1. Educate. Innovate. Inspire.
IAE-680
Perimeter Protection


Assessment Techniques
Assessment Techniques
1

2. Agenda
“Concise” Class (Payment for Session
16!)
Where are we now?
Assessment Techniques
Discuss Session 16
Wrap-Up
2

3. Where We Are
To-Date
Lab 1 and 2 Complete
Threaded Discussion Complete
Midterm Complete
Project Completed
Final Event – Project Presentations
Design Under Fire
Grades out Prior to Last Asynch
Next Week!
Wish me luck…..
3

4. NS-680 Tenets of CND
Defense in Depth
Pull the Application Developers into
the Inner Circle
Complacency Could Easily be your
Most Insidious Enemy
Implement Disciplined Configuration
Management
Test Your Own Defenses
It is 10-Fold Easier to Attack than to
Defend
No Detail is too Small to Look at Once
(Auditing)
Systems Administrators are Key to
Organizational Success
Make the Entire Workforce Part
Owners in the Process
Effectively Train Providers and Users
No one Individual Holds All the Keys
Automate Where Possible – But Verify!
A Risk to One, is a Risk to All
Trust but Verify (Hold Trust Close)
Implicitly Deny Unless Specifically
Allowed
Balance Between Risk and Operations
Eliminate Unneeded Services
Least Privilege
Policy is the Keystone
Security is a Journey
Do the Basics Aggressively and Consistently!
Do the Basics Aggressively and Consistently!
Simpler May Be Better!
Simpler May Be Better!
4

5. Educate. Innovate. Inspire.
Assessment Techniques
External Assessment
Internal Assessment
5

6. Why Vulnerability Assessment?
Threat X Vulnerability X Asset Value =
Total Risk
Generally, “Threat” and “Asset Value” are constants
Generally, “Threat” and “Asset Value” are constants
in this equation. Therefore, IOT reduce total risk you must
in this equation. Therefore, IOT reduce total risk you must
reduce your vulnerability by implementing countermeasures
reduce your vulnerability by implementing countermeasures
or safeguards.
or safeguards.
[ Threat X Vulnerability X Asset Value ] X Controls Gap =
Residual Risk
Theoretically, ififyou can drive the controls gap to zero,
Theoretically, you can drive the controls gap to zero,
the Residual Risk is eliminated.
the Residual Risk is eliminated.
6

7. External Assessment
Conducted as an Outsider
No Prior Knowledge of Architecture or Policies
Conducted in Phases
Planning
Initial Reconnaissance
System Enumeration
Service Enumeration
Vulnerability Enumeration
Get Written Permission!
7

8. Planning
Purpose of Assessment
Red Team or Blue Team
Red Team – Trusted Agent
Blue Team – We’re here to help!
When to Assess
Authority for Both Red and Blue
Develop and Refine Tool Kit
Assessment Team Training
8

9. Initial Reconnaissance
Footprinting - Gather Publicly Available
Information
Organizational Web Sites
Other Web Sites
Business Information – Non-Technical
IP Address Range
Public Service IP Addresses
DNS, Web, Mail
9

10. Website Mining
10

11. whois – www.internic.net
11

12. NetScan Tools
12

13. online.capitol-college.edu lookup
13

14. whois online.capitol-college.edu
14

15. System Enumeration
Traceroute or Tracert
Networks and systems enroute
Outer Router? Firewall?
Leaked Addresses
Network Scanners (following slide)
Hosts Responding
Prepares for Service Enumeration
Tools Are Many!
15

16. System Enumeration
16

17. Telnet Banner Retrieval
online.capitol-college.edu
telnet 63.96.25.55 80
telnet 63.96.25.55 80
17

18. Got Milk?
18

19. Other Tools For Service Enumeration
NMap
LANGuard
SuperScan
NetScan Tools
CISCO Security Scanner
A Host of Others
19

20. LANGuard Network Security Scanner
20

21. Vulnerability Enumeration
Vulnerability Scanners
Operate at Application Layer – Unlike Port
Scanners
Tools
Nessus
ISS Internet Scanner – And Other ISS Products
Retina
Core Impact!
21

22. Core Impact
Brings ititall together.
Brings all together.
22

23. Metasploit
23

24. Internal Assessment
Testing From the Insider’s Perspective
Assumes Knowledge of Security Policy
Testing for Compliance – Audit
Are Rules Having Desired Effect?
Recall our Discussion of the Permit Any
Eligible Receiver 02
Effective Audit Program?
24

25. Preparing for Internal Assessment
Awareness of Your Policies
Develop Testing Methodology
Tools
Procedures
Frequency
Periodic and/or as needed
Test Against Policy
Test All Aspects of the Perimeter
Internet to screened subnet
Screened subnet to internet
Screened subnet to inside
Inside to screened subnet
Inside to internet
Others as appropriate
25

26. Verifying Policies
Use Assessment Workstation
May require separate “commercial” internet
connectivity
Assess Each Policy
Explicit Permit
Explicit Deny
Implicit Deny
Both Directions!
Track Using Various Methods
Scanning Tool Results
Sniffer Traces
Router/Firewall Logs
IDS Sensors
Server Logs
26

27. Suggested Looks
Blade Software
IDS Informer – Uses Simulated Attacks for
Evaluation – real, but harmless attacks
against IDSs.
Firewall Informer – Test current loaded
policy of a firewall or boundary with live
traffic to and from a single system.
27

28. IDS Informer
28

29. IDS Informer (cont)
29

30. Firewall Informer
30

31. Firewall Informer (cont)
31

32. Other Assessments
Wireless Policy
War Driving
Physical Security
Password Policies
Remote Access
Patch Management – Critical
Resources
Others?
32

33. Presentation – Session 16
For Extra Credit
Can handle 2-4
more Volunteers
Develop PowerPoint
Slides
Not more than 10
Provide Slides to me
NLT Session 15
I Will Include in
Session 16
Presentation
33

34. Presentation – Session 16
L01 Presentations
L01 Presentations
Volunteers…
Volunteers…
34

35. Course Evaluations
Please Participate in Course Evaluations
Online through Learn
This is anonymous
The results are used to improve the curriculum
35

36. Questions?
36

37. Trust…But Verify!
37