Self Service Penetration Testing



Similar documents
Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

NETWORK PENETRATION TESTING

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Vulnerability analysis

3 Days Course on Linux Firewall & Security Administration

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Nessus scanning on Windows Domain

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

An Introduction to Network Vulnerability Testing

Five Steps to Improve Internal Network Security. Chattanooga Information security Professionals

1. Installation Overview

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

IDS and Penetration Testing Lab ISA656 (Attacker)

WHITEPAPER. Nessus Exploit Integration

AN OVERVIEW OF VULNERABILITY SCANNERS

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

MedInformatix System Requirements

Ethical Hacking Course Layout

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Footprinting and Reconnaissance Tools

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Installation Overview

Five Steps to Improve Internal Network Security. Chattanooga ISSA

WHITE PAPER. An Introduction to Network- Vulnerability Testing

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.

Payment Card Industry (PCI) Data Security Standard

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Metasploit Pro Getting Started Guide

Installing and Configuring Nessus by Nitesh Dhanjani

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

Cybernetic Proving Ground

CRYPTUS DIPLOMA IN IT SECURITY

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Security Mgt. Tools and Subsystems

QuickStart Guide for Managing Computers. Version 9.2

A New Era. A New Edge. Phishing within your company

PCI Security Scan Procedures. Version 1.0 December 2004

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.

IDS and Penetration Testing Lab II

GestióIP IPAM v3.0 IP address management software Installation Guide v0.1

Security of IPv6 and DNSSEC for penetration testers

The Nexpose Expert System

Penetration Testing LAB Setup Guide

Nessus Agents. October 2015

Vulnerability Assessment Using Nessus

Using Nessus In Web Application Vulnerability Assessments

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Patch and Vulnerability Management Program

INFORMATION SECURITY TRAINING CATALOG (2015)

8 Steps for Network Security Protection

Where can I install GFI EventsManager on my network?

8 Steps For Network Security Protection

Linux Operating System Security

FREQUENTLY ASKED QUESTIONS

Security Event Management. February 7, 2007 (Revision 5)

Internal Penetration Test

A Decision Maker s Guide to Securing an IT Infrastructure

Penetration Testing Scope Factors

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Security Best Practice

Uptime Infrastructure Monitor. Installation Guide

Where can I install GFI EventsManager on my network?

May 11, (Revision 10)

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Running a Default Vulnerability Scan

Open Source Security Tools

Blended Security Assessments

Introduction to Nessus by Harry Anderson last updated October 28, 2003

CYBERTRON NETWORK SOLUTIONS

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

!!!!!!!!!!!!!!!!!!!!!!

Learn Ethical Hacking, Become a Pentester

CRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder,

Evaluation of Penetration Testing Software. Research

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

1. Product Information

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

System Security Policy Management: Advanced Audit Tasks

Online Backup Client User Manual Linux

112 Linton House Union Street London SE1 0LH T: F:

Goals. Understanding security testing

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Operating System Installation Guidelines

PCI-DSS Penetration Testing

Linux VPS with cpanel. Getting Started Guide

Hervey Allen. Network Startup Resource Center. PacNOG 6: Nadi, Fiji. Security Overview

Experiences from Educating Practitioners in Vulnerability Analysis

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Distributed Systems Security

Transcription:

Self Service Penetration Testing Matthew Cook http://escarpment.net/ Introduction Matthew Cook Senior IT Security Specialist Loughborough University Computing Services http://escarpment.net/ Self Service Penetration Testing The Loughborough University Context Penetration Testing Available Tools Methodology Trial System Conclusions

The Loughborough University Context Had no formal IT Security Staff until Autumn 2003 Most services provided centrally Some local services provided on various platforms Default open policy with: wc -l firewall_rules 1061 firewall_rules Limited NIDS implementation The Loughborough University Context Providing secure installation documentation Providing best-practice guides Providing Operating system cook-books Most commonly asked question: Can you check if my machine is secure? Penetration Testing A method of evaluating the external security of a machine. Services are evaluated to identify weakness, flaws, vulnerabilities and the absence of patches. Checks are usually preformed without a local account from a network connected machine. More often called Security Assessment

