Emanuela Boroș, profile picture
Uploaded byEmanuela Boroș
PDF, PPTX3,620 views

Network Security Tools

The document discusses various network security tools, focusing on Nessus and Nmap. Nessus is an open-source vulnerability scanner that scans for vulnerabilities on networks and hosts. It provides reports and has both free and commercial versions. Nmap is a port scanner used to discover hosts and services on a network. The document explains how Nessus and Nmap can be used together for penetration testing, with Nmap performing initial scans and Nessus following up with more detailed vulnerability assessments. Example uses of the tools for internal network scanning and web application testing are also provided.

Technology
Related topics:
Software Security

Embed presentation

Download as PDF, PPTX
Software Security Network Security Tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
Audit/Port Scanning Tools ● Nessus (Vulnerability scanner) #3 ● SAINT (Vulnerability scanner, Based on SATAN,developed by World Wide Security,Inc.) #110 ● Sara (Security Auditor’s Research Assistant, SANS Top 10 Threats, 1 May 2009) ● Nmap, strobe (Port scanners, strobe was one of the earliest port scanning tools, Nmap is the strobe's grandson)
Nessus Scanner
Nessus Scanner ● Available from http://www.nessus.org/products/nessus/ ● The world leading vulnerability scanner ● Free for home users, licensed on a yearly subscription for commercial businesses ● Easy-to-use tool ● Linux/Solaris/Windows/Android/iPhone ● Provides HTML based reports ● Client/server architecture: clients (Windows, Unix, Android, iPhone) & servers (Unix only)
Pros/Cons Pros ● Free vulnerability scanning ● Easy to install and use ● Up-to-date security vulnerability database ● Free for home users ● Powerful plug-in architecture Cons ● Needs activation code ● Some UI issues
Policies A Nessus “policy” consists of configuration options related to performing a vulnerability scan. ● External Network Scan ● scans externally facing hosts ● XSS plugin families ● all 65,535 ports are scanned ● Internal Network Scan ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned ● Web App Tests ● scans for vulnerabilities present in each of the parameters, including XSS, SQL, command injection ● Prepare for PCI DSS audits ● enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture
Server
Pros/Cons
Client
Case Studies Version: 4.4.1 Feed Type: Home OS: Windows 7/Android
Internal Network Scan ● Default policy ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned
Web Application Scanning With Credentials
Steps ● App that requires authentication ● Create a policy ● General - Port 80 ● Preferences ● HTTP login page ● Login page and login form (may be a different form) ● Look into you html and see what name fields or you can use a sniffer What it is used into a post request ● Ability to check for auth – login successfully with a timer – go to this page every delay to see if you're still logged – with a 120 seconds and you should see a regex Logout ● Web mirroring – regular expressions to exclude things – web spider to exclude logout.php cause that would log you out
Windows Scanning
Conclusions
Using Android Nessus app
Nmap
Nmap ● Insecure.Org ● free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network ● uses raw IP packets to determine what hosts are available on the network ● used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist
Nmap with Nessus
Advantages ● smart penetration testing ● nmap the best scanner ever and nessus one of our favorite vulnerability scanner ● effective and less time consumer
Case Study Steps ● used nmap for a quick scan on the local network to all the hosts in the subnet ● after the scan there will be different hosts and their open ports
Network Security Tools
Network Security Tools
Network Security Tools
Network Security Tools

More Related Content

PPTX
Introduction to Cybersecurity Fundamentals
byToño Herrera
 
PPTX
Mobile security
bydilipdubey5
 
PPTX
Keymanagement of ipsec
byPACHIYAPPAN PACHIYAPPAS
 
PPTX
Two factor authentication 2018
byWill Adams
 
PPTX
Cyber security
byKrishanu Ghosh
 
PPTX
Password management
byWilmington University
 
PPTX
Password Policy and Account Lockout Policies
byanilinvns
 
DOCX
Password Cracking
byHajer alriyami
 
Introduction to Cybersecurity Fundamentals
byToño Herrera
 
Mobile security
bydilipdubey5
 
Keymanagement of ipsec
byPACHIYAPPAN PACHIYAPPAS
 
Two factor authentication 2018
byWill Adams
 
Cyber security
byKrishanu Ghosh
 
Password management
byWilmington University
 
Password Policy and Account Lockout Policies
byanilinvns
 
Password Cracking
byHajer alriyami
 

What's hot

PPTX
Rest API Security
byStormpath
 
PPTX
Mobile security
byHimmatsingh Rajpurohit
 
PPTX
Masters in cyber security
byVihaanBajaj
 
PPTX
Iot(security)
byShreya Pohekar
 
PPSX
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
byMardhaniAR
 
PPTX
Seminar-Two Factor Authentication
byDilip Kr. Jangir
 
PDF
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
byEdureka!
 
