Running a Default Vulnerability Scan



Similar documents
Running a Default Vulnerability Scan SAINTcorporation.com

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Shellshock Security Patch for X86

IIS, FTP Server and Windows

WinSCP for Windows: Using SFTP to upload files to a server

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Installing and Configuring Nessus by Nitesh Dhanjani

FileMaker Server 14. FileMaker Server Help

MGC WebCommander Web Server Manager

Immotec Systems, Inc. SQL Server 2005 Installation Document

Desktop Configurations For General Ledger and Financial Reports. User Guide

RPM Utility Software. User s Manual

SysPatrol - Server Security Monitor

Moxa Device Manager 2.3 User s Manual

My FreeScan Vulnerabilities Report

How To Set Up Dataprotect

SECTION 1: FIND OUT THE IP ADDRESS OF DVR To find out the IP of DVR for your DVR do the following:

NAS 109 Using NAS with Linux

Web Application Firewall

Download and Install the Citrix Receiver for Mac/Linux

Scan to Quick Setup Guide

Smartphone Pentest Framework v0.1. User Guide

How To Configure CU*BASE Encryption

FileMaker Server 13. FileMaker Server Help

Sophos Endpoint Security and Control standalone startup guide

F-Secure Messaging Security Gateway. Deployment Guide

Configuring Security for FTP Traffic

Using Internet or Windows Explorer to Upload Your Site

Working With Your FTP Site

Dial-up Installation for CWOPA Users (Windows Operating System)

Release Notes for Dominion SX Firmware 3.1.6

WS_FTP Server. User s Guide. Software Version 3.1. Ipswitch, Inc.

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Insight Video Net. LLC. CMS 2.0. Quick Installation Guide

Installation Guidelines (MySQL database & Archivists Toolkit client)

Livezilla How to Install on Shared Hosting By: Jon Manning

IBM WebSphere Application Server Version 7.0

National Fire Incident Reporting System (NFIRS 5.0) NFIRS Data Entry/Validation Tool Users Guide

Installation Overview

Deploying Secure Internet Connectivity

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

DocuShare Installation Guide

How to Use? SKALICLOUD DEMO

LucidNAS Quick Start Guide

Set Up Setup with Microsoft Outlook 2007 using POP3

Lab Configuring Access Policies and DMZ Settings

Vulnerability analysis

Ipswitch WS_FTP Server

Moxa Device Manager 2.0 User s Guide

F-SECURE MESSAGING SECURITY GATEWAY

Aventail Connect Client with Smart Tunneling

Easy Setup Guide for the Sony Network Camera

System Administration Training Guide. S100 Installation and Site Management

Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5

CASHNet Secure File Transfer Instructions

FileMaker Server 7. Administrator s Guide. For Windows and Mac OS

1. Installation Overview

NetBrain Discovery Appliance Manual

Hosted Microsoft Exchange Client Setup & Guide Book

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

Install and Configure RelayFax

Troubleshooting / FAQ

How to Setup Scan to SMB to a Microsoft Vista Workstation Using a bizhub C451/ C550

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

Setting Up Your FTP Server

Mozilla Thunderbird: Setup & Configuration Learning Guide

A-AUTO 50 for Windows Setup Guide

Cyber Security: Software Security and Hard Drive Encryption

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

DocuShare Installation Guide

How To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The

Installing LearningBay Enterprise Part 2

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

WhatsUp Gold v16.3 Installation and Configuration Guide

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

IBM Security QRadar Vulnerability Manager Version User Guide

Web Application Vulnerability Testing with Nessus

Installing the Microsoft Network Driver Interface

How To Use The Macintosh Pcounter On Pc Or Macintosh (For Pc) With A Pc Or Pc (For Mac) With An External Hard Drive With A Printer On Itunes) With The Powerpoint (For Windows) On A Pc

webkpi SaaS ETL Connector Installation & Configuration Guide

Freshservice Discovery Probe User Guide

WHM Administrator s Guide

FTP Server Configuration

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

IDS and Penetration Testing Lab II

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

How To Set Up A Webhosting Website On Windstream.Com

Virtual Office Remote Installation Guide

Upgrade your Software

Setting Up Scan to SMB on TaskALFA series MFP s.

