SlideShare a Scribd company logo

Network Security Tools

Emanuela Boroș
Emanuela Boroș

The document discusses various network security tools, focusing on Nessus and Nmap. Nessus is an open-source vulnerability scanner that scans for vulnerabilities on networks and hosts. It provides reports and has both free and commercial versions. Nmap is a port scanner used to discover hosts and services on a network. The document explains how Nessus and Nmap can be used together for penetration testing, with Nmap performing initial scans and Nessus following up with more detailed vulnerability assessments. Example uses of the tools for internal network scanning and web application testing are also provided.

Technology
1 of 44
Download to read offline
Software Security Network Security Tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
Audit/Port Scanning Tools ● Nessus (Vulnerability scanner) #3 ● SAINT (Vulnerability scanner, Based on SATAN,developed by World Wide Security,Inc.) #110 ● Sara (Security Auditor’s Research Assistant, SANS Top 10 Threats, 1 May 2009) ● Nmap, strobe (Port scanners, strobe was one of the earliest port scanning tools, Nmap is the strobe's grandson)
Nessus Scanner
Nessus Scanner ● Available from http://www.nessus.org/products/nessus/ ● The world leading vulnerability scanner ● Free for home users, licensed on a yearly subscription for commercial businesses ● Easy-to-use tool ● Linux/Solaris/Windows/Android/iPhone ● Provides HTML based reports ● Client/server architecture: clients (Windows, Unix, Android, iPhone) & servers (Unix only)
Pros/Cons Pros ● Free vulnerability scanning ● Easy to install and use ● Up-to-date security vulnerability database ● Free for home users ● Powerful plug-in architecture Cons ● Needs activation code ● Some UI issues
Policies A Nessus “policy” consists of configuration options related to performing a vulnerability scan. ● External Network Scan ● scans externally facing hosts ● XSS plugin families ● all 65,535 ports are scanned ● Internal Network Scan ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned ● Web App Tests ● scans for vulnerabilities present in each of the parameters, including XSS, SQL, command injection ● Prepare for PCI DSS audits ● enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture
Server
Pros/Cons
Client
Case Studies Version: 4.4.1 Feed Type: Home OS: Windows 7/Android
Internal Network Scan ● Default policy ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned
Web Application Scanning With Credentials
Steps ● App that requires authentication ● Create a policy ● General - Port 80 ● Preferences ● HTTP login page ● Login page and login form (may be a different form) ● Look into you html and see what name fields or you can use a sniffer What it is used into a post request ● Ability to check for auth – login successfully with a timer – go to this page every delay to see if you're still logged – with a 120 seconds and you should see a regex Logout ● Web mirroring – regular expressions to exclude things – web spider to exclude logout.php cause that would log you out
Windows Scanning
Conclusions
Using Android Nessus app
Nmap
Nmap ● Insecure.Org ● free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network ● uses raw IP packets to determine what hosts are available on the network ● used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist
Nmap with Nessus
Advantages ● smart penetration testing ● nmap the best scanner ever and nessus one of our favorite vulnerability scanner ● effective and less time consumer
Case Study Steps ● used nmap for a quick scan on the local network to all the hosts in the subnet ● after the scan there will be different hosts and their open ports
Network Security Tools
Network Security Tools
Network Security Tools
Network Security Tools

Recommended

Network scanning
Network scanningNetwork scanning
Network scanning
oceanofwebs
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
n|u - The Open Security Community
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
Nikto
NiktoNikto
Nikto
Sorina Chirilă
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
n|u - The Open Security Community
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 

Recommended

Network scanning
Network scanningNetwork scanning
Network scanning
oceanofwebs
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
n|u - The Open Security Community
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
Nikto
NiktoNikto
Nikto
Sorina Chirilă
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
n|u - The Open Security Community
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Security tools
Security toolsSecurity tools
Security tools
Greater Noida Institute Of Technology
 
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTUREVULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
Nurul Haszeli Ahmad
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
LAN Security
LAN Security LAN Security
LAN Security
Syed Ubaid Ali Jafri
 
N map presentation
N map presentationN map presentation
N map presentation
ulirraptor
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
begmohsin
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
Harsh Kevadia
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalation
SongchaiDuangpan
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Virtualization.ppt
Virtualization.pptVirtualization.ppt
Virtualization.ppt
vishal choudhary
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
itmind4u
 

More Related Content

What's hot

Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Security tools
Security toolsSecurity tools
Security tools
Greater Noida Institute Of Technology
 
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTUREVULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
Nurul Haszeli Ahmad
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
LAN Security
LAN Security LAN Security
LAN Security
Syed Ubaid Ali Jafri
 
N map presentation
N map presentationN map presentation
N map presentation
ulirraptor
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
begmohsin
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
Harsh Kevadia
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalation
SongchaiDuangpan
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Virtualization.ppt
Virtualization.pptVirtualization.ppt
Virtualization.ppt
vishal choudhary
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 

What's hot (20)

Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Security tools
Security toolsSecurity tools
Security tools
 
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTUREVULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
LAN Security
LAN Security LAN Security
LAN Security
 
N map presentation
N map presentationN map presentation
N map presentation
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalation
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Virtualization.ppt
Virtualization.pptVirtualization.ppt
Virtualization.ppt
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 

Viewers also liked

Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
itmind4u
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
amiable_indian
 
Nmap
NmapNmap
Nmap
Fat-Thing Gabriel-Culley
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 
Security tools
Security toolsSecurity tools
Security tools
arfan shahzad
 
Linux dasar
Linux dasarLinux dasar
Linux dasar
Tulisan Komputer
 
Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1
Tulisan Komputer
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit Framework
Animesh Roy
 
OpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerOpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment Scanner
Chandrak Trivedi
 
Nessus and Reporting Karma
Nessus and Reporting KarmaNessus and Reporting Karma
Nessus and Reporting Karma
n|u - The Open Security Community
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
SSASIT
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
Nessus Scanner Vulnerabilidades
Nessus Scanner VulnerabilidadesNessus Scanner Vulnerabilidades
Nessus Scanner Vulnerabilidades
Mauro Risonho de Paula Assumpcao
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
Mandy Suzanne
 

Viewers also liked (19)

Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
Nmap
NmapNmap
Nmap
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
Security tools
Security toolsSecurity tools
Security tools
 
Linux dasar
Linux dasarLinux dasar
Linux dasar
 
Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit Framework
 
OpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment ScannerOpenVAS: Vulnerability Assessment Scanner
OpenVAS: Vulnerability Assessment Scanner
 
Nessus and Reporting Karma
Nessus and Reporting KarmaNessus and Reporting Karma
Nessus and Reporting Karma
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Nessus Scanner Vulnerabilidades
Nessus Scanner VulnerabilidadesNessus Scanner Vulnerabilidades
Nessus Scanner Vulnerabilidades
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

Similar to Network Security Tools

20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
Suman Garai
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
B.A.
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability Detection
PRISMA CSI
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdf
SouvikRoy114738
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
dnomura
 
INSECT | Security System Project | 2011
INSECT | Security System Project | 2011INSECT | Security System Project | 2011
INSECT | Security System Project | 2011
Rainer Arencibia
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
SegInfo
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New Hope
Michele Chubirka
 
Computer security
Computer securityComputer security
Computer security
Mohamed Abdo
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Ready set hack
Ready set hackReady set hack
Ready set hack
GDSCBVCOENM
 
nessus
nessusnessus
nessus
Muhammad Yasin
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
Gary Mendonca
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
egypt
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditors
Jose Manuel Ortega Candel
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
richarddxd
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs Security
Lumension
 
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanOSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
NETWAYS
 

Similar to Network Security Tools (20)

20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability Detection
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdf
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
INSECT | Security System Project | 2011
INSECT | Security System Project | 2011INSECT | Security System Project | 2011
INSECT | Security System Project | 2011
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
Port scanning
Port scanningPort scanning
Port scanning
 
Port scanning
Port scanningPort scanning
Port scanning
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New Hope
 
Computer security
Computer securityComputer security
Computer security
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Ready set hack
Ready set hackReady set hack
Ready set hack
 
nessus
nessusnessus
nessus
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditors
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs Security
 
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanOSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
 

Recently uploaded

みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 

Recently uploaded (20)

みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 

Network Security Tools

  • 1. Software Security Network Security Tools Presented by Emanuela Boroș “Al. I. Cuza” University, Faculty of Computer Science Master of Software Engineering, II
  • 2. Audit/Port Scanning Tools ● Nessus (Vulnerability scanner) #3 ● SAINT (Vulnerability scanner, Based on SATAN,developed by World Wide Security,Inc.) #110 ● Sara (Security Auditor’s Research Assistant, SANS Top 10 Threats, 1 May 2009) ● Nmap, strobe (Port scanners, strobe was one of the earliest port scanning tools, Nmap is the strobe's grandson)
  • 4. Nessus Scanner ● Available from http://www.nessus.org/products/nessus/ ● The world leading vulnerability scanner ● Free for home users, licensed on a yearly subscription for commercial businesses ● Easy-to-use tool ● Linux/Solaris/Windows/Android/iPhone ● Provides HTML based reports ● Client/server architecture: clients (Windows, Unix, Android, iPhone) & servers (Unix only)
  • 5. Pros/Cons Pros ● Free vulnerability scanning ● Easy to install and use ● Up-to-date security vulnerability database ● Free for home users ● Powerful plug-in architecture Cons ● Needs activation code ● Some UI issues
  • 6. Policies A Nessus “policy” consists of configuration options related to performing a vulnerability scan. ● External Network Scan ● scans externally facing hosts ● XSS plugin families ● all 65,535 ports are scanned ● Internal Network Scan ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned ● Web App Tests ● scans for vulnerabilities present in each of the parameters, including XSS, SQL, command injection ● Prepare for PCI DSS audits ● enables the built-in PCI DSS compliance checks that compare scan results with the PCI standards and produces a report on your compliance posture
  • 9.
  • 11. Case Studies Version: 4.4.1 Feed Type: Home OS: Windows 7/Android
  • 12. Internal Network Scan ● Default policy ● scans large internal networks with many hosts, several exposed services, and embedded systems such as printers ● standard set of ports is scanned
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18. Web Application Scanning With Credentials
  • 19. Steps ● App that requires authentication ● Create a policy ● General - Port 80 ● Preferences ● HTTP login page ● Login page and login form (may be a different form) ● Look into you html and see what name fields or you can use a sniffer What it is used into a post request ● Ability to check for auth – login successfully with a timer – go to this page every delay to see if you're still logged – with a 120 seconds and you should see a regex Logout ● Web mirroring – regular expressions to exclude things – web spider to exclude logout.php cause that would log you out
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 28.
  • 29.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36. Nmap
  • 37. Nmap ● Insecure.Org ● free utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network ● uses raw IP packets to determine what hosts are available on the network ● used by attackers to scan a network and perform reconnaisance about the types and quantities of targets available and what weaknesses exist
  • 39. Advantages ● smart penetration testing ● nmap the best scanner ever and nessus one of our favorite vulnerability scanner ● effective and less time consumer
  • 40. Case Study Steps ● used nmap for a quick scan on the local network to all the hosts in the subnet ● after the scan there will be different hosts and their open ports