SlideShare a Scribd company logo

scanning and analysis tools Fuzz testing

Download as PPTX, PDF
M
maryjanebataluna19

To secure a network, someone in the organization must know exactly where the network needs to be secured. Although this step may sound simple and obvious, many companies skip it. They install a perimeter firewall and then relax, lulled into a sense of security by this single layer of defense. To truly assess the risks within a computing environment, you must deploy technical controls using a strategy of defense in depth, which is likely to include IDPSs, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers (commonly referred to as sniffers).

Technology
1 of 35
SCANNING AND ANALYSIS TOOLS To secure a network, someone in the organization must know exactly where the network needs to be secured. Although this step may sound simple and obvious, many companies skip it. They install a perimeter firewall and then relax, lulled into a sense of security by this single layer of defense. To truly assess the risks within a computing environment, you must deploy technical controls using a strategy of defense in depth, which is likely to include IDPSs, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers (commonly referred to as sniffers).
Although some information security experts may not perceive them as defensive tools, scanners, sniffers, and other vulnerability analysis applications can be invaluable because they enable administrators to see what the attacker sees. Some of these tools are extremely complex, and others are rather simple. Some tools are expensive commercial products, but many of the best scanning and analysis tools are developed by the hacker community or As you’ve learned, an IDPS helps to secure networks by detecting intrusions; the remaining items in the preceding list help administrators identify where the network needs securing. More specifically, scanner and analysis tools can find vulnerabilities in systems, holes in security components, and unsecured aspects of the network.
In the military, there is a long and distinguished history of generals inspecting the troops under their command before battle. In a similar way, security administrators can use vulnerability analysis tools to inspect the computers and network devices under their supervision. A word of caution, though: Good administrators should have several hacking Web sites bookmarked and should try to keep up with chat room discussions on new vulnerabilities, recent conquests, and favorite assault techniques. Security administrators are well within their rights to use tools that potential attackers use in order to examine network defenses and find areas that require additional attention.
Scanning tools are typically used as part of an attack protocol to collect information that an attacker needs to launch a successful attack. The process of collecting publicly available information about a potential target is known as footprinting. The attacker uses public Internet data sources to perform keyword searches that identify the network addresses of an organization. Many of these scanning and analysis tools have distinct signatures, and some Internet service providers (ISPs) scan for these signatures. If the ISP discovers someone using hacker tools, it can revoke that user’s access privileges. Therefore, organizational administrators are advised to establish a working relationship with their ISPs and notify them of any plans that could lead to misunderstandings. Amateur users are advised not to use these tools on the Internet.
the view source option on most popular Web browsers allows users to see the source code behind the graphics. Details in the source code of the Web page can provide clues to potential attackers and give them insight into the configuration of an internal network, such as the locations and directories for Common Gateway Interface (CGI) script bins and the names or addresses of computers and servers. In addition, public business Web sites such as those for Forbes or Yahoo! Business often reveal information about their company structure, commonly used company names, This research is augmented by browsing the organization’s Web pages. Web pages usually contain information about internal systems, the people who develop the Web pages, and other tidbits that can be used for social engineering attacks. For example,
common search engines allow attackers to query for any site that links to their proposed target. By doing a bit of initial Internet research, an attacker can often find additional Internet locations that are not commonly associated with the company— that is, business-to-business (B2B) partners and subsidiaries. Armed with this information, the attacker can find the “weakest link” into the target network. consider a company that has a large data center in Atlanta. The data center has been secured, so an attacker will have a difficult time breaking into it via the Internet. However, the attacker has run a “link” query on a search engine and found a small Web server that links to the company’s main Web server. After further investigation, the attacker learns that the server was set For example,
the organized research and investigation of internet addresses owned or controlled by a target organization. a logical sequence of steps or processes used by an attacker to launch an attack against a target system or network. Attack protocol- Footprinting-