PPTX
Cyber security
byAman Pradhan
 
PDF
User Authentication: Passwords and Beyond
byJim Fenton
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PPTX
Security of iot device
byMayank Pandey
 
PPTX
Mobile security
byTapan Khilar
 
PPTX
Presentation on IOT SECURITY
byThe Avi Sharma
 
PPT
Information security in todays world
bySibghatullah Khattak
 
PPT
Network Security Tools and applications
bywebhostingguy
 
PPTX
Digital signature(Cryptography)
bySoham Kansodaria
 
PPSX
Web security
bykareem zock
 
PPTX
VAPT PRESENTATION full.pptx
byDARSHANBHAVSAR14
 
PPT
Transport layer security.ppt
byImXaib
 
PPTX
Viruses, worms, and trojan horses
byEILLEN IVY PORTUGUEZ
 
Rest API Security
byStormpath
 
Mobile security
byHimmatsingh Rajpurohit
 
Masters in cyber security
byVihaanBajaj
 
Iot(security)
byShreya Pohekar
 
Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx
byMardhaniAR
 
Seminar-Two Factor Authentication
byDilip Kr. Jangir
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
byEdureka!
 
Cyber security
byAman Pradhan
 
User Authentication: Passwords and Beyond
byJim Fenton
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
Security of iot device
byMayank Pandey
 
Mobile security
byTapan Khilar
 
Presentation on IOT SECURITY
byThe Avi Sharma
 
Information security in todays world
bySibghatullah Khattak
 
Network Security Tools and applications
bywebhostingguy
 
Digital signature(Cryptography)
bySoham Kansodaria
 
Web security
bykareem zock
 
VAPT PRESENTATION full.pptx
byDARSHANBHAVSAR14
 
Transport layer security.ppt
byImXaib
 
Viruses, worms, and trojan horses
byEILLEN IVY PORTUGUEZ
 

Viewers also liked

PPTX
Demo of security tool nessus - Network vulnerablity scanner
byAjit Dadresa
 
PDF
Nmap basics
byitmind4u
 
PDF
Nessus Basics
byamiable_indian
 
PDF
Nmap
byFat-Thing Gabriel-Culley
 
PDF
Hacking With Nmap - Scanning Techniques
byamiable_indian
 
PPT
NetworkSecurity.ppt
byDreamMalar
 
PPT
Security tools
byarfan shahzad
 
PDF
Linux dasar
byTulisan Komputer
 
PDF
Tutorial nessus 6.2 versi1
byTulisan Komputer
 
PPTX
Intimacy with MSF - Metasploit Framework
byAnimesh Roy
 
PPTX
OpenVAS: Vulnerability Assessment Scanner
byChandrak Trivedi
 
PDF
Nessus and Reporting Karma
byn|u - The Open Security Community
 
PPT
Nmap(network mapping)
bySSASIT
 
PPTX
Network Security Nmap N Nessus
byUtkarsh Verma
 
PPT
Nessus Scanner Vulnerabilidades
byMauro Risonho de Paula Assumpcao
 
PPTX
Data protection ppt
bygrahamwell
 
PPT
Network Security 1st Lecture
bybabak danyal
 
PPTX
Network Security: Attacks, Tools and Techniques
bywaqasahmad1995
 
PPTX
Slideshare ppt
byMandy Suzanne
 
Demo of security tool nessus - Network vulnerablity scanner
byAjit Dadresa
 
Nmap basics
byitmind4u
 
Nessus Basics
byamiable_indian
 
Nmap
byFat-Thing Gabriel-Culley
 
Hacking With Nmap - Scanning Techniques
byamiable_indian
 
NetworkSecurity.ppt
byDreamMalar
 
Security tools
byarfan shahzad
 
Linux dasar
byTulisan Komputer
 
Tutorial nessus 6.2 versi1
byTulisan Komputer
 
Intimacy with MSF - Metasploit Framework
byAnimesh Roy
 
OpenVAS: Vulnerability Assessment Scanner
byChandrak Trivedi
 
Nessus and Reporting Karma
byn|u - The Open Security Community
 
Nmap(network mapping)
bySSASIT
 
Network Security Nmap N Nessus
byUtkarsh Verma
 
Nessus Scanner Vulnerabilidades
byMauro Risonho de Paula Assumpcao
 
Data protection ppt
bygrahamwell
 
Network Security 1st Lecture
bybabak danyal
 
Network Security: Attacks, Tools and Techniques
bywaqasahmad1995
 
Slideshare ppt
byMandy Suzanne
 

Similar to Network Security Tools

PPSX
20210906-Nessus-FundamentalInfoSec.ppsx
bySuman Garai
 
PPT
Nomura UCCSC 2009
bydnomura
 
DOCX
Security tools
bySwapnil Srivastav PMP®
 
PDF
Enterprise Vulnerability Management - ZeroNights16
byAlexander Leonov
 
PDF
Nessus Software
byMegha Sahu
 
PDF
Nessus
bypenetration Tester
 
PDF
API Training 10 Nov 2014
byDigital Bond
 
PPTX
Scanning networks (by piyush upadhyay)
byPiyush Upadhyay
 
PDF
Nt2580 Unit 7 Chapter 12
byLaura Arrigo
 
PPTX
( Ethical hacking tools ) Information grathring
byGouasmia Zakaria
 
DOCX
Assessment Questions and Answers1. What are the diff.docx
byfredharris32
 
PDF
Nessus is a network security toolIn a pragraph describe how it is .pdf
byfckindswear
 
