Running head: USING NESSUS AND NMAP TOOLS 1



Similar documents
60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Installing and Configuring Nessus by Nitesh Dhanjani

Vulnerability analysis

1 Scope of Assessment

Introduction to Network Security Lab 2 - NMap

Web Application Vulnerability Testing with Nessus

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Nessus Agents. October 2015

Patch Management Integration

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

IDS and Penetration Testing Lab ISA656 (Attacker)

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

CRYPTUS DIPLOMA IN IT SECURITY

Cisco IPS Tuning Overview

Nipper Studio Beginner s Guide

IDS and Penetration Testing Lab II

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Running a Default Vulnerability Scan SAINTcorporation.com

NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy

Course Title: Penetration Testing: Security Analysis

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Penetration Testing Workshop

Footprinting and Reconnaissance Tools

Remote Desktop Administration

Patch and Vulnerability Management Program

Client logo placeholder XXX REPORT. Page 1 of 37

SETTING UP AND USING A CYBER SECURITY LAB FOR EDUCATION PURPOSES *

Using Nessus In Web Application Vulnerability Assessments

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Introduction to Nessus by Harry Anderson last updated October 28, 2003

Learn Ethical Hacking, Become a Pentester

NETWORK PENETRATION TESTING

Lab 2: Secure Network Administration Principles - Log Analysis

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

Running a Default Vulnerability Scan

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

CYBERTRON NETWORK SOLUTIONS

encription IT Security and Forensic Services

How To Test A Control System With A Network Security Tool Like Nesus

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

EC-Council Certified Security Analyst (ECSA)

Directory and File Transfer Services. Chapter 7

1.0 Introduction. 2.0 Data Gathering

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Information Security Office

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

Virtual Learning Tools in Cyber Security Education

Security Considerations White Paper for Cisco Smart Storage 1

Firewalls and Software Updates

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Vulnerability Assessment and Penetration Testing

Implementation & Management of Systems Security. Amavax Project. Ethical Hacking Challenge. Group Project By

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

Hackers are here. Where are you?

Keywords Vulnerability Scanner, Vulnerability assessment, computer security, host security, network security, detecting security flaws, port scanning.

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

Newsletter - September T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

Vulnerability Assessment. A. Open Vulnerability Assessment (OpenVAS)

Shellshock Security Patch for X86

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

PCI Security Scan Procedures. Version 1.0 December 2004

CLEARPASS ONGUARD CONFIGURATION GUIDE

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

Best Practices. Understanding BeyondTrust Patch Management

Penetration Testing Getting the Most out of Your Assessment. Chris Wilkinson Crowe Horwath LLP September 22, 2010

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Deploy Remote Desktop Gateway on the AWS Cloud

Penetration Testing - a way for improving our cyber security

AN OVERVIEW OF VULNERABILITY SCANNERS

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

Metrics Suite for Enterprise-Level Attack Graph Analysis

Network Detective. Network Detective Inspector RapidFire Tools, Inc. All rights reserved Ver 3D

Certification Programs

IPSEC for Windows Packet Filtering

Network Detective. Security Assessment Module Using the New Network Detective User Interface Quick Start Guide

Tenable for CyberArk

Medical Device Security Health Group Digital Output

Lotus Domino Security

Transcription:

Running head: USING NESSUS AND NMAP TOOLS 1 Nessus and Nmap Overview - Scanning Networks Research Paper On Nessus and Nmap Mike Pergande Ethical Hacking North Iowa Area Community College

Running head: USING NESSUS AND NMAP TOOLS 2 Nessus and Nmap Overview - Scanning Networks Network administrators may be asked or required to check for vulnerabilities in the company network and then take steps to better secure the network. Administrators want to check for open ports and other security vulnerabilities on the network. What scanning tools are available for the network administrator to use that will provide this valuable information? Attackers have a goal of finding vulnerabilities in company networks and then exploiting those vulnerabilities. Attackers want to check for open ports and other security vulnerabilities on the network. What scanning tools are available for the network attackers to use that will provide this valuable information? Two popular tools available to scan networks for vulnerabilities are Nessus and Nmap. Both the network administrator and the attacker use Nessus and Nmap scanning tools to find network vulnerabilities. Let s take a look at these vulnerability scanning tools starting with Nmap. Nmap is a free and open source utility program and is used for network exploration. Nmap can determine a multitude of characteristics about a network. Just a few examples are what hosts are available on the network including what applications are running on the hosts, what operating systems are being used, and what firewalls are being used. ( Introduction, Nmap, n.d.) A lab environment was setup on its own isolated network and Nmap was run on this network to capture vulnerabilities on the network. Nmap scan results are displayed below.

Running head: USING NESSUS AND NMAP TOOLS 3 Nmap can be run using a command line interface as well as a Graphical User Interface (GUI) called Zenmap. Figure 1.1 shows Nmap running as the Zenmap GUI with the network hosts to be scanned outlined in the Target field with a Profile set to Intense Scan. Once you click Figure 1.1 Initial Screen on the Scan button, the scan commences and reveals scan results under the Nmap Output tab pane window. Figure 1.2 shows an example of some scan results when Nmap first begins scanning, including ports, the state of the port, and the service running on the port. The information tells you if a host within your network scan range is down or up and what type of scan is running.

Running head: USING NESSUS AND NMAP TOOLS 4 Figure 1.2 Nmap Output Results Pane Nmap also lays out a topology of the network being scanned. An example of the lab network topology can be seen in Figure 1.3. Depending on the number of devices or hosts on the network, this topology can provide essential device and host locations on the network based on how many hops from the local host to the other devices.