unrestricted internal link into the company’s corporate data center. The attacker can attack the weaker site at the remote facility and use the compromised internal network to attack the true target. While it may seem trite or clichéd, the old saying that “a chain is only as strong as its weakest link” is very relevant to network and computer security. If a company has a trusted network connection with 15 business partners, one weak business partner can compromise all 16 networks. To assist in footprint intelligence collection, you can use an enhanced Web scanner that examines entire Web sites for valuable pieces of information, such as server names and e-mail addresses. One such scanner is called Sam Spade (see Figure 9-13), which you can obtain by searching the Web for a copy of the last version (1.14). Although antiquated, Sam Spade can perform a host of scans and probes, such as sending multiple ICMP information requests (pings), attempting to retrieve multiple and cross- zoned DNS queries, and performing network analysis queries known as traceroutes from the commonly used UNIX command.
All of these scans are powerful diagnostic and hacking activities, but Sam Spade is not considered hackerware (hacker-oriented software). Rather, it is a utility that is useful to network administrators and miscreants a like. For Linux or BSD systems, a tool called GNU Wget allows a remote user to “mirror” entire Web sites. With this tool, attackers can copy an entire Web site and then go through the source HTML, JavaScript, and Web-based forms at their leisure, collecting and collating all of the data from the source code that will help them mount an attack. The next phase of the attack protocol is a data gathering process called fingerprinting FINGERPRINTING- the systematic survey of a targeted organizations internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range. fingerprinting deploys various tools that are described in the following sections to reveal useful information about the internal
-A type of tool used both by attackers and defenders to identif or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information. Port scanning utilities, or port scanners, are tools that can either perform generic scans or those for specific types of computers, protocols, or resources. You need to understand the network environment and the scanning tools at your disposal so you can use the tool best suited to the data collection task at hand. For instance, if you are trying to identify a Windows computer in a typical network, a built-in feature of the operating system, nbtstat, may provide your answer very quickly PORT SCANNER
The more specific the scanner is, the more useful its information is to attackers and defenders. However, you should keep a generic, broad-based scanner in your toolbox to help locate and identify unknown rogue nodes on the network. Probably the most popular port scanner is Nmap, which runs both on UNIX and Windows systems. A port is a network channel or connection point in a data communications system. Within the TCP/IP networking protocol, TCP and User Datagram Protocol (UDP) port numbers differentiate the multiple communication channels that connect to the network services offered on a network device. Each application within TCP/IP has a unique port number. Some have default ports but can also use other ports. Some of the well-known port numbers are shown in Table 9-2. In all, 65,536 port numbers are in use for TCP and another 65,536 port numbers are used for UDP. Services that use the TCP/IP protocol can run on any port; however,
Port 0 is not used. Port numbers greater than 1023 are typically referred to as ephemeral ports and may be randomly allocated to server and client processes. Why secure open ports? Simply put, an attacker can use an open port to send commands to a computer, potentially gain access to a server, and possibly exert control over a networking device. As a rule of thumb, any port that is not absolutely necessary for conducting business should be secured or removed from service. For example, if a business doesn’t host Web services, there is no need for port 80 to be available on its servers.
Attack Surface- the functions and features that a system exposes to unauthenticated users. The number and nature of the open ports on a system are an important part of its attack surface. As a general design goal, security practitioners seek to reduce the attack surface of each system to minimize the potential for latent defects and unintended consequences to cause losses. At this point, we must caution that some activities performed routinely by security professionals—specifically, port scanning—may cause problems for casual system users. Even the use of the network ping command can cause issues at some organizations. Some organizations have strong policy prohibitions for activities that
Port Number Protocol 7 Echo 20 File Transfer (default data) (FTP) 21 File Transfer (Control) (FTP) 23 Telnet 25 Simple Mail Transfer Protocol (SMTP) 53 Domain Name System(DNS) 80 Hypertext Transfer Protocol(HTTP) 110 Post Office Protocol version 3 (POP3) 161 Simple Network Management Protocol (SNMP) Table 9-2 Commonly Used Port Numbers
FIREWALL ANALYSIS TOOLS Understanding exactly where an organization’s firewall is located and the functions of its existing rule sets are very important steps for any security administrator. Several tools automate the remote discovery of firewall rules and assist the administrator (or attacker) in analyzing the rules to determine what they allow and reject. The Nmap tool mentioned earlier has some advanced options that are useful for firewall analysis. For example, the option called idle scanning, which is run with the -I switch, allows the Nmap user to bounce a scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan. More specifically, most operating systems do not use truly random IP packet identification numbers (IP IDs), so if the DMZ has multiple hosts and one of them uses nonrandom IP IDs, the attacker can query the server and obtain the
