SlideShare a Scribd company logo
1 of 124
Download to read offline
Introduction to Network Security
© N. Ganesan, Ph.D.
Biometrics
Acknowledgements
• Who Are You Really?, by Tim Sigmon
Director, Advanced Technology Group,
Office of Information Technologies,
University of Virginia
• Student project presentation by Rickie
Johnson
Chapter Focus
• Definition of biometrics
• Biometrics techniques
• Strengths and weaknesses
• Major Products
• Summary
What is Biometrics?
• Access control based on unique human
characteristics
– Characteristics can be both physiological and
behavioral
• Access in this case means access to computers
and computing resources
• Examples
– Fingerprints
– Eye retina characteristics etc.
An Example
• Control access to a computer based on
the fingerprint of the user
– A fingerprint recognition unit attached to
the computer via the USB port may be
used for this purpose
Some Biometrics Techniques
• Eye Scanning
• Fingerprint scanning
• Hand scanning
• Face recognition
• Voice recognition
• Signature recognition (DSV)
• Keystroke recognition
More Human Characteristics for
Biometrics
• Wrist veins
• Ear shape
• Body odor
• DNA
• Excellent continue with the viriginia
university article
• http://www.itc.virginia.edu/virginia.edu/s
Eye Scanning
• Two major techniques
– Iris scanning and retina scanning
• Offers the highest level of security
Fingerprints
• Generally considered as highly accurate
• Not as accurate as retinal scanning
• Varying fingerprints due to dirt, dry
hands, cracked skin, gender may affect
the fingerprints that in turn can affect
the fingerprint recognition system
• Can be used for controlling access to
computers
Hand Scanning
• Scanning may be based on the 3-Shape and
size of the hand that may include lengths,
widths, thickness, and surface areas
• Not as accurate as fingerprinting
• Not used for authorizing access to computers,
in general
– Used in general to give door entry access, tracking
time, attendance etc.
Accuracy of Biometrics Systems
• False Acceptance Rate (FAR)
• False Rejection Rate (FRR)
• An equal error rate may be chosen to
balance FAR against FRA
Retinal Scanning
User Looks Into a
Viewer and Focuses
on a Point; Infrared
Light Scans Retina
Iris Scanning
User looks at a camera
(distance from camera
increasing rapidly to
2-3 feet)
Finger
Scanning
User Places Finger on
Scanning Device
Hand Scanning
User Places
Hand on Device
Facial Recognition
User Looks at Camera
User speaks into a microphone or other
device, such as a telephone handset
Signature Recognition
Keystroke Recognition
User signs name on a device
User types standard sample on keyboard
Voice Recognition & DSV
Other Techniques
Strengths, and Weakness
Retina
Iris
Fingerprint
Hand/Finger Geometry
Face Recognition
Voice Recognition
Signature Recognition
Keystroke Recognition
Technique Strengths
Retina Highly accurate
Iris Highly accurate; works with
eyeglasses; more acceptable to
users than retina scan
Fingerprint Mature technology; highly
accurate; low cost; small size,
becoming widely acceptable
Hand/Finger Geometry accurate and flexible; widely
acceptable to users
Face Recognition Widely acceptable to users; low
cost; no direct contact; passive
monitoring possible
Voice Recognition Usable over existing telephone
system; good for remote access
and monitoring;
Signature Recognition Widely acceptable to users
Keystroke Recognition Widely acceptable to users; low
cost; uses existing hardware
Technique Weaknesses
Retina Inconvenient for persons with
eyeglasses; dislike contact with
device and light beam
Iris New technology, cost, although
this is rapidly changing
Fingerprint Users can create high FRR; some
persons dislike contact with
device
Hand/Finger Geometry User interface is bulky; dislike
contact with device
Face Recognition Face recognition is less accurate
than other methods
Voice Recognition Less accuracy; subject to
background noise
Signature Recognition Less accuracy; not widely used
yet, but has potential with PDAs
Keystroke Recognition Less accuracy;
FAR & FRR
FAR(False Acceptance rate) – refers to how
often the system accepts someone it should
reject
AND
FRR(False Rejection Rate) is how often the
system rejects someone it shouldn’t.
FAR
Accept wrong person
FRR
Reject the correct person
HighSecurity LevelLow
Relation of FAR and FRR
Major Players
• Computer access
• Physical access
• Handheld devices
• Military/Govt. Agencies/DOD
• Financial services
• Hospitals
• Telecommunication
Summary
• As biometric technology advances, the cost of
systems will decrease.
• At the same time, biometrics systems will become
increasingly sophisticated and accurate.
• Scientist will physical and behavioral traits will
increase the usefulness of biometrics.
• The general public will gradually come to accept
biometric system.
References
Fuller, Scott and Pagan, Kevin 1997. Intranet Firewalls “Planning and
Implementing Your Network Security System.” Ventana
Communications Group, Inc.
Conry-Murray, Andrew. Network Magazine. Oct. 1, 2002. p28 Securing
End Users from Attack.
McCollum, T. Security concerns prompt new initiatives. The Internal
Auditor. Oct. 2002.
Short, Bob. September 2002. Getting the 411 on Biometrics. Security
Magazine. p48.
Tocci, Salvatore. 2000. High-Tech IDs: From Finger Scans To Voice
Patterns. Grolier Publishing
Mitnick, Kevin & Simon, William L. The Art of Deception: Controlling
the Human Element of Security. Library Journal.
Notes
• Threats
• Hacking
• Firewalls
• Managing Security
Firewall
© N. Ganesan
Acknowledgement
What is a Firewall?*
• A firewall isolates two networks from
one another to enforce security
• A network in this case may consist of one
or more computers
• The firewall inspects each individual
“packet” of data as it arrives at either
side of the firewall — inbound or
outbound and determines whether the
data packet should be allowed to pass
or be blocked.
Types of Firewall
• Hardware based such as the Dlink
firewall
• Software based such as Zone Alarm
Hardware Firewalls
• CISCO
• Dlink
• Linksys
General Firewall Features
• Port Control, Application Monitoring
(Program Control) and Packet Filtering.
• Additional features: Data encryption,
hiding presence, reporting/logging, e-
mail virus protection, pop-up ad
blocking, cookie digestion, spy ware
protection, laptop protection.
Do Firewalls Prevent Viruses and
Trojans?*
• NO!! A firewall can only prevent a virus or
Trojan from accessing the internet while on
your machine.
• 95% of all viruses and Trojans are received
via e-mail, through file sharing (like Kazaa or
Gnucleus) or through direct download of a
malicious program.
• Firewalls can't prevent this - only a good anti-
virus software program can.
Firewall Protection for Viruses and
Trojans*
• However, once installed on your PC, many
viruses and Trojans "call home" using the
internet to the hacker that designed it.
• This lets the hacker activate the Trojan and
he/she can now use your PC for his/her own
purposes.
• A firewall can block the call home and can
alert you if there is suspicious behavior
taking place on your system.
Some Hardware Firewall Features*
• Offers IP security and internet key
exchange network encryption.
• Integrated firewall functions.
• Network address translation.
• Encrypted SNMP management traffic.
Some Software Firewalls
• Zone Alarm
• Microsoft
• Mcafee
• Norton
Basic Types
• Network Layer
• Application Layer
Network Layer
• Makes decision based on the source,
destination addresses, and ports in
individual IP packets.
• Based on routers.
• Has the ability to perform static and
dynamic packet filtering and stateful
inspection.
Static & Dynamic Filtering
• Static Packet Filtering looks at minimal
information in the packets to allow or
block traffic between specific service
ports. Offers little protection.
• Dynamic Packet Filtering maintains a
connection table in order to monitor
requests and replies.
Stateful inspection
• Compares certain key parts of the
packet to a database of trusted
information. Incoming information is
compared to outgoing information
characteristics. Information is allowed
through only If comparison yields a
reasonable match.
Application Layer
• They are generally, hosts running proxy
servers which perform logging and
auditing of traffic through the network.
• Logging and access control are done
through software components.
Proxy Services
• Application that mediates traffic
between a protected network and the
internet.
• Able to understand the application
protocol being utilized and implement
protocol specific security.
• App. Protocols include: FTP, HTTP,
Telnet etc.
• 1. Trojan horse programs
• 2. Back door and remote administration programs
• 3. Denial of service
• 4. Being an intermediary for another attack
• 5. Unprotected Windows shares
• 6. Mobile code (Java, JavaScript, and ActiveX)
• 7. Cross-site scripting
• 8. Email spoofing
• 9. Email-borne viruses
• 10. Hidden file extensions
• 11. Chat clients
• 12. Packet sniffing
Possible threats
• Port Scans
• Buffer overflow attacks
• Denial of Service (DoS) attacks
• Active Code: Trojan horse, worms
• Application / Operation system bugs or
backdoor
• Remote login, SMTP session hijacking, E-
mail bombs, Spam, Redirect bombs, Source
routing:
Port Scans
• When hackers remotely spy on your
computers to see what software and
services they have.
• Port scans are common but with a
properly configured and maintained
firewall you can restrict access.
Buffer overflow attacks
• Involve sending data to a vulnerable
program in such a way that the
program crashes allowing a hacker to
get remote control of the computer.
• Such an attack can be traced back.
Denial of Service Attacks
• Involves sending bogus traffic so that
the company is unable to respond to
legitimate service requests from
employees and customers.
• A properly configured and maintained
firewall can minimize the damage.
Active Code Attack
• Attack using active codes (ActiveX,
Java, VB script) executed by browser,
also known as Trojan horse, worm.
• Traditional firewall cannot protect
against active code or virus very well.
Firewall Architecture
• Dial-up Architecture
• Single Router Architecture
• Firewall with Proxy Server
• Redundant Internet Configuration
1. Dial-up Architecture
Internet
Firewall
System
Workstation/sLAN