Running head: USING NESSUS AND NMAP TOOLS 5 Figure 1.3 Network Topology Nmap also allows you to save your scan results to a text document. Figure 1.4 shows scan results for host 192.168.1.3 on the lab network. The report shows several open ports on the Figure 1.4 Nmap Scan Report

Running head: USING NESSUS AND NMAP TOOLS 6 host. From the network administrator s point of view, these open ports could then be evaluated to see if the service running on these ports is needed for the network. If the service is not needed, the port can be closed, therefore hardening the system. From the attacker s point of view, the open ports are an opportunity to get into the network. For example, one scan result in this lab shows TCP port 1029 open. Kevin Liston, a handler on duty at the Internet Storm Center for the SANS Institute, published port details for port 1029 revealing that the port was targeted for an ICQ Nuke 98 trojan attack 1,100 times on April 13, 2011. (Liston, 2011) Besides port status on network devices, Nmap reveals MAC addresses, Operating Systems (OS), OS versions, how long the device has been up and running, and host RSA security keys, just to name a few. Nmap is a powerful tool and provides a wealth of information about a network and the devices attached to the network. This information can be used for good or evil. Good - for penetration tests by network administrators wanting to increase security of the network, and evil - for attackers attempting to exploit vulnerabilities on a company network. The other vulnerability scanning tool mentioned earlier is called Nessus. This tool is a product of Tenable Network Security and it is available in a free HomeFeed version and a commercial ProfessionalFeed version. The lab environment mentioned previously was scanned using Nessus HomeFeed version. (Tenable, n.d.) Before running a Nessus scan, you need to create a policy to tell Nessus what you want to scan for. Figure 1.5 shows an example of a Nessus Scan Policy window. The policy contains the plugins you wish to scan, ports/protocols, and other preferences for your scan. You then give

Running head: USING NESSUS AND NMAP TOOLS 7 Figure 1.5 Adding a Policy your scan a name, select the policy you created, and enter the network target devices for the scan. The next step is to start the scan by clicking Launch Scan. When the scan is complete you can save the full scan report in html. A report on each device scanned is listed which includes the Scan Time, Number of vulnerabilities, and Remote host information. Some of the results for the scan on the lab environment are detailed below. Four machines were scanned in this lab environment. One machine showed several vulnerabilities. Vulnerabilities listed in this scan include open ports and risk categories of the vulnerabilities. The categories are High, Medium, and Low. As seen in Figure 1.6, the machine with address of 192.168.1.2 showed 12 open ports, 2 high risk vulnerabilities, 4 medium risk vulnerabilities, and 47 low risk vulnerabilities. Each vulnerability includes a Synopsis, Description, Risk factor, CVSS Base Score, Solution if available, Plugin output, and Plugin ID.

Running head: USING NESSUS AND NMAP TOOLS 8 Figure 1.6 Device Initial Scan Information Figure 1.7 shows a closer look at one of the critical risk vulnerabilities found during the scan. The machine is running an obsolete operating system which is not supported and therefore no security patches are available for the system. One vulnerability related to this operating system is referenced in the National Vulnerability Database of the National Institute of Standards Figure 1.7 Critical Vulnerability

Running head: USING NESSUS AND NMAP TOOLS 9 and Technology web site. According to the NVD, local users can cause a denial of service or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. (US- Cert/NIST, 2010) The Nessus report of this vulnerability displays that a solution to the vulnerability is to upgrade to a newer version of the operating system. The network administrator can use this information to increase network security and prevent an attacker from exploiting this vulnerability. An attacker would use the information to exploit the vulnerability and gain access to root privileges on the network. If the network administrator is not using a tool like Nessus and the attacker is using the tool, the attacker has a huge advantage over the administrator. Further investigation of the Nessus scan report shows a medium risk vulnerability regarding an unsigned SSL certificate as shown in Figure 1.8. As the report states, access to this host could easily be established because there is no authentication in place to prevent an attacker from setting up a man in the middle attack. Again, this is critical information that can help the Figure 1.8 SSL Certificate Vulnerability

Running head: USING NESSUS AND NMAP TOOLS 10 network administrator take steps to resolve the issue or allow an attacker to choose his steps. This vulnerability can be resolved by purchasing or generating a proper certificate as shown in Figure 1.9. Figure 1.9 SSL Vulnerability Solution Like Nmap, Nessus is a powerful tool to help administrators protect their network against attacks. A crucial key is for the administrator to actually use the tool periodically to become familiar with the network and learn what can be done to better protect it. Michael Mullins writes in an article for Tech Republic that you cannot always rely on vendor patches for your entire security strategy. You must take steps to plug those holes that the black hat attackers are looking for. (Mullins, 2005) Nmap and Nessus are a critical step in protecting your network. They do not resolve all the issues but they help educate you to stay a step ahead of the attackers. You need to become familiar with their tactics and deploy measures necessary to thwart their efforts. Preventive maintenance practices have been around a long time; Nmap and Nessus are great preventive maintenance tools you can use to secure your network. Since they are open source, they will not put a dent in your IT budget. That can sound pretty good to company management; increased network security at a minimal cost!

Running head: USING NESSUS AND NMAP TOOLS 11 References Introduction. (n.d.) NMAP.ORG. Retrieved from http://nmap.org/ Liston, K. (2011). Port Details Port 1029. Internet Storm Center, SANS Institute. Retrieved from http://isc.sans.edu/port.html?port=1029 Mullins, M. (2005). Learn how Nessus can fit your remote scanning needs. TechRepublic. Retrieved from http://www.techrepublic.com/article/learn-how-nessus-can-fit-your-remote-scanningneeds/5755585?tag=mantle_skin;content Tenable. (n.d.) Tenable Security Center. nessus.org. Retrieved from http://www.nessus.org/products US-CERT/NIST. (2010). Overview-Vulnerability Summary for CBE-2009-3547. National Cyber- Alert System. Retrieved from http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3547

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information