PDF
CSEC 610 Individual Assignment Essay
byRochelle Schear
 
PDF
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
byJoshua Gorinson
 
PPTX
Exploring Kali Linux Tools for Website Scanning via IP Address
byBoston Institute of Analytics
 
PDF
Vulnerability Assessment Report
byHarshit Singh Bhatia
 
PPTX
Introduction to cyber security three .pptx
byGUESH8
 
PDF
5 howtomitigate
byricharddxd
 
PDF
Practical White Hat Hacker Training - Vulnerability Detection
byPRISMA CSI
 
PDF
Web Applications Assessment Tools: Comparison and Discussion
byEECJOURNAL
 
20210906-Nessus-FundamentalInfoSec.ppsx
bySuman Garai
 
Nomura UCCSC 2009
bydnomura
 
Security tools
bySwapnil Srivastav PMP®
 
Enterprise Vulnerability Management - ZeroNights16
byAlexander Leonov
 
Nessus Software
byMegha Sahu
 
Nessus
bypenetration Tester
 
API Training 10 Nov 2014
byDigital Bond
 
Scanning networks (by piyush upadhyay)
byPiyush Upadhyay
 
Nt2580 Unit 7 Chapter 12
byLaura Arrigo
 
( Ethical hacking tools ) Information grathring
byGouasmia Zakaria
 
Assessment Questions and Answers1. What are the diff.docx
byfredharris32
 
Nessus is a network security toolIn a pragraph describe how it is .pdf
byfckindswear
 
CSEC 610 Individual Assignment Essay
byRochelle Schear
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
byJoshua Gorinson
 
Exploring Kali Linux Tools for Website Scanning via IP Address
byBoston Institute of Analytics
 
Vulnerability Assessment Report
byHarshit Singh Bhatia
 
Introduction to cyber security three .pptx
byGUESH8
 
5 howtomitigate
byricharddxd
 
Practical White Hat Hacker Training - Vulnerability Detection
byPRISMA CSI
 
Web Applications Assessment Tools: Comparison and Discussion
byEECJOURNAL
 

Recently uploaded

PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 

Network Security Tools

  • 1.
    Software Security Network Security Tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
  • 2.
    Audit/Port Scanning Tools ● Nessus (Vulnerability scanner) #3 ● SAINT (Vulnerability scanner, Based on SATAN,developed by World Wide Security,Inc.) #110 ● Sara (Security Auditor’s Research Assistant, SANS Top 10 Threats, 1 May 2009) ● Nmap, strobe (Port scanners, strobe was one of the earliest port scanning tools, Nmap is the strobe's grandson)
  • 3.
  • 4.
    Nessus Scanner ● Available from http://www.nessus.org/products/nessus/ ● The world leading vulnerability scanner ● Free for home users, licensed on a yearly subscription for commercial businesses ● Easy-to-use tool ● Linux/Solaris/Windows/Android/iPhone ● Provides HTML based reports ● Client/server architecture: clients (Windows, Unix, Android, iPhone) & servers (Unix only)
  • 5.
    Pros/Cons Pros ●Free vulnerability scanning ● Easy to install and use ● Up-to-date security vulnerability database ● Free for home users ● Powerful plug-in architecture Cons ● Needs activation code ● Some UI issues
  • 6.
    Policies A Nessus “policy”consists of configuration options related to performing a vulnerability scan. ● External Network Scan ● scans externally facing hosts ● XSS plugin families ● all 65,535 ports are scanned ● Internal Network Scan ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned ● Web App Tests ● scans for vulnerabilities present in each of the parameters, including XSS, SQL, command injection ● Prepare for PCI DSS audits ● enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture
  • 7.
  • 8.
  • 10.
  • 11.
    Case Studies Version: 4.4.1 FeedType: Home OS: Windows 7/Android
  • 12.
    Internal Network Scan ● Default policy ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned
  • 18.
    Web Application Scanning With Credentials
  • 19.
    Steps ● App that requires authentication ● Create a policy ● General - Port 80 ● Preferences ● HTTP login page ● Login page and login form (may be a different form) ● Look into you html and see what name fields or you can use a sniffer What it is used into a post request ● Ability to check for auth – login successfully with a timer – go to this page every delay to see if you're still logged – with a 120 seconds and you should see a regex Logout ● Web mirroring – regular expressions to exclude things – web spider to exclude logout.php cause that would log you out
  • 26.
  • 27.
  • 30.
  • 36.
  • 37.
    Nmap ● Insecure.Org ● free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network ● uses raw IP packets to determine what hosts are available on the network ● used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist
  • 38.
  • 39.
    Advantages ● smart penetration testing ● nmap the best scanner ever and nessus one of our favorite vulnerability scanner ● effective and less time consumer
  • 40.
    Case Study Steps ● used nmap for a quick scan on the local network to all the hosts in the subnet ● after the scan there will be different hosts and their open ports