(HUB)
DMZ
(HUB)
Ex. ISDN Line
2. Single Router Architecture
Firewall
System
Workstation/sLAN
(HUB
)
DMZ
(HUB)
Router
or
Cable
Modem
Outside
Server
Internet
* Can setup filter rules in the router.
3. Firewall with Proxy Server(1
Internet
Proxy/
Firewall
System
Workstation/sLAN
(HUB
)
* Integrate a proxy server into the firewall.
4. Firewall with Proxy Server(2)
Internet
Firewall
System
LAN
(HUB
)
Workstation/s
Proxy Server
1. Proxy server on the LAN
2. Firewall have rules to only allow proxy server
to connect to Internet
5. Redundant
Internet Configuration
LAN
(HUB
)
Firewall
System Workstation/s
Proxy Server
Router
(DMZ)
(HUB)
WS/s
VPN
Outside
Server
Shared
Server
(WAN)
(HUB) Partners
ISP
#1
ISP
#2
* Objective: 100 % Uptime service
Single Point of Failure
• An architecture whose security hinges
upon one mechanism
• Redundant Rule on Host or Router
Using a Single Firewall Configuration
• Advantage
• ISP network is separated from other
networks – limiting the intrusion
• One firewall to purchase and manage.
• Internal network is not dependent on the
Web Site environment.
• Implemented easily in an existing
architecture.
Using a Single Firewall Configuration
• Disadvantage
• An intruder who gains access to a server in
the ISP network may gain access to other
servers on the site.
• Additional security is necessary.
DMZ
• Demilitarized zone
• Neither part of the internal network nor
part of the Internet
• Never offer attackers more to work with
than is absolutely necessary
Critical Resources for Firewall
Scenarios
SERVICE CRITICAL RESOURCE
Email Disk I/O
Netnews Disk I/O
Web Host OS Socket Performance
IP Routing Host OS Socket Performance
Web Cache Host OS Socket Performance, Disk
I/O
Firewall Scenario
• Microsoft Internet Security and
Acceleration (ISA) Server as a Dedicated
Server
Network Configuration
• Single Computer
• Small Office Network
– Less than 250 Clients
– IP Network Protocol
– Demand Dial Connectivity
• Larger Organization
– Array of ISA Server
Internet
ISA Server
Local Area Network
Setting up Clients
• Firewall client software installed
• Firewall clients identified and fully
authenticated by ISA Server
• Site and contents rule may limit access
• Secure Network Address Translation
(NAT) – if not deploying client software
to all its users
Web Proxy Clients
• Web browser configured that proxy
Server is ISA Server Computer
• Proxy Server Port on Web browser set to
8080
• Web Request on ISA are set to 8080
Do I really allow everything that
users ask for?
• Entirely possible answer is “NO”
• Each site has its own policies.
• “Education” is needed – Accomplish their
objective in a secure manner
• How to work thru the firewall for:
Streaming Video, Real-time chat
Web/HTTP, DNS, FTP, Telnet……
Software
• Firewall Windows
– Zone Alarm
– Winroute
– Trojan Trap - Trojan Horse
• Firewall Linux
– Iptables
• Firewall Mac
– Netbarrier
Implementing Firewall –
An Example
• Using Winroute as a software router for
a small LAN.
• Using Trojan Trap as protection against
active code attack.
• Software installation.
• Firewall configuration.
• Test and scan.
Firewall software comparison
Winroute
• Routing using NAT(Network Address
Translation)
• Packet filtering
• Port mapping
• Anti-spoofing
• VPN support
• DNS, DHCP
• Remote adminstration
Configuration and Rule Sets
•
Setup Winroute for LAN
• Winroute-PC should at least have 2
NICs
• Check that all IP addresses are pingable
• Validate NAT on the Winroute-PC
• Deactivate NAT on the NIC connected
to internal LAN
Setup Winroute for LAN
• No gateway configured on your local
interface of the Winroute-PC
• Configure forwarding options
• On each internal PC configure the
default gateway
• On each internal PC configure the DNS
server
Scan and Test
• http://scan.sygatetech.com/
• http://www.csnc.ch/onlinetests/
• http://grc.com/
• http://hackerwhacker.com/
Trojan Trap
• Resources protection – restrict access to
system resources by unknown
application
• Application control
• Content filtering
• IP ports monitoring
Hardware Firewall
• What is it?
• What it does.
• An example.
• Firewall use.
• What it protects you from.
Hardware Firewall (Cont.)
• What is it?
 It is just a software firewall running on a dedicated
piece of hardware or specialized device.
 Basically, it is a barrier to keep destructive forces
away from your property.
 You can use a firewall to protect your home
network and family from offensive Web sites and
potential hackers.
Hardware Firewall (Cont.)
• What it does !
 It is a hardware device that filters the
information coming through the Internet
connection into your private network or
computer system.
 An incoming packet of information is flagged by
the filters, it is not allowed through.
Hardware Firewall (Cont.)
• An example !
Hardware Firewall (Cont.)
• Firewalls use:
 Firewalls use one or more of three methods to control
traffic flowing in and out of the network:
– Packet filtering
– Proxy service
– State-full inspection
Hardware Firewall (Cont.)
• Packet filtering - Packets are analyzed against a set of
filters.
• Proxy service - Information from the Internet is
retrieved by the firewall and then sent to the requesting
system and vice versa.
• State-full inspection – It compares certain key parts
of the packet to a database of trusted information.
Information traveling from inside to the outside is
monitored for specific defining characteristics, then
incoming information is compared to these
characteristics.
Hardware Firewall (Cont.)
• What it protects you from:
– Remote logins
– Application backdoors
– SMTP session hijacking
– E-mail Addresses
– Spam
– Denial of service
– E-mail bombs
 E-mail sent 1000’s of times till mailbox is full
 Macros
 Viruses
Software Firewall
• What it is?
– Also called Application Level Firewalls
– It is firewall that operate at the Application
Layer of the OSI
– They filter packets at the network layer
– It Operating between the Datalink Layer and
the Network Layer
– It monitor the communication type (TCP,
UDP, ICMP, etc.) as well as the origination of
the packet, destination port of the packet, and
application (program) the packet is coming
from or headed to.
Software Firewall (Cont.)
• How does software firewall works ?
Software Firewall (Cont.)
• Benefit of using application firewalls:
– allow direct connection between client and host
– ability to report to intrusion detection software
– equipped with a certain level of logic
– Make intelligent decisions
– configured to check for a known Vulnerability
– large amount of logging
Software Firewall (Cont.)
• Benefit of application firewalls (Cont.)
 easier to track when a potential vulnerability happens
 protect against new vulnerabilities before they are found
and exploited
 ability to "understand" applications specific information
structure
 Incoming or outgoing packets cannot access services for
which there is no proxy
Software Firewall (Cont.)
• Disadvantage of Firewall:
 slow down network access dramatically
 more susceptible to distributed denial of service (DDOS)
attacks.
 not transparent to end users
 require manual configuration of each client computer
Top Picks Personal Firewalls
• Norton Personal Firewall
• ZoneAlarm Free/Plus/Pro
Conclusion
Web References
• firewall.com
• firewall-net.com
• firewallguide.com
• msdn.microsoft.com
• winroute.com
• tinysoftware.com
• sunsite.unc.edu
Benefits of Firewall-Summary
• Prevent intrusion
• Choke point for security audit
• Reduce attacks by hackers
• Hide network behind a single IP
address
• Part of total network security policy
References
http:// www.howstuffworks.com
http://www.microsoft.com
http://www.securityfocus.com
http://grace.com/us-firewalls.htm
http://www.kerio.com/us/supp_kpf_manual.html
http://www.broadbandreports.com/faq/security/2.
.
http://www.firewall-software.com
Hacking
© N. Ganesan, Ph.D.
IP Spoofing
• IP spoofing is when an attacker captures the
routing packets to redirect a file or transmission to
a different destination.
• The technique is also effective in disguising an
attacker's identity.
• Protocols that deal with inter-computer
communication are most susceptible to
spoofing,e.g., ICMP, IGMP and UDP.
• Solution is securing transmission packets and
establishing screening policies, point to point
encryption, configuring network to reject packets
that claim to originate from a local address.
FTP Attacks
One of the most common FTP attacks is a buffer
overflow caused by a malformed command.
A successful attack could either drop the attacker in
a command shell or cause a denial of service.
Failure to apply the frequently released system
upgrades and patches is the most common cause of
FTP vulnerabilities.
FTP exploits are also useful in password guessing ,
FTP bounce attacks, and mining information (such
as the machine's registry).
Unix Finger Exploits
The Unix OS finger utility was used as an efficient
way to share user information in the early days of
the Internet.
To an attacker, the Finger utility can yield valuable
information, including user names, logons and
contact information.
It also provides a pretty good indication of users'
activities like how many times they are logged on.
The personal information it reveals can provide an
attacker with enough of a framework to trick
legitimate users into revealing passwords and
access codes.
Flooding and Broadcasting
An attacker can significantly reduce the processing
capacity of a network by sending more information
requests than it can handle-a classic denial of
service.
Sending a large amount of requests to a single port
is Flooding. When the requests are sent to all
network stations, it's called broadcasting.
 Attackers will often use flood attacks to gain access
to a system for use against other networks in
distributed denial-of-service (DDoS) campaigns.
DDoS attacks are harder to stop because they come
from multiple IP addresses simultaneously. The
only solution is to trace the packets back to their
source and shutdown the transmitting networks.
Fragmented Packet Attacks
Internet messages transmitted via TCP/IP can be
divided into packets in such a way that only the
first packet contains the TCP segment header
information.
Some firewalls will allow the processing of
subsequent packets that do not contain the same
source address information as the first packet,