How to Log in to LDRPS-Web v10 (L10)

Comodo Endpoint Security Manager SME Software Version 2.1

Cox Business Premium Online Backup USER'S GUIDE. Cox Business VERSION 1.0

HP Device Manager 4.6

Installing, Uninstalling, and Upgrading Service Monitor

Qsync Install Qsync utility Login the NAS The address is :8080 bfsteelinc.info:8080

Sophos Anti-Virus for Mac OS X network startup guide. For networked Macs running Mac OS X

Transcription:

Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com

Examine. Expose. Exploit. Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s integrated vulnerability assessment and penetration testing tool (SAINTexploit ). With SAINT, you can examine your network for vulnerabilities, identify exposed resources, and safely exploit them. The SAINT product suite offers you a complete solution to evaluate the threats to your network and help you determine if your current security investments are preventing attacks. The following is a step-by-step guide to running a default SAINT vulnerability scan. Download SAINT 1. Point your Internet browser to http://www.saintcorporation.com/ 2. Choose My Account, then Downloads 3. Choose SAINT Note: If you choose SAINT only, you will still get the SAINTexploit screens, but without the exploits. 4. Enter your customer login and password 5. Choose the platform: Linux, Solaris, FreeBSD, or Mac 6. Accept the license agreement 7. Save the file in the directory where you want to install SAINT Example: /root or /usr/local/src Install SAINT 1. Unzip the downloaded file: gunzip saint-install-x.x.gz (x.x is the version number). Note: The downloaded file is gzipped. If your browser dropped the.gz extension from the filename, rename it so it ends in.gz. 2. Set the execution mode on the file: chmod a+x saint-install-x.x 3. Install SAINT by entering:./saint-install-x.x 4. Accept the license agreement 5. Enter the saint directory: cd saint-x.x The README file (more README) contains information that you should know before using SAINT such as the startup procedure and the recommended utilities which will automatically be used by SAINT if they are installed: Nmap and Xprobe2 advanced host type detection capabilities. Samba Helps with Windows file system checks and SMB file sharing checks OpenSSL Enables scanning of SSL Web servers OpenSSH Local Linux checks and SSH password checks 2009 SAINT Corporation. All Rights Reserved. www.saintcorporation.com 2

Generate a Key The key specifies the licensed targets Log on using your customer ID: http://www.saintcorporation.com Choose New Key Enter your IP address range Tip: SAINT s Discovery scan level is useful for determining your target IP addresses Click on Verify Key, then Generate Key Leave the browser open Configure the Key Once SAINT is installed, use SAINT by following these steps:./saint (or double-click icon). Note: SAINT should always be run as root Choose Configure SAINT Key from the pull-down menu Cut and paste your key into SAINT (include #Begin Key and #End Key) Click on Save SAINT Key If you see a Password Disclosure warning, click on Reload Start the Scan First, always be certain that you have permission to scan any hosts. Note: You will need PERL v5.0 or above to get SAINT running properly. Choose Scan Setup to select the target host(s), scan level, and firewall support, and to start the scan. 1. Enter the IP address of a target host in the first set of boxes, and click the Add button 2. Choose Heavy Scan 3. Choose Do not perform dangerous tests 4. Choose No Firewall Support 5. Enter authentication if known 6. Choose Scan Now to begin scanning SAINT Control Panel While running a scan, SAINT opens a control panel with various options Note: you may need to disable your browser s popup blocker. Pause and Resume the scan finishes all probes in progress and then waits for Resume Stop the scan Interrupts the scan and can only be recovered by going back to Scan Setup 2009 SAINT Corporation. All Rights Reserved. www.saintcorporation.com 3