The attacker can then spoof a packet that is allegedly from the queried server and destined for an internal IP address behind the firewall. If the port is open on the internal machine, the machine replies to the server with a SYN-ACK packet, which forces the server to respond with a TCP RESET packet. In its response, the server increments its IP ID number. The attacker can now query the server again to see if the IP ID has incremented. If it has, the attacker knows that the internal machine is alive and has the queried service port open. In a nutshell, running the Nmap idle scan allows attackers to scan an internal network as if they were on a trusted machine inside the DMZ. Firewalk is another tool that can be used to analyze firewalls. Written by noted network security experts Mike Schiffman and David Goldsmith, Firewalk uses incrementing Time-To- Live (TTL) packets to determine the path into a network as well as the default firewall policy. Running Firewalk against a target machine reveals where routers and firewalls are filtering traffic to the target host.
We must again caution that many tools used by security professionals may cause problems for casual system users. Some organizations have strong policy prohibitions against any form of hackerware, and even possessing the files needed to install it or having results from its use may be a violation that carries grave consequences. Many endpoint protection products trigger alarms for these types of tools. Always ask permission from the organization’s security office before using any tools of this nature. A final firewall analysis tool worth consideration is HPING (www.hping.org), which is a modified ping client. It supports multiple protocols and has a command-line method of specifying nearly any ping parameter. For instance, you can use HPING with modified TTL values to determine the infrastructure of a DMZ.
You can use HPING with specific ICMP flags to bypass poorly configured firewalls that allow all ICMP traffic to pass through and find internal systems. Administrators who are wary of using the same tools that attackers use should remember two important points. Regardless of the tool that is used to validate or analyze a firewall’s configuration, user intent dictates how the gathered information is used. To defend a computer or network well, administrators must understand the ways it can be attacked. Thus, a tool that can help close an open or poorly configured firewall will help the network defender minimize the risk from attack.
The ability to detect a target computer’s operating system is very valuable to an attacker. Once the OS is known, the attacker can easily determine all of the vulnerabilities to which it is susceptible. Many tools use networking protocols to determine a remote computer’s OS. One such tool is XProbe, which uses ICMP to determine the remote OS. When run, XProbe sends many different ICMP queries to the target host. As reply packets are received, XProbe matches these responses from the target’s TCP/IP stack with its own internal database of known responses. Because most OSs have a unique way of responding to ICMP requests, XProbe is very reliable in finding matches and thus detecting the operating systems of remote computers. Therefore, system and network administrators should restrict the use of ICMP through Operating System Detection Tools
Vulnerability Scanners An example of a vulnerability scanner is Nessus, a professional freeware utility that uses IP packets to identify hosts available on the network, the services (ports) they offer, their operating system and OS version, the type of packet filters and firewalls in use, and dozens of other network characteristics. Figures 9-14 and 9-15 show sample screens from Nessus. Vulnerability scanners should be proficient at finding known, documented holes, but what happens if a Web server is from a new vendor or a new application was created by an internal development team? In such cases, you Active vulnerability scanners examine networks for highly detailed information An active scanneris one that initiates traffic on the network to determine security holes.
is a straightforward technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. Vulnerabilities can be detected by measuring the outcome of the random inputs. Fuzz testing One example of a fuzz scanner is Spike, which has two primary components. The first is the Spike Proxy (www.spikeproxy.com), which is a full-blown proxy server. As Web site visitors use the proxy, Spike builds a database of each traversed page, form, and other Web- specific asset. When the Web site owner determines that enough history has been collected to completely characterize the full site, Spike can be used to check for bugs. In other words, administrators can use the usage history collected by Spike to traverse all known pages, forms, and active programs such as asp and cgibin, and then can test the system by attempting overflows, SQL injection, cross-site scripting, and many other
A list of the top commercial and residential vulnerability scanners includes the following product:  Nessus  OpenVAS  CoreImpact  Nexpose  GFI LanGuard  Microsoft Baseline Security Analyzer (MBSA)  Retina  Secunia PSI  Nipper  Security Administrator`s Integrated Network Tool (SAINT
The Nessus scanner features a class of attacks called destructive attacks. If enabled, Nessus attempts common overflow techniques against a target host. Fuzzers or black-box scanners and Nessus in destructive mode can be very dangerous tools, so they should be used only in a lab environment. In fact, these tools are so powerful that even experienced system defenders are not likely to use them in the most aggressive modes on their production networks. At the time of this writing, the most popular scanners seem to be Nessus, OpenVAS, and Nexpose. The Nessus scanner was originally open source, but it is now strictly commercial.