which can cause any type of system to crash.
Fragmented packets can also create a flood-like
situation because they are stored in the Kernel. The
server will crash if the kernel memory absorbs too
many fragmented packets.
Solution : Firewall Filters
Email Exploits
E-mail exploits come in five forms: mail floods,
command manipulations, transport-level attacks,
malicious code insertion and social engineering.
Mail-flood attacks occur when so much mail is sent
to a target that communication programs destabilize
and crash the system.
Command-manipulation attacks can cause a system
to crash by subverting the mail transfer agent with a
buffer overflow caused by entering a malformed
command.
Email Exploits (Contd…)
Transport-level attacks exploit the SMTP. An
attacker can cause a temporary error condition in
the target system by overloading an SMTP buffer
with more data than it can handle.
Malicious content is often propagated through e-
mail systems. Some viruses and worms will be
carried into a system appearing as a legitimate
attachment
Social engineering e-mails are an attacker's attempt
to trick a legitimate user into revealing sensitive
information or executing a task. E.g., posing as a
network administrator to get your password for
Password Attacks
The most common password attacks are guessing,
brute force, cracking and sniffing.
Password guessing involves entering common
passwords either manually or through programmed
scripts.
Brute-force logon attacks follow the same basic logic
as password guessing, but are faster and more
powerful.
Password cracking is a method for defeating the
protection of encrypted passwords stored in a
system's admin files.
Because an attacker needs a significant level of
Selective Program Insertions
A selective program insertion is when an attacker
places a destructive program—a virus, worm or
Trojan horse--on a target system.
Some network administrators are augmenting their
malware defenses with alternative technologies
such as behavior blockers, which stop suspicious
code based on behavior patterns, not signatures.
A time bomb, sometimes called a logic bomb, is an
inserted program that executes its malicious
payload on a predetermined time or date.
Port Scanning and Polling
Through port scanning and polling, an attacker can
observe the functions and defenses of various
system ports.
For example, scanning could be used to determine
whether default SNMP community strings are open
to the public, meaning information can be extracted
for use in a remote command attack.
TCP/IP Sequence Stealing & Packet
Interception
TCP/IP sequence stealing is the capturing of
sequence numbers, which can be used to
make an attacker's packets appear legitimate.
A successful TCP/IP attack could allow an
attacker to intercept transactions between
two organizations, providing an opportunity
for a man-in-the-middle attack.
In some versions of Secured Shell Service
Daemon (SSHD), only the public key is used
for authentication. If an attacker learns the
public key, he could create and insert forged
Observations and Suggestions
Various firms
Install firewall, but never upgrade them.
Do massive Website improvements without
making parallel security improvements.
The best way to safeguard a website from
attack is to approach security as the ongoing
challenge rather than a one time effort.
Port Scanning Using PortQry
• What is port scanning?
• Using PortQry
(the Portqry.exe command-line utility)
What Is Port Scanning?
• Network
applications use
TCP/UDP ports
• Clients connect to
applications using
ports
• Port scanning is the
process of checking
whether a port is
open
TCP and UDP in
TCP/IP protocol architecture
Port Numbers
• The Well Known Ports are those from 0
through 1023.
• The Registered Ports are those from 1024
through 49151.
• The Dynamic and/or Private Ports are those
from 49152 through 65535.
http://www.iana.org/assignments/port-numbers
ftp://ftp.isi.edu/in-notes/rfc1700.txt
Well-know TCP / UDP ports
TCP Port Number Description
20 FTP (Data Channel)
21 FTP (Control Channel)
23 Telnet
80 HyperText Transfer Protocol (HTTP)
used for the World Wide Web
139 NetBIOS session service
UDP Port Number Description
53 Domain Name System (DNS) Name
Queries
69 Trivial File Transfer Protocol (TFTP)
137 NetBIOS name service
138 NetBIOS datagram service
161 Simple Network Management Protocol
(SNMP)
Port Scanning for TCP
• TCP ports use
"three-way
handshake"
• Successful
handshake means
port is listening
• TCP Reset packet
means port is not
listening
• No response means
port is filtered
Port Scanning for UDP
• UDP ports do not use
"three-way handshake"
• Send UDP packet to
port and wait for
response
• Most applications will
not respond to zero-
length packets
• Formatted packet is
necessary to get a
response
• Most port scanners do
not scan UDP ports
What Is Port Scanning used for?
Use port scanning
to:
• Test connectivity
• Test security
Using PortQry
•PortQry is designed as an
application layer port scanner
•It checks whether TCP and UDP
ports are open, closed, or filtered
•It determines if UDP ports are open
using packets formatted for well
known services
Portqry is available for download on the Microsoft Web site at:
http://download.microsoft.com/download/win2000adserv/Utility/1.0
/NT5/EN-US/portqry.exe
PortQry Supports:
• LDAP
• RPC
• DNS
• SMTP
• POP3
• IMAP4
• FTP
• NetBIOS Name Service
Status of a TCP/IP port
• Listening
– A process is listening on the port on the computer you choose.
Portqry.exe received a response from the port.
• Not Listening
– No process is listening on the target port on the target system.
Portqry.exe received an Internet Control Message Protocol (ICMP)
"Destination Unreachable - Port Unreachable" message back from
the target UDP port. Or if the target port is a TCP port, Portqry
received a TCP acknowledgement packet with the Reset flag set.
• Filtered
– The port on the computer you chose is being filtered.
Portqry.exe did not receive a response from the port. A
process may or may not be listening on the port. By default,
TCP ports are queried three times and UDP ports are
queried once before a report indicates that the port is
filtered.
PortQry Usage
portqry -n server [-p protocol] [-e || -r || -o endpoint(s)] [-l logfile] [-
s] [-q]
Where:
-n [server] IP address or name of server to query
-p [protocol] TCP or UDP or BOTH (default is TCP)
-e [endpoint] single port to query (valid range: 1-65535)
-r [end point range] range of ports to query (start:end)
-o [end point order] range of ports to query in an order (x,y,z)
-l [logfile] name of log file to create
-s 'slow link delay' waits longer for UDP replies from remote systems
-q 'quiet' operation runs with no output
returns 0 if port is listening
returns 1 if port is not listening
returns 2 if port is listening or filtered
portqry -n myserver -p UDP -e 389Returns LDAP base query information
UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...
LDAP query response:
currentdate: 09/03/2001 05:42:40 (unadjusted GMT)
subschemaSubentry:
CN=Aggregate,CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com
dsServiceName: CN=NTDS Settings,CN=RED-DC-11,CN=Servers,CN=NA-WA-
RED,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com
namingContexts: DC=redmond,DC=eu,DC=reskit,DC=com
defaultNamingContext: DC=redmond,DC=eu,DC=reskit,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com
configurationNamingContext: CN=Configuration,DC=eu,DC=reskit,DC=com
rootDomainNamingContext: DC=eu,DC=reskit,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 4259431
supportedSASLMechanisms: GSSAPI
dnsHostName: myserver.eu.reskit.com
ldapServiceName: eu.reskit.com:myserver$@eu.RESKIT.COM
serverName:
CN=MYSERVER,CN=Servers,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
======== End of LDAP query response ========
UDP port 389 is LISTENING
portqry -n myserver -p UDP -e 135
Dumps RPC EndPoint Mapper database
UDP port 135 (epmap service): LISTENING or FILTERED
Querying Endpoint Mapper Database...
Server's response:
UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076
ncacn_ip_tcp:169.254.12.191[4144]
UUID: ecec0d70-a603-11d0-96b1-00a0c91ece30 NTDS Backup Interface
ncacn_np:MYSERVER[PIPElsass]
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
ncacn_ip_tcp:169.254.12.191[1030]
UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
ncadg_ip_udp:169.254.12.191[1032]
UUID: 12345678-1234-abcd-ef00-01234567cffb
ncacn_np:MYSERVER[PIPElsass]
UUID: 12345678-1234-abcd-ef00-01234567cffb
ncacn_np:MYSERVER[PIPEPOLICYAGENT]
Total endpoints found: 6
==== End of RPC Endpoint Mapper query response ====
UDP port 135 is LISTENING
portqry -n myserver -p UDP -e 53
• Verifies DNS query and response
operation
UDP port 53 (domain service): LISTENING or
FILTERED
Sending DNS query to UDP port 53...
UDP port 53 (domain service): LISTENING
portqry -n MyMailServer -p TCP -e 25
• Returns SMTP, POP3, IMAP4 status
messages
TCP port 25 (SMTP service): LISTENING
Data returned from the port:
220 MyMailServer.eu.reskit.com Microsoft ESMTP MAIL
Service, Version: 5.0.2195.2966 ready at Sun, 2 Sep 2001
23:24:30 -0700
portqry -n MyFtpServer -p TCP -e 21
•Returns FTP status message and tests
for anonymous account access
220 MyFtpServer Microsoft FTP Service (Version 5.0).
331 Anonymous access allowed, send identity (e-
mail name) as password.
portqry -n myserver -p UDP -e 137
• Verifies NetBIOS Name Service
functionality and returns MAC address
UDP port 137 (netbios-ns service): LISTENING or FILTERED
Attempting NETBIOS adapter status query to UDP port 137...
Server's response: MAC address 00c04f7946f0
UDP port: LISTENING
Query behavior configurable
using local service file
• Located in
%systemroot
%/system32/drivers/etc/service
• Resolves service name using this file
• Decides what type of query to send to
port using this file
References
• http://www.tlc.discovery.com/convergence/hackers/hack
• http://www.tuxedo.org/~esr/faqs/hacker-howto.html
• http://www.iss.net/security_center/advice/Underground
• http://www.infosecuritymag.com/articles/march01/featu
• http://www.nmrc.org/faqs/www/wsec09.html
• http://www.microsoft.com/. Tim RainsTim Rains •• Technical LeadTechnical Lead ••
Networking TeamNetworking Team
• Q310099, "Description of the Portqry.exe Command-
Line Utility"

