2. Outline
• Why should we perform assessments?
• Security Assessment classifications
• Future of security assessments
3. Why HackYourself?
• Security assessments help
organizations to:
• Understand threats for better defense
• Determine risk to make informed IT
decisions
• Test incident handling procedures,
intrusion detection systems, and other
security
• TSA is a good example
4. Risk = Threat xVulnerability
“Risk is a function of the likelihood of a given threat-source's
exercising a particular potential vulnerability, and the resulting
impact of that adverse event on the organization.”
6. Target Identification
• Local scans, use ARP
• Remote test, use common ports, be sneaky
• RDP (!), SSH known_hosts, netstat, DNS
• Tools
• Nmap - ARP scanning
• nbtscan - NetBIOS scanner, fast!
• Cain & Abel - ARP Scanner
• Superscan - Foundstone tool
7. Portscanning
• Find open ports on a host
• Often includes service and OS
fingerprinting
• Tools include Nmap & Nessus
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3052/tcp open powerchute APC PowerChute Agent 6.X
Nmap In The Movies!
8. Vulnerability Scanning
• Looks at the open port
• Determines the service running
• Performs more actions to determine if a
service contains known vulnerabilities
• Tools include Nessus and other specialized
applications
9. Vulnerability Scanning
• Looks at the open port
• Determines the service running
• Performs more actions to determine if a
service contains known vulnerabilities
• Tools include Nessus and other specialized
applications
IT Staff can perform this testing on
their own with inProtect
10. Penetration Testing
• Takes and identified port, associated
service which contains vulnerabilities
• Uses an exploit to gain unauthorized
access to the target system
• Tools include Metasploit, CANVAS, &
Core IMPACT
• Used to find and compile random exploits
11. Web Application Testing
• Looks for vulnerabilities in web
applications on the web server
• SQL Injection
• Remote File Include
• Cross-Site Scripting
• Manipulate the applications to gain
unauthorized access
• Commercial tools include AppScan
and WebInspect
12. Client-Side Penetration
Testing
• Attempts to exploit applications on a users
desktop system
• Sending email to the user with hopes they
will click a link or open an attachment
• Requires the users email address and a
server reachable from the clients
• Core IMPACT is able to automate this
testing