Members of an organization often require proof that a system is vulnerable to a certain attack. They may require such proof to avoid having system administrators attempt to repair systems that are actually not broken or because they have not yet built a satisfactory relationship with the vulnerability assessment team. In these instances, a class Of scanners is available that actually exploits the remote machine and allows the vulnerability analyst (sometimes called a penetration tester) to create an account, modify a Web page, or view data. These tools can be very dangerous and should be used only when absolutely necessary. Three such tools are Core Impact, Immunity’s
Of these three tools, only the Metasploit Framework is available without a license fee. The Metasploit Framework is a collection of exploits coupled with an interface that allows penetration testers to automate the custom exploitation of vulnerable systems. For instance, if you wanted to exploit a Microsoft Exchange server and run a single command (perhaps add the user “security” into the administrators group), the tool allows you to customize an overflow in this manner. Figure 9-16 shows the Metasploit Framework.
Passive vulnerability scanner - A scanner that listens in on a network and identifies vulnerable versions of both server and client software. At the time of this writing, two primary vendors offer this type of scanning solution: Tenable Network Security, with its Passive Vulnerability Scanner (PVS), and Watcher Web Security Scanner from Casaba (see Figure 9-17). The advantage of using passive scanners is that they do not require vulnerability analysts to obtain approval prior to testing. These tools simply monitor the network connections to and from a server to obtain a list of vulnerable applications. Furthermore, passive vulnerability scanners can find clientside vulnerabilities that are typically not found by active scanners. For instance, an active scanner operating without domain admin rights would be unable to determine the version of Internet Explorer running on a desktop machine, but a passive scanner could make that determination by observing traffic to and from the client.
PACKET SNIFFERS -A software program or hardware appliance that can intercept copy, and interpret network traffic. -A packet sniffer or network protocol analyzer can provide a network administrator with valuable information for diagnosing and resolving networking issues. In the wrong hands, however, a sniffer can be used to eavesdrop on network traffic. commercial and open-source sniffers are both available—for example, Sniffer is a commercial product and Snort is open-source software. The dominant network protocol analyzer is Wireshark (www.wireshark.org), formerly known as Ethereal, which is available in open-source and commercial versions. Wireshark allows the administrator to examine data
Wireshark’s features include a language filter and a TCP session reconstruction utility. Figure 9-20 shows a sample screen from Wireshark. To use these types of programs most effectively, the user must be connected to a network from a central location using a monitoring port. Simply tapping into an Internet connection floods you with more data than you can readily process, and the action technically constitutes a violation of the U.S. Wiretap Act. To use a packet sniffer legally, the administrator must: 1.be on a network that the organization owns, 2.have authorization of the network’s owners, and 3.have knowledge and consent of the content creators.
If all three conditions are met, the administrator can selectively collect and analyze packets to identify and diagnose problems on the network. Consent is usually obtained by having all system users sign a release when they are issued a user ID and passwords; the release states that “use of the systems is subject to monitoring.” These three conditions are the same requirements for employee monitoring in general; therefore, packet sniffing should be construed as a form of employee monitoring. Many administrators feel safe from sniffer attacks when their computing environment is primarily a switched network, but they couldn’t be more wrong. Several open-source sniffers support alternate networking approaches and can enable packet sniffing in a switched network environment. Two of these approaches are ARP spoofing and session hijacking, which use tools like Ettercap (www.ettercap-project.org/). To secure data in transit across any network, organizations must use a carefully
WIRELESS SECURITY TOOLS 802.11 wireless networks have sprung up as subnets on nearly all large networks. A wireless connection is convenient, but it has many potential security holes. An organization that spends all of its time securing the wired network while ignoring wireless networks is exposing itself to a security breach. As a security professional, you must assess the risk of wireless networks. A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. Sectools.org identified the top wireless tools in current use:
• Aircrack, a wireless network protocol cracking tool • Kismet, a powerful wireless network protocol sniffer, network detector, and IDPS, which works by passively sniffing networks • NetStumbler, a freeware Windows file parser available at www.netstumbler.org • inSSIDer, an enhanced scanner for Windows, OS X, and Android • KisMAC, a GUI passive wireless stumbler for Mac OS X (a variation of Kismet)31
Another wireless tool, AirSnare (https://airsnare.en.softonic.com/), is freeware that can be run on a low-end wireless workstation. AirSnare monitors the airwaves for any new devices or access points. When it finds one, AirSnare sounds an alarm to alert administrators that a new and potentially dangerous wireless apparatus is attempting access on a closed wireless network. The tools discussed in this module help the attacker and the defender prepare themselves to complete the next steps in the attack protocol: attack, compromise, and exploit. These steps are beyond the scope of this text and are usually covered in more advanced classes on computer and network attack and defense.