More Related Content

What's hot

Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Steps For Protecting Your Mobile Life for Enterprises and Consumers
Steps For Protecting Your Mobile Life for Enterprises and ConsumersSteps For Protecting Your Mobile Life for Enterprises and Consumers
Steps For Protecting Your Mobile Life for Enterprises and ConsumersJuniper Networks
 
Cs8792 cns - unit v
Cs8792   cns - unit vCs8792   cns - unit v
Cs8792 cns - unit vArthyR3
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Wireless Communiction Security
Wireless Communiction SecurityWireless Communiction Security
Wireless Communiction SecurityMeet Soni
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
 

What's hot (19)

Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Steps For Protecting Your Mobile Life for Enterprises and Consumers
Steps For Protecting Your Mobile Life for Enterprises and ConsumersSteps For Protecting Your Mobile Life for Enterprises and Consumers
Steps For Protecting Your Mobile Life for Enterprises and Consumers
 
Network security
 Network security Network security
Network security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cs8792 cns - unit v
Cs8792   cns - unit vCs8792   cns - unit v
Cs8792 cns - unit v
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You Think
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
 
Security
Security Security
Security
 
Bt33430435
Bt33430435Bt33430435
Bt33430435
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
11.bluetooth security
11.bluetooth security11.bluetooth security
11.bluetooth security
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Mobile slide
Mobile slideMobile slide
Mobile slide
 
Wireless Communiction Security
Wireless Communiction SecurityWireless Communiction Security
Wireless Communiction Security
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 

Similar to Firewalls

2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxgouriuplenchwar63
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information TransparencyUsman Arshad
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectivePragati Rai
 
Network and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan AnjumNetwork and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan AnjumHassaan Anjum
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxpdevang
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
Class 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crimeClass 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crimeNithilan1
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkCisco Security
 

Similar to Firewalls (20)

Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Network Security
Network SecurityNetwork Security
Network Security
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
Security Requirements in eBusiness
Security Requirements in eBusinessSecurity Requirements in eBusiness
Security Requirements in eBusiness
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
 
Network and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan AnjumNetwork and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan Anjum
 
Security Issues in Internet of Things
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptx
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & security
 
Class 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crimeClass 11 ca chapter 17 computer ethics and cyber crime
Class 11 ca chapter 17 computer ethics and cyber crime
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
 

Recently uploaded

Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 

Recently uploaded (20)

Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 

Firewalls

  • 1. Introduction to Network Security © N. Ganesan, Ph.D.
  • 3. Acknowledgements • Who Are You Really?, by Tim Sigmon Director, Advanced Technology Group, Office of Information Technologies, University of Virginia • Student project presentation by Rickie Johnson
  • 4. Chapter Focus • Definition of biometrics • Biometrics techniques • Strengths and weaknesses • Major Products • Summary
  • 5. What is Biometrics? • Access control based on unique human characteristics – Characteristics can be both physiological and behavioral • Access in this case means access to computers and computing resources • Examples – Fingerprints – Eye retina characteristics etc.
  • 6. An Example • Control access to a computer based on the fingerprint of the user – A fingerprint recognition unit attached to the computer via the USB port may be used for this purpose
  • 7. Some Biometrics Techniques • Eye Scanning • Fingerprint scanning • Hand scanning • Face recognition • Voice recognition • Signature recognition (DSV) • Keystroke recognition
  • 8. More Human Characteristics for Biometrics • Wrist veins • Ear shape • Body odor • DNA
  • 9. • Excellent continue with the viriginia university article • http://www.itc.virginia.edu/virginia.edu/s
  • 10. Eye Scanning • Two major techniques – Iris scanning and retina scanning • Offers the highest level of security
  • 11. Fingerprints • Generally considered as highly accurate • Not as accurate as retinal scanning • Varying fingerprints due to dirt, dry hands, cracked skin, gender may affect the fingerprints that in turn can affect the fingerprint recognition system • Can be used for controlling access to computers
  • 12. Hand Scanning • Scanning may be based on the 3-Shape and size of the hand that may include lengths, widths, thickness, and surface areas • Not as accurate as fingerprinting • Not used for authorizing access to computers, in general – Used in general to give door entry access, tracking time, attendance etc.
  • 13. Accuracy of Biometrics Systems • False Acceptance Rate (FAR) • False Rejection Rate (FRR) • An equal error rate may be chosen to balance FAR against FRA
  • 14. Retinal Scanning User Looks Into a Viewer and Focuses on a Point; Infrared Light Scans Retina Iris Scanning User looks at a camera (distance from camera increasing rapidly to 2-3 feet)
  • 18. User speaks into a microphone or other device, such as a telephone handset Signature Recognition Keystroke Recognition User signs name on a device User types standard sample on keyboard Voice Recognition & DSV Other Techniques
  • 19. Strengths, and Weakness Retina Iris Fingerprint Hand/Finger Geometry Face Recognition Voice Recognition Signature Recognition Keystroke Recognition
  • 20. Technique Strengths Retina Highly accurate Iris Highly accurate; works with eyeglasses; more acceptable to users than retina scan Fingerprint Mature technology; highly accurate; low cost; small size, becoming widely acceptable Hand/Finger Geometry accurate and flexible; widely acceptable to users Face Recognition Widely acceptable to users; low cost; no direct contact; passive monitoring possible Voice Recognition Usable over existing telephone system; good for remote access and monitoring; Signature Recognition Widely acceptable to users Keystroke Recognition Widely acceptable to users; low cost; uses existing hardware
  • 21. Technique Weaknesses Retina Inconvenient for persons with eyeglasses; dislike contact with device and light beam Iris New technology, cost, although this is rapidly changing Fingerprint Users can create high FRR; some persons dislike contact with device Hand/Finger Geometry User interface is bulky; dislike contact with device Face Recognition Face recognition is less accurate than other methods Voice Recognition Less accuracy; subject to background noise Signature Recognition Less accuracy; not widely used yet, but has potential with PDAs Keystroke Recognition Less accuracy;
  • 22. FAR & FRR FAR(False Acceptance rate) – refers to how often the system accepts someone it should reject AND FRR(False Rejection Rate) is how often the system rejects someone it shouldn’t.
  • 23. FAR Accept wrong person FRR Reject the correct person HighSecurity LevelLow Relation of FAR and FRR
  • 24. Major Players • Computer access • Physical access • Handheld devices • Military/Govt. Agencies/DOD • Financial services • Hospitals • Telecommunication
  • 25. Summary • As biometric technology advances, the cost of systems will decrease. • At the same time, biometrics systems will become increasingly sophisticated and accurate. • Scientist will physical and behavioral traits will increase the usefulness of biometrics. • The general public will gradually come to accept biometric system.
  • 26. References Fuller, Scott and Pagan, Kevin 1997. Intranet Firewalls “Planning and Implementing Your Network Security System.” Ventana Communications Group, Inc. Conry-Murray, Andrew. Network Magazine. Oct. 1, 2002. p28 Securing End Users from Attack. McCollum, T. Security concerns prompt new initiatives. The Internal Auditor. Oct. 2002. Short, Bob. September 2002. Getting the 411 on Biometrics. Security Magazine. p48. Tocci, Salvatore. 2000. High-Tech IDs: From Finger Scans To Voice Patterns. Grolier Publishing Mitnick, Kevin & Simon, William L. The Art of Deception: Controlling the Human Element of Security. Library Journal.
  • 27. Notes • Threats • Hacking • Firewalls • Managing Security
  • 30. What is a Firewall?* • A firewall isolates two networks from one another to enforce security • A network in this case may consist of one or more computers • The firewall inspects each individual “packet” of data as it arrives at either side of the firewall — inbound or outbound and determines whether the data packet should be allowed to pass or be blocked.
  • 31. Types of Firewall • Hardware based such as the Dlink firewall • Software based such as Zone Alarm
  • 32. Hardware Firewalls • CISCO • Dlink • Linksys
  • 33. General Firewall Features • Port Control, Application Monitoring (Program Control) and Packet Filtering. • Additional features: Data encryption, hiding presence, reporting/logging, e- mail virus protection, pop-up ad blocking, cookie digestion, spy ware protection, laptop protection.
  • 34. Do Firewalls Prevent Viruses and Trojans?* • NO!! A firewall can only prevent a virus or Trojan from accessing the internet while on your machine. • 95% of all viruses and Trojans are received via e-mail, through file sharing (like Kazaa or Gnucleus) or through direct download of a malicious program. • Firewalls can't prevent this - only a good anti- virus software program can.
  • 35. Firewall Protection for Viruses and Trojans* • However, once installed on your PC, many viruses and Trojans "call home" using the internet to the hacker that designed it. • This lets the hacker activate the Trojan and he/she can now use your PC for his/her own purposes. • A firewall can block the call home and can alert you if there is suspicious behavior taking place on your system.
  • 36. Some Hardware Firewall Features* • Offers IP security and internet key exchange network encryption. • Integrated firewall functions. • Network address translation. • Encrypted SNMP management traffic.
  • 37. Some Software Firewalls • Zone Alarm • Microsoft • Mcafee • Norton
  • 38. Basic Types • Network Layer • Application Layer
  • 39. Network Layer • Makes decision based on the source, destination addresses, and ports in individual IP packets. • Based on routers. • Has the ability to perform static and dynamic packet filtering and stateful inspection.
  • 40. Static & Dynamic Filtering • Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports. Offers little protection. • Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.
  • 41. Stateful inspection • Compares certain key parts of the packet to a database of trusted information. Incoming information is compared to outgoing information characteristics. Information is allowed through only If comparison yields a reasonable match.
  • 42. Application Layer • They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network. • Logging and access control are done through software components.
  • 43. Proxy Services • Application that mediates traffic between a protected network and the internet. • Able to understand the application protocol being utilized and implement protocol specific security. • App. Protocols include: FTP, HTTP, Telnet etc.
  • 44. • 1. Trojan horse programs • 2. Back door and remote administration programs • 3. Denial of service • 4. Being an intermediary for another attack • 5. Unprotected Windows shares • 6. Mobile code (Java, JavaScript, and ActiveX) • 7. Cross-site scripting • 8. Email spoofing • 9. Email-borne viruses • 10. Hidden file extensions • 11. Chat clients • 12. Packet sniffing
  • 45. Possible threats • Port Scans • Buffer overflow attacks • Denial of Service (DoS) attacks • Active Code: Trojan horse, worms • Application / Operation system bugs or backdoor • Remote login, SMTP session hijacking, E- mail bombs, Spam, Redirect bombs, Source routing:
  • 46. Port Scans • When hackers remotely spy on your computers to see what software and services they have. • Port scans are common but with a properly configured and maintained firewall you can restrict access.
  • 47. Buffer overflow attacks • Involve sending data to a vulnerable program in such a way that the program crashes allowing a hacker to get remote control of the computer. • Such an attack can be traced back.
  • 48. Denial of Service Attacks • Involves sending bogus traffic so that the company is unable to respond to legitimate service requests from employees and customers. • A properly configured and maintained firewall can minimize the damage.
  • 49. Active Code Attack • Attack using active codes (ActiveX, Java, VB script) executed by browser, also known as Trojan horse, worm. • Traditional firewall cannot protect against active code or virus very well.
  • 50. Firewall Architecture • Dial-up Architecture • Single Router Architecture • Firewall with Proxy Server • Redundant Internet Configuration
