Nomura UCCSC 2009

647 views

Published on

University of California Computer Services Conference (UCCSC) 2009 - Focus on Security

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
647
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Nomura UCCSC 2009

  1. 1. UCCSC 2009 - Focus on Security An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009
  2. 2. Disclaimer Don’t blame me if your workstation breaks or something bad happens to your network
  3. 3. Scientist Gone Bad - this is me!
  4. 4. Expectations • General overview - Only have 60 minutes! • Focus will be on tools to help detect problems with your network • Two Hat Perspective • If you can use the tool, think how it can be used against you!
  5. 5. Approach Tool will be described • What the tool does • How can you use it • Advantages/disadvantages
  6. 6. Topics to be covered Data Mining 1A • Web 2.0 • Kismet • OpenVAS • Metasploit
  7. 7. More Topics • NMap • Web Vulnerability Scanners • Pros and Cons of the free stuff • The Future
  8. 8. Data Mining 1A
  9. 9. Data Mining 1A • Every network leaks or broadcasts information • What is allowable or acceptable by your organization? • This section will give examples of types of information being broadcast - allowable and sensitive
  10. 10. Classic Sources of Data Leaks • DNS & MX records • Technical forums • Job sites
  11. 11. Google’s Advanced Operators • Reduce noise • Help to refine search • Operator:search term • Tutorial to advanced operators http://www.googletutor.com/google-manual/web-se
  12. 12. Operators • domain:ucdavis.edu • “Exact phrase” • Intitle: Look for phrase in page
  13. 13. Types of information • Personal information • Technical information
  14. 14. Let’s look for some personal information
  15. 15. Does anyone from UCD know person? or My Gosh - Look at the SSN!!!
  16. 16. Sensitive information deleted from this slide
  17. 17. Is anyone from UCSF? Or this probably should not be broadcast to the world
  18. 18. Sensitive information deleted from this slide
  19. 19. Text Example of a technical google hack revealing Nessus Scan Reports
  20. 20. Summary of Google Hacking • Use Google to peruse your servers for sensitive information • Clean up your mess like old scan reports • Educate users about the danger of broadcasting information
  21. 21. The Pros of Google Hacking • Find information you didn’t know was being broadcast • It’s cheap and works
  22. 22. The Cons of Google Hacking • Someone may have found the information already • You may not find everything • Fear the Google cache!!!!!
  23. 23. References for Google Hacking • See Johnny Long’s book - Google Hacking for Penetration Testers - ISBN-10 1597491764 • Any questions - just send me an email
  24. 24. Web 2.0 • Example: Twitter • Technical • Exploitation of code • Passive enumeration • Users careless of information being broadcast
  25. 25. Solution • Identify types of data not be broadcast • Educate • Users need to be made aware there are people “watching.”
  26. 26. “Free” Tools • Many released under GNU/GPL • Range from simple to complex • Many have great support and documentation
  27. 27. Kismet • Detects presence of 802.11 APs • Sniffs traffic • IDS • kismewireless.net
  28. 28. Kismet Note error messages at bottom - ignore them
  29. 29. Courtesy of kismetwireless.net
  30. 30. Why use Kismet? • Pen testing of APs • Seek out rogue APs • Survey and map 802.11 installation • Distributed IDS
  31. 31. Kismet Advantages • Initial cost is free • Very powerful • Customizable • plugins
  32. 32. Cons of Kismet • Interface • May require significant configuration • Incompatibilities • Long term cost could be high due to time spent configuring and tweaking apps
  33. 33. OpenVAS Vulnerability Assessment • Based upon Nessus 2.2 • Released under GNU/GPL • openvas.org
  34. 34. Image Courtesy of openvas.org
  35. 35. Image Courtesy of openvas.org
  36. 36. Image Courtesy of openvas.org
  37. 37. OpenVAS • Runs well on Linux • Financially - free VA tool • Growing support for project
  38. 38. Disadvantages Problems with some NVTs • Some difficulty non-linux platform
  39. 39. Metasploit • Security Framework identifies vulnerabilities and exploits them • Intended for penetration testing and research • Customizable • metasploit.org
  40. 40. Metasploit Text Command line interface of Metasploit
  41. 41. Metasploit Example vulnerability to be used on Windows 2000 machine
  42. 42. Metasploit Selection of exploit
  43. 43. Metasploit Access has been achieved on remote machine
  44. 44. Metasploit Advantages • Growing community of users • Growing documentation • Runs well on most flavors of *nix • Excellent tool to identify and exploit vulnerability
  45. 45. Metasploit Disadvantages • Do not expect all exploits nor may be up to date with latest exploits • Lack of logging or reports • Machine running Metasploit can be compromised • This is a very dangerous tool and may violate policy at your institution. Use on test network
  46. 46. NMap - Network Mapper • Sends raw IP packets to specific host, or a range of hosts • Determines OS, version, open ports, identifies potential vulnerability • nmap.org
  47. 47. NMap • Network administrators and other IT folk responsible for network based assets • Pen testers and other security folk
  48. 48. NMap Loki:/Users/Doug root# nmap -sV 192.168.1.1-25 Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-14 23:56 PDT Interesting ports on 192.168.1.1: Not shown: 998 closed ports PORT STATE SERVICE VERSION 23/tcp open telnet Cisco telnetd (IOS 6.X) 443/tcp open ssl/http Cisco PIX Device Manager MAC Address: 00:08:21:3A:29:B2 (Cisco Systems) Service Info: OS: IOS; Device: firewall Interesting ports on 192.168.1.2: Not shown: 997 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp tnftpd 20061217 22/tcp open ssh OpenSSH 5.1 (protocol 1.99) 548/tcp open afp Apple AFP (name: Feline; protocol 3.2; Mac OS X 10.4/10.5) MAC Address: 00:0D:93:32:D0:26 (Apple Computer) Service Info: Host: Feline.local Interesting ports on 192.168.1.4: Not shown: 999 closed ports PORT STATE SERVICE VERSION 5009/tcp open airport-admin Apple AirPort admin MAC Address: 00:03:93:1F:01:65 (Apple Computer) Interesting ports on 192.168.1.6: Part of a Nmap scan report
  49. 49. Strengths of NMap • Large base of support from user and developer community • Mature product • Fast and versatile scanner • Extremely stable. Install and go!
  50. 50. Weaknesses of NMap • Some scans seem to be intrusive • Some scans have crashed hosts being scanned
  51. 51. Web Vulnerability Scanners • GNU/GPL World • Singular in purpose • Paros • Stagnant • Nikto
  52. 52. Web Vulnerability Scanners Singular purpose tools usually check for a single type of vulnerability (i.e. XSS, SQL injection). You would have to have a lot of different GNU/GPL tools to encompass all possible vulnerabilities
  53. 53. Web Vulnerability Scanners Some projects become stagnant or die due to core developers ability to devote time to project
  54. 54. Advantages of the “free” apps • Initial cost is low • Some projects have a community of support • Documentation • A potentially powerful tool rivaling commercial tools
  55. 55. Advantages of “free” apps Use older hardware • Great for that older machine collecting dust
  56. 56. Disadvantages • Project stability • UI issues • Application stability • Speed of development • Upgrades may be challenging • Geek Factor
  57. 57. Geek Factor 100 Geek Factor 0 “cost” 100
  58. 58. What to do? • Define your needs • Determine stability and viability of project • Be willing to invest time • Be diligent
  59. 59. The future Greater and easier exploitation of Web 2.0 • You must educate your users about the dangers • Handhelds will be both targets and attackers
  60. 60. The End
  61. 61. Further questions? Drop me an email. doug.nomura@gmail.com

×