• Save
Nomura UCCSC 2009
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Nomura UCCSC 2009

on

  • 829 views

University of California Computer Services Conference (UCCSC) 2009 - Focus on Security

University of California Computer Services Conference (UCCSC) 2009 - Focus on Security

Statistics

Views

Total Views
829
Views on SlideShare
826
Embed Views
3

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 3

https://www.linkedin.com 2
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Nomura UCCSC 2009 Presentation Transcript

  • 1. UCCSC 2009 - Focus on Security An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009
  • 2. Disclaimer Don’t blame me if your workstation breaks or something bad happens to your network
  • 3. Scientist Gone Bad - this is me!
  • 4. Expectations • General overview - Only have 60 minutes! • Focus will be on tools to help detect problems with your network • Two Hat Perspective • If you can use the tool, think how it can be used against you!
  • 5. Approach Tool will be described • What the tool does • How can you use it • Advantages/disadvantages
  • 6. Topics to be covered Data Mining 1A • Web 2.0 • Kismet • OpenVAS • Metasploit
  • 7. More Topics • NMap • Web Vulnerability Scanners • Pros and Cons of the free stuff • The Future
  • 8. Data Mining 1A
  • 9. Data Mining 1A • Every network leaks or broadcasts information • What is allowable or acceptable by your organization? • This section will give examples of types of information being broadcast - allowable and sensitive
  • 10. Classic Sources of Data Leaks • DNS & MX records • Technical forums • Job sites
  • 11. Google’s Advanced Operators • Reduce noise • Help to refine search • Operator:search term • Tutorial to advanced operators http://www.googletutor.com/google-manual/web-se
  • 12. Operators • domain:ucdavis.edu • “Exact phrase” • Intitle: Look for phrase in page
  • 13. Types of information • Personal information • Technical information
  • 14. Let’s look for some personal information
  • 15. Does anyone from UCD know person? or My Gosh - Look at the SSN!!!
  • 16. Sensitive information deleted from this slide
  • 17. Is anyone from UCSF? Or this probably should not be broadcast to the world
  • 18. Sensitive information deleted from this slide
  • 19. Text Example of a technical google hack revealing Nessus Scan Reports
  • 20. Summary of Google Hacking • Use Google to peruse your servers for sensitive information • Clean up your mess like old scan reports • Educate users about the danger of broadcasting information
  • 21. The Pros of Google Hacking • Find information you didn’t know was being broadcast • It’s cheap and works
  • 22. The Cons of Google Hacking • Someone may have found the information already • You may not find everything • Fear the Google cache!!!!!
  • 23. References for Google Hacking • See Johnny Long’s book - Google Hacking for Penetration Testers - ISBN-10 1597491764 • Any questions - just send me an email
  • 24. Web 2.0 • Example: Twitter • Technical • Exploitation of code • Passive enumeration • Users careless of information being broadcast
  • 25. Solution • Identify types of data not be broadcast • Educate • Users need to be made aware there are people “watching.”
  • 26. “Free” Tools • Many released under GNU/GPL • Range from simple to complex • Many have great support and documentation
  • 27. Kismet • Detects presence of 802.11 APs • Sniffs traffic • IDS • kismewireless.net
  • 28. Kismet Note error messages at bottom - ignore them
  • 29. Courtesy of kismetwireless.net
  • 30. Why use Kismet? • Pen testing of APs • Seek out rogue APs • Survey and map 802.11 installation • Distributed IDS
  • 31. Kismet Advantages • Initial cost is free • Very powerful • Customizable • plugins
  • 32. Cons of Kismet • Interface • May require significant configuration • Incompatibilities • Long term cost could be high due to time spent configuring and tweaking apps
  • 33. OpenVAS Vulnerability Assessment • Based upon Nessus 2.2 • Released under GNU/GPL • openvas.org