  • 52. 2. Single Router Architecture Firewall System Workstation/sLAN (HUB ) DMZ (HUB) Router or Cable Modem Outside Server Internet * Can setup filter rules in the router.
  • 53. 3. Firewall with Proxy Server(1 Internet Proxy/ Firewall System Workstation/sLAN (HUB ) * Integrate a proxy server into the firewall.
  • 54. 4. Firewall with Proxy Server(2) Internet Firewall System LAN (HUB ) Workstation/s Proxy Server 1. Proxy server on the LAN 2. Firewall have rules to only allow proxy server to connect to Internet
  • 55. 5. Redundant Internet Configuration LAN (HUB ) Firewall System Workstation/s Proxy Server Router (DMZ) (HUB) WS/s VPN Outside Server Shared Server (WAN) (HUB) Partners ISP #1 ISP #2 * Objective: 100 % Uptime service
  • 56. Single Point of Failure • An architecture whose security hinges upon one mechanism • Redundant Rule on Host or Router
  • 57. Using a Single Firewall Configuration • Advantage • ISP network is separated from other networks – limiting the intrusion • One firewall to purchase and manage. • Internal network is not dependent on the Web Site environment. • Implemented easily in an existing architecture.
  • 58. Using a Single Firewall Configuration • Disadvantage • An intruder who gains access to a server in the ISP network may gain access to other servers on the site. • Additional security is necessary.
  • 59. DMZ • Demilitarized zone • Neither part of the internal network nor part of the Internet • Never offer attackers more to work with than is absolutely necessary
  • 60. Critical Resources for Firewall Scenarios SERVICE CRITICAL RESOURCE Email Disk I/O Netnews Disk I/O Web Host OS Socket Performance IP Routing Host OS Socket Performance Web Cache Host OS Socket Performance, Disk I/O
  • 61. Firewall Scenario • Microsoft Internet Security and Acceleration (ISA) Server as a Dedicated Server
  • 62. Network Configuration • Single Computer • Small Office Network – Less than 250 Clients – IP Network Protocol – Demand Dial Connectivity • Larger Organization – Array of ISA Server Internet ISA Server Local Area Network
  • 63. Setting up Clients • Firewall client software installed • Firewall clients identified and fully authenticated by ISA Server • Site and contents rule may limit access • Secure Network Address Translation (NAT) – if not deploying client software to all its users
  • 64. Web Proxy Clients • Web browser configured that proxy Server is ISA Server Computer • Proxy Server Port on Web browser set to 8080 • Web Request on ISA are set to 8080
  • 65. Do I really allow everything that users ask for? • Entirely possible answer is “NO” • Each site has its own policies. • “Education” is needed – Accomplish their objective in a secure manner • How to work thru the firewall for: Streaming Video, Real-time chat Web/HTTP, DNS, FTP, Telnet……
  • 66. Software • Firewall Windows – Zone Alarm – Winroute – Trojan Trap - Trojan Horse • Firewall Linux – Iptables • Firewall Mac – Netbarrier
  • 67. Implementing Firewall – An Example • Using Winroute as a software router for a small LAN. • Using Trojan Trap as protection against active code attack. • Software installation. • Firewall configuration. • Test and scan.
  • 69. Winroute • Routing using NAT(Network Address Translation) • Packet filtering • Port mapping • Anti-spoofing • VPN support • DNS, DHCP • Remote adminstration
  • 71. Setup Winroute for LAN • Winroute-PC should at least have 2 NICs • Check that all IP addresses are pingable • Validate NAT on the Winroute-PC • Deactivate NAT on the NIC connected to internal LAN
  • 72. Setup Winroute for LAN • No gateway configured on your local interface of the Winroute-PC • Configure forwarding options • On each internal PC configure the default gateway • On each internal PC configure the DNS server
  • 73. Scan and Test • http://scan.sygatetech.com/ • http://www.csnc.ch/onlinetests/ • http://grc.com/ • http://hackerwhacker.com/
  • 74. Trojan Trap • Resources protection – restrict access to system resources by unknown application • Application control • Content filtering • IP ports monitoring
  • 75. Hardware Firewall • What is it? • What it does. • An example. • Firewall use. • What it protects you from.
  • 76. Hardware Firewall (Cont.) • What is it?  It is just a software firewall running on a dedicated piece of hardware or specialized device.  Basically, it is a barrier to keep destructive forces away from your property.  You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
  • 77. Hardware Firewall (Cont.) • What it does !  It is a hardware device that filters the information coming through the Internet connection into your private network or computer system.  An incoming packet of information is flagged by the filters, it is not allowed through.
  • 79. Hardware Firewall (Cont.) • Firewalls use:  Firewalls use one or more of three methods to control traffic flowing in and out of the network: – Packet filtering – Proxy service – State-full inspection
  • 80. Hardware Firewall (Cont.) • Packet filtering - Packets are analyzed against a set of filters. • Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. • State-full inspection – It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.
  • 81. Hardware Firewall (Cont.) • What it protects you from: – Remote logins – Application backdoors – SMTP session hijacking – E-mail Addresses – Spam – Denial of service – E-mail bombs  E-mail sent 1000’s of times till mailbox is full  Macros  Viruses
  • 82. Software Firewall • What it is? – Also called Application Level Firewalls – It is firewall that operate at the Application Layer of the OSI – They filter packets at the network layer – It Operating between the Datalink Layer and the Network Layer – It monitor the communication type (TCP, UDP, ICMP, etc.) as well as the origination of the packet, destination port of the packet, and application (program) the packet is coming from or headed to.
  • 83. Software Firewall (Cont.) • How does software firewall works ?
  • 84. Software Firewall (Cont.) • Benefit of using application firewalls: – allow direct connection between client and host – ability to report to intrusion detection software – equipped with a certain level of logic – Make intelligent decisions – configured to check for a known Vulnerability – large amount of logging
  • 85. Software Firewall (Cont.) • Benefit of application firewalls (Cont.)  easier to track when a potential vulnerability happens  protect against new vulnerabilities before they are found and exploited  ability to "understand" applications specific information structure  Incoming or outgoing packets cannot access services for which there is no proxy
  • 86. Software Firewall (Cont.) • Disadvantage of Firewall:  slow down network access dramatically  more susceptible to distributed denial of service (DDOS) attacks.  not transparent to end users  require manual configuration of each client computer
  • 87. Top Picks Personal Firewalls • Norton Personal Firewall • ZoneAlarm Free/Plus/Pro
  • 89. Web References • firewall.com • firewall-net.com • firewallguide.com • msdn.microsoft.com • winroute.com • tinysoftware.com • sunsite.unc.edu
  • 90. Benefits of Firewall-Summary • Prevent intrusion • Choke point for security audit • Reduce attacks by hackers • Hide network behind a single IP address • Part of total network security policy
  • 93. IP Spoofing • IP spoofing is when an attacker captures the routing packets to redirect a file or transmission to a different destination. • The technique is also effective in disguising an attacker's identity. • Protocols that deal with inter-computer communication are most susceptible to spoofing,e.g., ICMP, IGMP and UDP. • Solution is securing transmission packets and establishing screening policies, point to point encryption, configuring network to reject packets that claim to originate from a local address.
  • 94. FTP Attacks One of the most common FTP attacks is a buffer overflow caused by a malformed command. A successful attack could either drop the attacker in a command shell or cause a denial of service. Failure to apply the frequently released system upgrades and patches is the most common cause of FTP vulnerabilities. FTP exploits are also useful in password guessing , FTP bounce attacks, and mining information (such as the machine's registry).
  • 95. Unix Finger Exploits The Unix OS finger utility was used as an efficient way to share user information in the early days of the Internet. To an attacker, the Finger utility can yield valuable information, including user names, logons and contact information. It also provides a pretty good indication of users' activities like how many times they are logged on. The personal information it reveals can provide an attacker with enough of a framework to trick legitimate users into revealing passwords and access codes.
  • 96. Flooding and Broadcasting An attacker can significantly reduce the processing capacity of a network by sending more information requests than it can handle-a classic denial of service. Sending a large amount of requests to a single port is Flooding. When the requests are sent to all network stations, it's called broadcasting.  Attackers will often use flood attacks to gain access to a system for use against other networks in distributed denial-of-service (DDoS) campaigns. DDoS attacks are harder to stop because they come from multiple IP addresses simultaneously. The only solution is to trace the packets back to their source and shutdown the transmitting networks.
  • 97. Fragmented Packet Attacks Internet messages transmitted via TCP/IP can be divided into packets in such a way that only the first packet contains the TCP segment header information. Some firewalls will allow the processing of subsequent packets that do not contain the same source address information as the first packet, which can cause any type of system to crash. Fragmented packets can also create a flood-like situation because they are stored in the Kernel. The server will crash if the kernel memory absorbs too many fragmented packets. Solution : Firewall Filters