View the results in progress The Progress Bar shows the ratio of completed probes for each phase. A typical scan has three or four phases. SAINT Status Updates SAINT tells you the name, target, flags, and maximum time for each probe. The maximum time tells how long SAINT allows a probe to run before assuming it is hung and killing the process. The probe name is the name of an executable file in the bin directory. The same information you see on the screen is logged in status_file. SAINT Probes SAINT s vulnerability checks are divided into probes. Each probe launches a set of attacks designed to detect vulnerabilities in a certain service, or of a certain type. Examples include FTP vulnerabilities, Sendmail vulnerabilities, and distributed denial-of-service. All probes are found in bin/*.saint. Core probes are probes that run against every target you specify. Conditional probes are probes that run against a target only if a condition is met. The results of a core probe cause conditional probes to run. A typical probe sequence would be as follows 1. tcpscan probe runs (a core probe) and detects an open finger port 2. finger probe runs (a conditional probe) and detects accounts foo and bar 3. login probe runs (another conditional probe) and tries to guess password to foo and password to bar Data Analysis The four main categories found in SAINT's Data Analysis section are reports, vulnerabilities, host information, and trust. The categories differ in that each will emphasize and display different portions of the scan data. To analyze the scan results, click on the link to Reporting and Analysis. (Alternatively, you could go back to the previous screen and choose Data Analysis.) The Data Analysis page provides links to create reports or to view vulnerability or host information in a variety of views. Severity Levels Critical Problems Critical problems could allow an attacker to gain unauthorized access to files, execute commands, or create a denial-of-service. Such problems could include guessable passwords, buffer overflows, unrestricted file sharing, etc. Example host1.domain.com: Exports /export/home to everyone Areas of Concern 2009 SAINT Corporation. All Rights Reserved. www.saintcorporation.com 4

Areas of concern are problems which do not allow an attacker to gain direct, unauthorized access, but do allow the following: Access to information on network or host configuration (e.g., FTP bounce, finger information) Privilege elevation Use as an intermediary (e.g., cross-site scripting) Susceptibility to malicious content (e.g., vulnerable browsers) Example host2.domain.com: Excessive finger information Potential Problems These are conditions which may or may not be vulnerabilities, depending on the version or configuration. Further investigation is usually required on the part of the administrator. SAINT cannot always tell whether or not a vulnerability is present. These should not be interpreted as low severity, since a potential problem could be critical if it exists. This is also where false positives would appear. Example host3.domain.com: Possible buffer overflow in rpc.statd Services This indicates that a network service is running or open, and is reported for informational purposes. This does not indicate a vulnerability. Example host4.domain.com: Offers FTP Vulnerabilities Vulnerabilities are further subdivided into more specific severity levels. Click on a severity level to see all the vulnerabilities detected at that level. For each vulnerability, the host name, vulnerability description, and CVE name (if applicable) are shown. Each field is hyperlinked to further information. The Top 20 icon means the vulnerability is part of the SANS Top 20 Most Critical Internet Security Vulnerabilities. These are the vulnerabilities most likely to be exploited by attackers and are often the most serious. The Exploit link means there is a corresponding exploit available in SAINTexploit, SAINT s penetration test tool. Simply click the link to run the exploit. Confirmed vs. Inferred Vulnerabilities A checkmark on the icon means that the vulnerability is confirmed. Confirmed vulnerabilities are determined by definitive test, for example successful password guess or read access to a file on the target. The inferred vulnerability icon does not contain a checkmark. Inferred vulnerabilities are determined by known 2009 SAINT Corporation. All Rights Reserved. www.saintcorporation.com 5

information, for example service banners or software version numbers. Inferred vulnerabilities are not necessarily false positives; they are detected through the use of a different methodology. Host Information You can click on a host name to get the following host-specific information: Scan time Scan level Operating system type, if known Netbios name, if known MAC address, if known Subnet (first three octets of IP address) List of services running List of vulnerabilities detected All host information is hyperlinked to further information. You can click on a service to see a list of hosts running that service, or go back and click on the system type to see a list of hosts which are of the same type. Vulnerability Tutorials Click on a vulnerability to bring up a tutorial or knowledge base for that vulnerability. Tutorials are divided into the following six sections: 1. Impact The potential consequences of the vulnerability 2. Background Any general information which might be useful to help you understand the problem. 3. The Problem Specific information about the cause of the vulnerability, how it could be exploited, and what platforms or versions could be affected. 4. Resolution Instructions on how to fix the vulnerability, with links to any necessary patches or upgrades. 5. More Information Links to advisories, mailing list postings, and any other resources which provide additional information. 6. Technical Details Port number or service name and network data or test method, if available. Exit SAINT by closing the browser. For more information, detailed SAINT documentation is available online at: http://www.saintcorporation.com/resources/documentation/documentation.html 2009 SAINT Corporation. All Rights Reserved. www.saintcorporation.com 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information