Security Mgt. Tools and Subsystems



Similar documents
Course Title: Penetration Testing: Security Analysis

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Certified Ethical Hacker (CEH)

Intrusion Detection System (IDS)

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Build Your Own Security Lab

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Host Security. Host Security: Pro

IDS and Penetration Testing Lab ISA656 (Attacker)

Distributed Systems Security

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Open Source Security Tools for Information Technology Professionals

Network Incident Report

IDS / IPS. James E. Thiel S.W.A.T.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Ethical Hacking Course Layout

Linux Network Security

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Foreword Credits Preface Part I. Legal and Ethics 1. Legal and Ethics Issues 1.1 Core Issues 1.2 Computer Trespass Laws: No "Hacking" Allowed 1.

Vinny Hoxha Vinny Hoxha 12/08/2009

Introduction of Intrusion Detection Systems

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

IDS and Penetration Testing Lab ISA 674

Intrusion Detection Systems (IDS)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Intrusion Detection Categories (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

CRYPTUS DIPLOMA IN IT SECURITY

Open Source Security Tool Overview

By Jascha Wanger

Virtual Learning Tools in Cyber Security Education

GFI White Paper PCI-DSS compliance and GFI Software products

Some Tools for Computer Security Incident Response Team (CSIRT)

TESTING OUR SECURITY DEFENCES

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Introduction Open Source Security Tools for Information Technology Professionals

b. Cerberus Internet Scanner (WinNT/Win2K scanner)

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Network Attacks and Defenses

An Introduction to Network Vulnerability Testing

Attacks and Defense. Phase 1: Reconnaissance

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Open Source Security: Opportunity or Oxymoron?

Vulnerability Scanning & Management

Abstract. 1. Introduction Current Environment. University of California, Los Alamos National Laboratory. Telephone Fax

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Penetration Testing Workshop

Taxonomy of Intrusion Detection System

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Name. Description. Rationale

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Intrusion Detection Systems. Darren R. Davis Student Computing Labs

WHITE PAPER. An Introduction to Network- Vulnerability Testing

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Configuring Logging. IT 4823 Information Security Administration. How Long Must Logs Be Maintained. Determining What Should Be Logged

Motivation Potential Solutions Samhain SAMHAIN. An open-source Host Intrusion Detection. System (HIDS) Rainer Wichmann

SURVEY OF INTRUSION DETECTION SYSTEM

Chapter 9 Firewalls and Intrusion Prevention Systems

Introduction to Network Security Lab 2 - NMap

3 Days Course on Linux Firewall & Security Administration

Network- vs. Host-based Intrusion Detection

Penetration Testing with Kali Linux

CYBERTRON NETWORK SOLUTIONS

How To Protect A Network From Attack From A Hacker (Hbss)

Linux Operating System Security

NETWORK SECURITY WITH OPENSOURCE FIREWALL

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Intrusion Detection Systems

Network Intrusion Analysis (Hands-on)

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

A Biologically Inspired Approach to Network Vulnerability Identification

Self Service Penetration Testing

Intrusion Detection in AlienVault

INTRUSION DETECTION SYSTEM

Intrusion Detection and Incident Response Breakout Session

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Marlicia J. Pollard East Carolina University ICTN 4040 SECTION 602 Mrs. Boahn Dr. Lunsford

Intrusion Detection. Tianen Liu. May 22, paper will look at different kinds of intrusion detection systems, different ways of

Introducing IBM s Advanced Threat Protection Platform

Contents. Intrusion Detection Systems (IDS) Intrusion Detection. Why Intrusion Detection? What is Intrusion Detection?

6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access

EC-Council Certified Security Analyst (ECSA)

NETWORK PENETRATION TESTING

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Applications of Passive Message Logging and TCP Stream Reconstruction to Provide Application-Level Fault Tolerance. Sunny Gleason COM S 717

Cisco IPS Tuning Overview

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Transcription:

Security Mgt. Tools and Subsystems some attack and defense security tools at work Reconaissance Passive Active Penetration Classes of tools (network-bound)

Passive Reconaissance Passively listen and analyze the traffic on the network, or log and analyze events on hosts Do not change the state on the entity in question Can be used for attack or defensive purposes Examples Network sniffer Intrusion Detection System Active Reconaissance Gathers information by doing something in a potentially detectable way (often by sending network traffic) and waiting for responses Examples WHOIS Traceroute Port scanner

Methodology for Reconnaissance Intelligence Gathering Footprinting Verification Vitality Penetration Testing Penetration tools Aid the user in breaking into and gaining unauthorized access to a network entity and/or respective hosts Often work by exploiting a specific vulnerability in software or unintended interactions between entities Penetration Testing Tools similar to attack tools, may have damage control mechanisms to minimize negative impact example tools: nmap wireshark nessus metasploit