  • 98. Email Exploits E-mail exploits come in five forms: mail floods, command manipulations, transport-level attacks, malicious code insertion and social engineering. Mail-flood attacks occur when so much mail is sent to a target that communication programs destabilize and crash the system. Command-manipulation attacks can cause a system to crash by subverting the mail transfer agent with a buffer overflow caused by entering a malformed command.
  • 99. Email Exploits (Contd…) Transport-level attacks exploit the SMTP. An attacker can cause a temporary error condition in the target system by overloading an SMTP buffer with more data than it can handle. Malicious content is often propagated through e- mail systems. Some viruses and worms will be carried into a system appearing as a legitimate attachment Social engineering e-mails are an attacker's attempt to trick a legitimate user into revealing sensitive information or executing a task. E.g., posing as a network administrator to get your password for
  • 100. Password Attacks The most common password attacks are guessing, brute force, cracking and sniffing. Password guessing involves entering common passwords either manually or through programmed scripts. Brute-force logon attacks follow the same basic logic as password guessing, but are faster and more powerful. Password cracking is a method for defeating the protection of encrypted passwords stored in a system's admin files. Because an attacker needs a significant level of
  • 101. Selective Program Insertions A selective program insertion is when an attacker places a destructive program—a virus, worm or Trojan horse--on a target system. Some network administrators are augmenting their malware defenses with alternative technologies such as behavior blockers, which stop suspicious code based on behavior patterns, not signatures. A time bomb, sometimes called a logic bomb, is an inserted program that executes its malicious payload on a predetermined time or date.
  • 102. Port Scanning and Polling Through port scanning and polling, an attacker can observe the functions and defenses of various system ports. For example, scanning could be used to determine whether default SNMP community strings are open to the public, meaning information can be extracted for use in a remote command attack.
  • 103. TCP/IP Sequence Stealing & Packet Interception TCP/IP sequence stealing is the capturing of sequence numbers, which can be used to make an attacker's packets appear legitimate. A successful TCP/IP attack could allow an attacker to intercept transactions between two organizations, providing an opportunity for a man-in-the-middle attack. In some versions of Secured Shell Service Daemon (SSHD), only the public key is used for authentication. If an attacker learns the public key, he could create and insert forged
  • 104. Observations and Suggestions Various firms Install firewall, but never upgrade them. Do massive Website improvements without making parallel security improvements. The best way to safeguard a website from attack is to approach security as the ongoing challenge rather than a one time effort.
  • 105. Port Scanning Using PortQry • What is port scanning? • Using PortQry (the Portqry.exe command-line utility)
  • 106. What Is Port Scanning? • Network applications use TCP/UDP ports • Clients connect to applications using ports • Port scanning is the process of checking whether a port is open
  • 107. TCP and UDP in TCP/IP protocol architecture
  • 108. Port Numbers • The Well Known Ports are those from 0 through 1023. • The Registered Ports are those from 1024 through 49151. • The Dynamic and/or Private Ports are those from 49152 through 65535. http://www.iana.org/assignments/port-numbers ftp://ftp.isi.edu/in-notes/rfc1700.txt
  • 109. Well-know TCP / UDP ports TCP Port Number Description 20 FTP (Data Channel) 21 FTP (Control Channel) 23 Telnet 80 HyperText Transfer Protocol (HTTP) used for the World Wide Web 139 NetBIOS session service UDP Port Number Description 53 Domain Name System (DNS) Name Queries 69 Trivial File Transfer Protocol (TFTP) 137 NetBIOS name service 138 NetBIOS datagram service 161 Simple Network Management Protocol (SNMP)
  • 110. Port Scanning for TCP • TCP ports use "three-way handshake" • Successful handshake means port is listening • TCP Reset packet means port is not listening • No response means port is filtered
  • 111. Port Scanning for UDP • UDP ports do not use "three-way handshake" • Send UDP packet to port and wait for response • Most applications will not respond to zero- length packets • Formatted packet is necessary to get a response • Most port scanners do not scan UDP ports
  • 112. What Is Port Scanning used for? Use port scanning to: • Test connectivity • Test security
  • 113. Using PortQry •PortQry is designed as an application layer port scanner •It checks whether TCP and UDP ports are open, closed, or filtered •It determines if UDP ports are open using packets formatted for well known services Portqry is available for download on the Microsoft Web site at: http://download.microsoft.com/download/win2000adserv/Utility/1.0 /NT5/EN-US/portqry.exe
  • 114. PortQry Supports: • LDAP • RPC • DNS • SMTP • POP3 • IMAP4 • FTP • NetBIOS Name Service
  • 115. Status of a TCP/IP port • Listening – A process is listening on the port on the computer you choose. Portqry.exe received a response from the port. • Not Listening – No process is listening on the target port on the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) "Destination Unreachable - Port Unreachable" message back from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgement packet with the Reset flag set. • Filtered – The port on the computer you chose is being filtered. Portqry.exe did not receive a response from the port. A process may or may not be listening on the port. By default, TCP ports are queried three times and UDP ports are queried once before a report indicates that the port is filtered.
  • 116. PortQry Usage portqry -n server [-p protocol] [-e || -r || -o endpoint(s)] [-l logfile] [- s] [-q] Where: -n [server] IP address or name of server to query -p [protocol] TCP or UDP or BOTH (default is TCP) -e [endpoint] single port to query (valid range: 1-65535) -r [end point range] range of ports to query (start:end) -o [end point order] range of ports to query in an order (x,y,z) -l [logfile] name of log file to create -s 'slow link delay' waits longer for UDP replies from remote systems -q 'quiet' operation runs with no output returns 0 if port is listening returns 1 if port is not listening returns 2 if port is listening or filtered
  • 117. portqry -n myserver -p UDP -e 389Returns LDAP base query information UDP port 389 (unknown service): LISTENING or FILTERED Sending LDAP query to UDP port 389... LDAP query response: currentdate: 09/03/2001 05:42:40 (unadjusted GMT) subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com dsServiceName: CN=NTDS Settings,CN=RED-DC-11,CN=Servers,CN=NA-WA- RED,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com namingContexts: DC=redmond,DC=eu,DC=reskit,DC=com defaultNamingContext: DC=redmond,DC=eu,DC=reskit,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com configurationNamingContext: CN=Configuration,DC=eu,DC=reskit,DC=com rootDomainNamingContext: DC=eu,DC=reskit,DC=com supportedControl: 1.2.840.113556.1.4.319 supportedLDAPVersion: 3 supportedLDAPPolicies: MaxPoolThreads highestCommittedUSN: 4259431 supportedSASLMechanisms: GSSAPI dnsHostName: myserver.eu.reskit.com ldapServiceName: eu.reskit.com:myserver$@eu.RESKIT.COM serverName: CN=MYSERVER,CN=Servers,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com supportedCapabilities: 1.2.840.113556.1.4.800 isSynchronized: TRUE isGlobalCatalogReady: TRUE ======== End of LDAP query response ======== UDP port 389 is LISTENING
  • 118. portqry -n myserver -p UDP -e 135 Dumps RPC EndPoint Mapper database UDP port 135 (epmap service): LISTENING or FILTERED Querying Endpoint Mapper Database... Server's response: UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076 ncacn_ip_tcp:169.254.12.191[4144] UUID: ecec0d70-a603-11d0-96b1-00a0c91ece30 NTDS Backup Interface ncacn_np:MYSERVER[PIPElsass] UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface ncacn_ip_tcp:169.254.12.191[1030] UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface ncadg_ip_udp:169.254.12.191[1032] UUID: 12345678-1234-abcd-ef00-01234567cffb ncacn_np:MYSERVER[PIPElsass] UUID: 12345678-1234-abcd-ef00-01234567cffb ncacn_np:MYSERVER[PIPEPOLICYAGENT] Total endpoints found: 6 ==== End of RPC Endpoint Mapper query response ==== UDP port 135 is LISTENING
  • 119. portqry -n myserver -p UDP -e 53 • Verifies DNS query and response operation UDP port 53 (domain service): LISTENING or FILTERED Sending DNS query to UDP port 53... UDP port 53 (domain service): LISTENING
  • 120. portqry -n MyMailServer -p TCP -e 25 • Returns SMTP, POP3, IMAP4 status messages TCP port 25 (SMTP service): LISTENING Data returned from the port: 220 MyMailServer.eu.reskit.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Sun, 2 Sep 2001 23:24:30 -0700
  • 121. portqry -n MyFtpServer -p TCP -e 21 •Returns FTP status message and tests for anonymous account access 220 MyFtpServer Microsoft FTP Service (Version 5.0). 331 Anonymous access allowed, send identity (e- mail name) as password.
  • 122. portqry -n myserver -p UDP -e 137 • Verifies NetBIOS Name Service functionality and returns MAC address UDP port 137 (netbios-ns service): LISTENING or FILTERED Attempting NETBIOS adapter status query to UDP port 137... Server's response: MAC address 00c04f7946f0 UDP port: LISTENING
  • 123. Query behavior configurable using local service file • Located in %systemroot %/system32/drivers/etc/service • Resolves service name using this file • Decides what type of query to send to port using this file
  • 124. References • http://www.tlc.discovery.com/convergence/hackers/hack • http://www.tuxedo.org/~esr/faqs/hacker-howto.html • http://www.iss.net/security_center/advice/Underground • http://www.infosecuritymag.com/articles/march01/featu • http://www.nmrc.org/faqs/www/wsec09.html • http://www.microsoft.com/. Tim RainsTim Rains •• Technical LeadTechnical Lead •• Networking TeamNetworking Team • Q310099, "Description of the Portqry.exe Command- Line Utility"

