan flags -si <zombie host[:probeport]>: Idle scan -so: IP protocol scan -b <FTP relay host>: FTP bounce scan

NMAP cont d PORT SPECIFICATION AND SCAN ORDER: -p <port ranges>: Only scan specified ports Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080 -F: Fast mode - Scan fewer ports than the default scan -r: Scan ports consecutively - don't randomize --top-ports <number>: Scan <number> most common ports --port-ratio <ratio>: Scan ports more common than <ratio> SERVICE/VERSION DETECTION: -sv: Probe open ports to determine service/version info --version-intensity <level>: Set from 0 (light) to 9 (try all probes) --version-light: Limit to most likely probes (intensity 2) --version-all: Try every single probe (intensity 9) --version-trace: Show detailed version scan activity (for debugging)

NMAP cont d OS DETECTION: -O: Enable OS detection --osscan-limit: Limit OS detection to promising targets --osscan-guess: Guess OS more aggressively TIMING AND PERFORMANCE: Options which take <time> are in milliseconds, unless you append 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m). -T<0-5>: Set timing template (higher is faster) --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes --min-parallelism/max-parallelism <time>: Probe parallelization --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time. --max-retries <tries>: Caps number of port scan probe retransmissions. --host-timeout <time>: Give up on target after this long --scan-delay/--max-scan-delay <time>: Adjust delay between probes --min-rate <number>: Send packets no slower than <number> per second --max-rate <number>: Send packets no faster than <number> per second

NMAP cont d FIREWALL/IDS EVASION AND SPOOFING: -f; --mtu <val>: fragment packets (optionally w/given MTU) -D <decoy1,decoy2[,me],...>: Cloak a scan with decoys -S <IP_Address>: Spoof source address -e <iface>: Use specified interface -g/--source-port <portnum>: Use given port number --data-length <num>: Append random data to sent packets --ip-options <options>: Send packets with specified ip options --ttl <val>: Set IP time-to-live field --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address --badsum: Send packets with a bogus TCP/UDP checksum

NMAP cont d OUTPUT: -on/-ox/-os/-og <file>: Output scan in normal, XML, s <ript kiddi3, and Grepable format, respectively, to the given filename. -oa <basename>: Output in the three major formats at once -v: Increase verbosity level (use twice or more for greater effect) -d[level]: Set or increase debugging level (Up to 9 is meaningful) --reason: Display the reason a port is in a particular state --open: Only show open (or possibly open) ports --packet-trace: Show all packets sent and received --iflist: Print host interfaces and routes (for debugging) --log-errors: Log errors/warnings to the normal-format output file --append-output: Append to rather than clobber specified output files --resume <filename>: Resume an aborted scan --stylesheet <path/url>: XSL stylesheet to transform XML output to HTML --webxml: Reference stylesheet from Nmap.Org for more portable XML --no-stylesheet: Prevent associating of XSL stylesheet w/xml output

Analyze your results: NMAP cont d

Vulnerabilities Find any hosts worthwhile? Your nest step should be scanning for exploitable vulnerabilities. USE NESSUS!!! Copyright 2002-2009 Tenable Network Security(R). All Rights Reserved.

Nessus Nessus scans based on an exhaustive list of vulnerabilities for all platforms of computing. Custom scripts are written by Nessus and their team to check for a vulnerable software component.

How Do We Exploit? Now that you have found a useful exploit, what do we use? USE METASPLOIT!!! Copyright 2003-2009 Metasploit LLC Metasploit is a registered trademark Contact us at msfdev[at]metasploit.com

MetaSploit Metasploit was created in 2003 as a portable network game using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition it is a powerful tool for third party security researchers to investigate potential vulnerabilities.

MetaSploit cont d Remember the machine with vulns?? Let s use the metasploit framework.

MetaSploit cont d What else can we do now that were in???

We can add shares as root!! MetaSploit cont d

Ethical Hacking cont d Administrative items: Authorization letter Get out of jail free card Risk report Likelihood of risk Mitigation plans Trends (performed with recurring clients)

Ethical Hacking cont d Quantitative Heat Map Guide Horizontal Axis = Impact if risk were realized Vertical Axis = Likelihood of risk being realized Size of Bubble = Relative total instances of that issue = Low Risk = Moderate Risk = High Risk = Critical Risk Almost Certain B Likelihood of Occurrence Likely Moderate Unlikely O N J K M L F D I C E H G A Q P Rare R Low Moderate to Low Moderate Moderate to High High Magnitude of Impact

Q & A ANY QUESTIONS?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information