Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

Similar documents

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Linux Network Security

Chapter 6 Phase 2: Scanning

CIT 380: Securing Computer Systems

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Network and Services Discovery

NETWORK SECURITY WITH OPENSOURCE FIREWALL

Firewalls Netasq. Security Management by NETASQ

Looking for Trouble: ICMP and IP Statistics to Watch

Remote Network Analysis

Network layer: Overview. Network layer functions IP Routing and forwarding

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Firewalls and Intrusion Detection

NETWORK LAYER/INTERNET PROTOCOLS

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

IP addressing and forwarding Network layer

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

ACHILLES CERTIFICATION. SIS Module SLS 1508

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

Passive Vulnerability Detection

Unverified Fields - A Problem with Firewalls & Firewall Technology Today

Security Technology White Paper

An Analysis of Security Mechanisms in the OSI Model

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

Network Security CS 192

04 Internet Protocol (IP)

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

Technical Support Information Belkin internal use only

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Troubleshooting Tools

Computer forensics

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

Attacks and Defense. Phase 1: Reconnaissance

Subnetting,Supernetting, VLSM & CIDR

IP Network Scanning & Reconnaissance

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

Host Fingerprinting and Firewalking With hping

Chapter 8 Security Pt 2

Divide and Conquer Real World Distributed Port Scanning

Frequent Denial of Service Attacks

Learn Ethical Hacking, Become a Pentester

CSCE 465 Computer & Network Security

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Network-based vulnerability assessment. Pier Luigi Rotondo IT Specialist IBM Tivoli Rome Laboratory

Assessing Network Security

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

Host Discovery with nmap

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Network Forensics: Detection and Analysis of Stealth Port Scanning Attack

Demystifying Penetration Testing

- Basic Router Security -

Introduction of Intrusion Detection Systems

Installing and Configuring Nessus by Nitesh Dhanjani

Lecture 5: Network Attacks I. Course Admin

Lecture Computer Networks

1! Network forensics

Introduction To Computer Networking

8.2 The Internet Protocol

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

What is a DoS attack?

Cyber Security Scan Report

Remote Network Analysis

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Appendix D Firewall Log Formats

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Implementing Secure Converged Wide Area Networks (ISCW)

Network Security: A Practical Approach. Jan L. Harrington

Application Note. Onsight TeamLink And Firewall Detect v6.3

Chapter 9 Firewalls and Intrusion Prevention Systems

Security: Attack and Defense

IPV6 FRAGMENTATION. The Case For Deprecation. Ron Bonica NANOG58

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Network Mapper and Vulnerability Scanning

IP Filter/Firewall Setup

Denial of Service. Tom Chen SMU

Analysis and Evaluation of Network-Based Intrusion Detection and Prevention System in an Enterprise Network Using Snort Freeware

An Introduction to Network Vulnerability Testing

Attack and Defense Techniques

Network Intrusion Detection Systems. Beyond packet filtering

Course Title: Penetration Testing: Security Analysis

The Nexpose Expert System

Blended Security Assessments

Network Security. Network Scanning

Stateful Firewalls. Hank and Foo

Transcription:

Network Scanning What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Where will our research go? Page : 1

Function - attacker view What hosts are alive? What services are running on those hosts? How those hosts are organised? What are the operating systems used on those hosts? What is the role of each host? Page : 2

Function -- admin view performing an assessment of risks on computer system look for potential problems with computer system Scan known vulnerabilities. Check system configuration Find malicious programs. Page : 3

Page : 4 Architecture

Types Local scanners can plow through the. contents of files looking for configuration problems to help the administrators and prompt to install the latest security fixes. Remote scanners examine the network and distributed computing vulnerabilities in your system by sending network packets Page : 5

ICMP ICMP ECHO/Sweep/Broadcast ICMP Timestamp Request ICMP Address Mask Request -- Authoritative agent ICMP Parameter Problem error -- bad IP header field ICMP Destination Unreachable -- bad IP header value ICMP Fragment Re-assembly Time Exceeded ICMP Fragmentation Needed --- bigger MTU Inverse Mapping using ICMP Reply -- network structure Page : 6

Port Scanning TCP Connection TCP SYN scan --- half open scanning Proxy Scanning/FTP Bounce Scanning Reverse-ident scanning -- owner of process Page : 7

OS Scanning Banner Grabbing TCP/IP stack Fingerprint Wrong codes in ICMP datagram ICMP error Message Quenching ICMP message Quoting ICMP Error Message Echoing Integrity TOS Field in ICMP Port unreachable Message TCP SYN/FIN/ACK/PSH/DF TCP options Page : 8

Stealth Technology Page : 9 SYN/ACK, FIN, XMAS, or NULL scan Random Scanning Slow Scanning Fragmentation Scanning Decoy -- forged attackers Co-ordinated Scanning

Page : 10 Insertion & Evasion Bad Header Fields--- e.g. bad checksum or smaller TTL IP options -- e.g, timestamp or source route MAC Address -- attacker and IDS in a LAN IP Fragmentation Basic Re-assembly problem -- inconsistent Overlapping Fragments -- smallest fragment or inconsistent Effect of End-system Fragmentation Bugs IP Options in Fragment Streams -- inconsistent implementation

Page : 11 Example: MAC Address

Products Page : 12 SATAN/SAINT --- Source code free NMAP --- source code free Firewalk --- Traceroute alike Cisco Secure Scanner --- Trial available ISS System Scanner --- Trial available WebTrends Security Analyzer IBM Network Security Auditor AntiSniff NTO Scanner

Page : 13 Products (cont.) COPS: Computer Oracle Password System Advance Administrator Tool Atelier Web Port Scanner Retina Network Security Scanner Distribute Sniffer Scanner CyberCops NetRecon Dragon Sensor by-control for Internet Security NFR

SATAN/SAINT Security Analysis Tool for Auditing Networks 1st scanner. Security Administrator's Integrated Network Tool is an updated and enhanced version of SATAN. WebSaint Page : 14

Cisco Secure Scanner Network Mapping Data collection Data analysis Vulnerability confirmation Data presentation Reporting Page : 15

host-based Page : 16 ISS System Scanner a System Scanner agent receives scan commands from the management console. Agent scans the local system for configuration weaknesses and detects compromised system. Agent assesses file permissions, network service configurations, account setup, security patches, vulnerable programs, and common user-related security weaknesses such as passwords.

Retina Network Scanner a network vulnerability scanner Retina uses AI (Artificial Intelligence) to think like a hacker. Retina searches for both known and unknown vulnerabilities.? Page : 17

Distributed Sniffer System standards-based monitoring + Expert analysis. Page : 18

NetRecon Detect and rank weakness Discover and report vulnerabilities Path analysis Page : 19

Hot Topics How to generate packets to confuse IDS? How to generate packets to bypass Firewall? How to co-ordinate distributed scanners? How to develop Expert scanners? How to monitor remotely? How to upgrade scanners easily? How to find unknown vulnerabilities? Page : 20