Penetration Testing nmap Port scanning OS fingerprinting Service version detection Penetration Testing Wireshark Previously known as Ethereal is a multi-platform open-source network protocol analyzer It allows one to examine data from a live network or from a capture file on a disk (previously recorded by tcpdump, for instance) Understands hundreds of protocols Rich display filter language Ability to reconstruct TCP sessions and follow entire streams

Penetration Testing Metasploit Framework The attack tool par excellence (at least for real hackers) It is an advanced open-source platform for developing, testing, and using exploit code It is currently used for just about cutting-edge exploitation research Already ships with hundreads of exploits and shellcode Penetration Testing other specific tools exist for: Databases Web Applications Wirelless... Extended open source security tools special-purpose attack tools (e.g Stuxnet suite)

Fighting back... Defense and Countermeasures: methodology and tools Systematic measures to defend systems and networks from intrusion Defensive security management Active countermeasures for defense and protection

Security management and defensive functions security enhancement fault (attack, vulnerability) diagnosis attack prevention intrusion detection auditing Security management and defensive functions security enhancement fault (attack, vulnerability) diagnosis attack prevention intrusion detection auditing

Security management functions security enhancement tools in this class we have tools that render machines and software more robust, by preventing/removing vulnerabilities; for example cryptographic software, filtering and wrapping software, or packages that encrypt, sign or checksum critical software, to detect modifications; e.g., Crypto libraries, Wrappers or Integrity Checkers examples of such software are Tripwire, Xinetd, Tcpwrapper, Portmapper, and Cracklib Wrappers and Integrity Checkers Wrappers and Integrity Checkers can significantly improve the resilience of otherwise vulnerable software, by: neutralising vulnerabilities detecting modifications 34

Tripwire Defensive tool (more specifically an integrity checker) Configuration control Monitors important file and registry values and properties (like access times, flags, owner, etc) Enables Admins to detect files that are added, modified or deleted Provides a history of what changes during patching Two Components Tripwire for Servers (command line) Tripwire Manager (GUI front end) Security management and defensive functions security enhancement fault (attack, vulnerability) diagnosis attack prevention intrusion detection auditing

Security management functions fault (attack, vulnerability) diagnosis tools in this class we have for example packages that scan the facility looking for design or configuration vulnerabilities; Vulnerability Scanners e.g., test systems to activate vulnerabilities, discover them and correct them (removal) or filter them (neutralisation) examples of such software used over the past few years are Crack, COPS, Tiger, ISS, Satan, Saint, Nessus, Merlin, Trojan On Vulnerability Scanners vulnerability scanners are useful but have limitations:» exercise the system in order to activate vulnerabilities: often only find those they look for; only those reachable by the interface method» do not detect attacks» periodical execution, background, non real-time

Bringing it all together there have been over the past few years, releases of powerful packages integrating several tools of the classes seen above Hiren's BootCD Syst. diagnosis & management Metasploit - Penetration Testing BackTrack - Penetration Testing Security management and defensive functions security enhancement fault (attack, vulnerability) diagnosis attack prevention intrusion detection auditing

Security management functions attack prevention in this class we have all types of tools that attempt at blocking attacks to internal, perhaps vulnerable, components Firewall Systems e.g., restrict access to systems, to prevent attacks from getting to the vulnerabilities examples of such software are Firewall-1, IPtables, Gauntlet, Raptor Limitations of Firewalls firewalls are an excellent tool, but not perfect: not transparent (except for bridge-level) slow networks down do not block all attacks block legitimate interactions something more proactive is needed in the way of: taking care of residual vulnerabilities (most subtle) taking care of on-going or successful attacks

Security management and defensive functions security enhancement fault (attack, vulnerability) diagnosis attack prevention intrusion detection auditing Security management functions intrusion detection tools in this class we have for example packages that perform real-time supervision, looking for anomalous behavior or state of the system, or abnormal patterns of usage, in order to detect intrusions; they act as a last resource, when a successful attack/vulnerability match occurred Intrusion Detection Systems e.g., detect symptoms derived from ongoing or successful attacks examples of such software are Scandetector, CPM, AID, AAID, NID, ASAX, Hummer, Snort

Intrusion Detection Systems complement the protection offered by scanners and firewalls IDS are based on sensors sensors are programs, sometimes in boxes, which detect intrusions in parts of systems and generate reports to consoles consoles interpret and/or generate appropriate responses Security management and defensive functions security enhancement fault (attack, vulnerability) diagnosis attack prevention intrusion detection auditing

Security management functions auditing tools in this class we have for example packages that perform logging and build audit trails of the system, in order for the administrator to analyze events a posteriori e.g., correlate attacks to detect intrusion campaigns; audits should be secure, in the sense of indelible e.g., Secure logging and auditing tools and Protocol Analyzers examples of such software are Tcpdump, Analyzer, Swatch, Logdaemon, Netlog, Netman Protocol Analyzers (ex. Wireshark) Sniffers have their good side...

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information