  • 34. Image Courtesy of openvas.org
  • 35. Image Courtesy of openvas.org
  • 36. Image Courtesy of openvas.org
  • 37. OpenVAS • Runs well on Linux • Financially - free VA tool • Growing support for project
  • 38. Disadvantages Problems with some NVTs • Some difficulty non-linux platform
  • 39. Metasploit • Security Framework identifies vulnerabilities and exploits them • Intended for penetration testing and research • Customizable • metasploit.org
  • 40. Metasploit Text Command line interface of Metasploit
  • 41. Metasploit Example vulnerability to be used on Windows 2000 machine
  • 42. Metasploit Selection of exploit
  • 43. Metasploit Access has been achieved on remote machine
  • 44. Metasploit Advantages • Growing community of users • Growing documentation • Runs well on most flavors of *nix • Excellent tool to identify and exploit vulnerability
  • 45. Metasploit Disadvantages • Do not expect all exploits nor may be up to date with latest exploits • Lack of logging or reports • Machine running Metasploit can be compromised • This is a very dangerous tool and may violate policy at your institution. Use on test network
  • 46. NMap - Network Mapper • Sends raw IP packets to specific host, or a range of hosts • Determines OS, version, open ports, identifies potential vulnerability • nmap.org
  • 47. NMap • Network administrators and other IT folk responsible for network based assets • Pen testers and other security folk
  • 48. NMap Loki:/Users/Doug root# nmap -sV 192.168.1.1-25 Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-14 23:56 PDT Interesting ports on 192.168.1.1: Not shown: 998 closed ports PORT STATE SERVICE VERSION 23/tcp open telnet Cisco telnetd (IOS 6.X) 443/tcp open ssl/http Cisco PIX Device Manager MAC Address: 00:08:21:3A:29:B2 (Cisco Systems) Service Info: OS: IOS; Device: firewall Interesting ports on 192.168.1.2: Not shown: 997 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp tnftpd 20061217 22/tcp open ssh OpenSSH 5.1 (protocol 1.99) 548/tcp open afp Apple AFP (name: Feline; protocol 3.2; Mac OS X 10.4/10.5) MAC Address: 00:0D:93:32:D0:26 (Apple Computer) Service Info: Host: Feline.local Interesting ports on 192.168.1.4: Not shown: 999 closed ports PORT STATE SERVICE VERSION 5009/tcp open airport-admin Apple AirPort admin MAC Address: 00:03:93:1F:01:65 (Apple Computer) Interesting ports on 192.168.1.6: Part of a Nmap scan report
  • 49. Strengths of NMap • Large base of support from user and developer community • Mature product • Fast and versatile scanner • Extremely stable. Install and go!
  • 50. Weaknesses of NMap • Some scans seem to be intrusive • Some scans have crashed hosts being scanned
  • 51. Web Vulnerability Scanners • GNU/GPL World • Singular in purpose • Paros • Stagnant • Nikto
  • 52. Web Vulnerability Scanners Singular purpose tools usually check for a single type of vulnerability (i.e. XSS, SQL injection). You would have to have a lot of different GNU/GPL tools to encompass all possible vulnerabilities
  • 53. Web Vulnerability Scanners Some projects become stagnant or die due to core developers ability to devote time to project
  • 54. Advantages of the “free” apps • Initial cost is low • Some projects have a community of support • Documentation • A potentially powerful tool rivaling commercial tools
  • 55. Advantages of “free” apps Use older hardware • Great for that older machine collecting dust
  • 56. Disadvantages • Project stability • UI issues • Application stability • Speed of development • Upgrades may be challenging • Geek Factor
  • 57. Geek Factor 100 Geek Factor 0 “cost” 100
  • 58. What to do? • Define your needs • Determine stability and viability of project • Be willing to invest time • Be diligent
  • 59. The future Greater and easier exploitation of Web 2.0 • You must educate your users about the dangers • Handhelds will be both targets and attackers
  • 60. The End
  • 61. Further questions? Drop me an email. doug.nomura@gmail.com