Editor's Notes

  1. The graph tells us that at high security setting we need to accept that an authorized person might have to touch the sensor more than once.
  2. Computer Access Securing computer and network access is one of the most common uses of biometric devices. As financial data, medical records and other personal information becomes the target of attack, biometric systems can remove the risk of passwords being shared, stolen or guessed.   Physical Access As security and privacy becomes more important for employers, government, parents and others, biometrics is increasingly being seen as an acceptable solution. Around the world hospitals, military facilities, government buildings and offices are employing biometric access solutions to minimize security threats.   Time and Attendance Biometric systems are being used as a replacement for the traditional punch-card system of clocking-in and clocking-out. Replacing the manual process with biometrics prevents abuse of the system. Time management software provides attendance reports. This solution can be combined with a physical access system to restrict access certain areas without the risk of keys, proximity cards or door access codes being lost or shared.   Handheld devices As handheld device usage increase amongst executives, sales people and health-care professionals, organizations are focusing on how to protect the confidential data on them from falling into the wrong hands. Dynamic signature verification is proving itself as an important tool for securing access to pen-based devices and PDAs.   National Security Governments around the world are beginning to use biometrics to identify citizens and prevent fraud during elections. These systems often involve storing a biometric template, typically a fingerprint scan, on a card that acts as a national identity card.   Telecommunications With the rapid growth of call centers, telephone banking and telephone ordering systems, users are struggling to remember the number of user IDs and PINs required to access these systems. To combat this, voice-recognition systems are being used to provide access control without the need to remember personal access codes.