Penetration Testing External LAN Penetration Testing: Complete external viewpoint Evaluates the security of the entire site Supposed to act like a hacker, social engineering? Black or white-box testing Does not expose the problems of internal machine compromises Penetration Testing Internal LAN Penetration Testing: Often taken as a white-box approach Identifying the security of hosts No protection from the firewall Identify Wireless points? NetDisco with MAC Address lists War Driving Available Tools Nessus: Open Source Nmap Port Scanner 2165 Current plug-ins Updates on a close to daily basis Modular and easily configured Huge number of clients and command line driven

Available Tools Retina: Payware Licenses Nmap port scanner Regular updates Scheduling Excellent reporting options Available Tools ISS System Scanner Payware Regular updates System baseline creation Good reporting options Scriptable using TCL Available Tools CANVAS: Payware >50 Exploits Multiple OS s Actual penetration testing No false positives Limited use

Available Tools GFiLANguard: Payware Regular updates Focuses heavily on Windows platform User, Groups, Share security Patch checking Available Tools CORE Impact: Payware Updates to vulnerabilities and exploits Tries to exploit vulnerabilities Actual penetration testing Excellent report generation Methodology To provide an answer to the question: Can you check if my machine is secure? Staff Time Diversion from critical work Constantly fire fighting Not the best use of resources

Methodology Decided to use Nessus for its scripting ability and native Linux/Unix based client. Decided to have a web based front end to enable users to provide machine details. Users can only scan the machine they initiate the connection from. Request a username/password from AD Methodology Results from Nessus will be emailed to the user. A guide to interpreting the results will be produced. Modify the.desc files to provide more information. Update Nessus plug-ins via cron on a daily basis. Use more advanced tools across the network and on specific hosts. Trial System Hardware: DELL 2650 Dual 3Ghz Processors 2Gb Ram Approx 300Gb RAID 5 array A tad overkill, but future proof

Trial System Fedora Core 2 (Tettnang) Kernel 2.6.6 Updates via yum exclude=kernel* in /etc/yum.conf Apache 2.0.49 Exim 4.34 Trial System Authentication: Mod_IMAP or Mod_auth for Apache PAM Kerberos link to Active Directory REMOTE_ADDR checked Loughborough Netblock Not a web cache Only address a scan can be preformed against! Trial System Collected Details: Username Email address Machines IP address Possibility of building a database of requests and machine data?

Trial System Web based CGI creates a shell script and embeds the IP address from the headers and the email address collected from the form. Script saved into /pentest/requests directory. Cron moves contents into /pentest/active directory, sets permissions and executes a queue runner. Queue runner executes the scripts. Trial System Scripts are named after the IP address of the machine that is to be scanned. Scripts contain five components: Log intended actions Pipe IP address to /pentest/active/<ip>.txt Execute the command line Nessus Mail the results from /pentest/results/<ip>.txt Delete the script Trial System Defaults are set on a Nessus server which is running on a port bound to loopback. /usr/local/bin/nessus -q 127.0.0.1 1241 <user> <password> /pentest/active/<ip>.txt /pentest/results/<ip>.txt

Worked really well Conclusions Entirely script based (I m not a programmer!) Requests for more human friendly results. Parse results in Perl Improve.desc files and feedback Expand tool set including DoS attacks and actual machine penetration attacks. Conclusions Is it really Penetration Testing? Well no, not at the moment, but with all buzzwords it takes time to correct people? Hacker/Cracker? Does it work, is it useful? I stopped getting asked to check machines. Users can proactively check their machines. Futures? Improved results Conclusions Database of machines with periodic checking Automatic checks from Network based Tripwire Machine details provided for administrators; IP Address, MAC Address, DNS Name, WINS workstation, username, workgroup, dhcp details and last active network device/port.

Conclusions Giving the users the tools Nessus Accounts for IT Support Staff CD Based Linux Distros Knoppix STD Professional Hacker s Linux Assault Kit Actual exploits Metasploit Project Conclusions Should the project should be re-titled: Machine vulnerability testing? Actual Penetration Testing will be performed by IT Security staff. Education of users is paramount! Questions http://escarpment.net/

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information