Recommended

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
Karen Oliver
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networking
Shyam Kumar Singh
 
Network security
Network securityNetwork security
Network security
Shyam Kumar Singh
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
MohamedOmerMusa
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
Gary Mendonca
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guide
Matt Ford
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
Sripati Mahapatra
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
Erfan Mallick
 

Recommended

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
Karen Oliver
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networking
Shyam Kumar Singh
 
Network security
Network securityNetwork security
Network security
Shyam Kumar Singh
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
MohamedOmerMusa
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
Gary Mendonca
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guide
Matt Ford
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
Sripati Mahapatra
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
Erfan Mallick
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
CMR WORLD TECH
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
shreyng
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
Wail Hassan
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
Cyber security professional services- Detox techno
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
nkrafacyberclub
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Boston Institute of Analytics
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
Anthony Hasse
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Ethical hacking at warp speed
Ethical hacking at warp speedEthical hacking at warp speed
Ethical hacking at warp speed
Sreejith.D. Menon
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
AmardeepKumar621436
 
CSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayCSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment Essay
Rochelle Schear
 
Intrusion Detection in WLANs
Intrusion Detection in WLANsIntrusion Detection in WLANs
Intrusion Detection in WLANs
ronrulzzz
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
Gregory Hanis
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 

More Related Content

Similar to scanning and analysis tools Fuzz testing

Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
CMR WORLD TECH
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
shreyng
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
Wail Hassan
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
Cyber security professional services- Detox techno
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
nkrafacyberclub
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Boston Institute of Analytics
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
Anthony Hasse
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Ethical hacking at warp speed
Ethical hacking at warp speedEthical hacking at warp speed
Ethical hacking at warp speed
Sreejith.D. Menon
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
AmardeepKumar621436
 
CSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayCSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment Essay
Rochelle Schear
 
Intrusion Detection in WLANs
Intrusion Detection in WLANsIntrusion Detection in WLANs
Intrusion Detection in WLANs
ronrulzzz
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
Gregory Hanis
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 

Similar to scanning and analysis tools Fuzz testing (20)

Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Ethical hacking at warp speed
Ethical hacking at warp speedEthical hacking at warp speed
Ethical hacking at warp speed
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
CSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayCSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment Essay
 
Intrusion Detection in WLANs
Intrusion Detection in WLANsIntrusion Detection in WLANs
Intrusion Detection in WLANs
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 

Recently uploaded

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 

Recently uploaded (20)

Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 

scanning and analysis tools Fuzz testing

  • 1. SCANNING AND ANALYSIS TOOLS To secure a network, someone in the organization must know exactly where the network needs to be secured. Although this step may sound simple and obvious, many companies skip it. They install a perimeter firewall and then relax, lulled into a sense of security by this single layer of defense. To truly assess the risks within a computing environment, you must deploy technical controls using a strategy of defense in depth, which is likely to include IDPSs, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers (commonly referred to as sniffers).
  • 2. Although some information security experts may not perceive them as defensive tools, scanners, sniffers, and other vulnerability analysis applications can be invaluable because they enable administrators to see what the attacker sees. Some of these tools are extremely complex, and others are rather simple. Some tools are expensive commercial products, but many of the best scanning and analysis tools are developed by the hacker community or As you’ve learned, an IDPS helps to secure networks by detecting intrusions; the remaining items in the preceding list help administrators identify where the network needs securing. More specifically, scanner and analysis tools can find vulnerabilities in systems, holes in security components, and unsecured aspects of the network.
  • 3. In the military, there is a long and distinguished history of generals inspecting the troops under their command before battle. In a similar way, security administrators can use vulnerability analysis tools to inspect the computers and network devices under their supervision. A word of caution, though: Good administrators should have several hacking Web sites bookmarked and should try to keep up with chat room discussions on new vulnerabilities, recent conquests, and favorite assault techniques. Security administrators are well within their rights to use tools that potential attackers use in order to examine network defenses and find areas that require additional attention.
  • 4. Scanning tools are typically used as part of an attack protocol to collect information that an attacker needs to launch a successful attack. The process of collecting publicly available information about a potential target is known as footprinting. The attacker uses public Internet data sources to perform keyword searches that identify the network addresses of an organization. Many of these scanning and analysis tools have distinct signatures, and some Internet service providers (ISPs) scan for these signatures. If the ISP discovers someone using hacker tools, it can revoke that user’s access privileges. Therefore, organizational administrators are advised to establish a working relationship with their ISPs and notify them of any plans that could lead to misunderstandings. Amateur users are advised not to use these tools on the Internet.
  • 5. the view source option on most popular Web browsers allows users to see the source code behind the graphics. Details in the source code of the Web page can provide clues to potential attackers and give them insight into the configuration of an internal network, such as the locations and directories for Common Gateway Interface (CGI) script bins and the names or addresses of computers and servers. In addition, public business Web sites such as those for Forbes or Yahoo! Business often reveal information about their company structure, commonly used company names, This research is augmented by browsing the organization’s Web pages. Web pages usually contain information about internal systems, the people who develop the Web pages, and other tidbits that can be used for social engineering attacks. For example,
  • 6. common search engines allow attackers to query for any site that links to their proposed target. By doing a bit of initial Internet research, an attacker can often find additional Internet locations that are not commonly associated with the company— that is, business-to-business (B2B) partners and subsidiaries. Armed with this information, the attacker can find the “weakest link” into the target network. consider a company that has a large data center in Atlanta. The data center has been secured, so an attacker will have a difficult time breaking into it via the Internet. However, the attacker has run a “link” query on a search engine and found a small Web server that links to the company’s main Web server. After further investigation, the attacker learns that the server was set For example,
  • 7. the organized research and investigation of internet addresses owned or controlled by a target organization. a logical sequence of steps or processes used by an attacker to launch an attack against a target system or network. Attack protocol- Footprinting-
  • 8.
  • 9. unrestricted internal link into the company’s corporate data center. The attacker can attack the weaker site at the remote facility and use the compromised internal network to attack the true target. While it may seem trite or clichéd, the old saying that “a chain is only as strong as its weakest link” is very relevant to network and computer security. If a company has a trusted network connection with 15 business partners, one weak business partner can compromise all 16 networks. To assist in footprint intelligence collection, you can use an enhanced Web scanner that examines entire Web sites for valuable pieces of information, such as server names and e-mail addresses. One such scanner is called Sam Spade (see Figure 9-13), which you can obtain by searching the Web for a copy of the last version (1.14). Although antiquated, Sam Spade can perform a host of scans and probes, such as sending multiple ICMP information requests (pings), attempting to retrieve multiple and cross- zoned DNS queries, and performing network analysis queries known as traceroutes from the commonly used UNIX command.
  • 10. All of these scans are powerful diagnostic and hacking activities, but Sam Spade is not considered hackerware (hacker-oriented software). Rather, it is a utility that is useful to network administrators and miscreants a like. For Linux or BSD systems, a tool called GNU Wget allows a remote user to “mirror” entire Web sites. With this tool, attackers can copy an entire Web site and then go through the source HTML, JavaScript, and Web-based forms at their leisure, collecting and collating all of the data from the source code that will help them mount an attack. The next phase of the attack protocol is a data gathering process called fingerprinting FINGERPRINTING- the systematic survey of a targeted organizations internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range. fingerprinting deploys various tools that are described in the following sections to reveal useful information about the internal
  • 11. -A type of tool used both by attackers and defenders to identif or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information. Port scanning utilities, or port scanners, are tools that can either perform generic scans or those for specific types of computers, protocols, or resources. You need to understand the network environment and the scanning tools at your disposal so you can use the tool best suited to the data collection task at hand. For instance, if you are trying to identify a Windows computer in a typical network, a built-in feature of the operating system, nbtstat, may provide your answer very quickly PORT SCANNER
  • 12. The more specific the scanner is, the more useful its information is to attackers and defenders. However, you should keep a generic, broad-based scanner in your toolbox to help locate and identify unknown rogue nodes on the network. Probably the most popular port scanner is Nmap, which runs both on UNIX and Windows systems. A port is a network channel or connection point in a data communications system. Within the TCP/IP networking protocol, TCP and User Datagram Protocol (UDP) port numbers differentiate the multiple communication channels that connect to the network services offered on a network device. Each application within TCP/IP has a unique port number. Some have default ports but can also use other ports. Some of the well-known port numbers are shown in Table 9-2. In all, 65,536 port numbers are in use for TCP and another 65,536 port numbers are used for UDP. Services that use the TCP/IP protocol can run on any port; however,
  • 13. Port 0 is not used. Port numbers greater than 1023 are typically referred to as ephemeral ports and may be randomly allocated to server and client processes. Why secure open ports? Simply put, an attacker can use an open port to send commands to a computer, potentially gain access to a server, and possibly exert control over a networking device. As a rule of thumb, any port that is not absolutely necessary for conducting business should be secured or removed from service. For example, if a business doesn’t host Web services, there is no need for port 80 to be available on its servers.
  • 14. Attack Surface- the functions and features that a system exposes to unauthenticated users. The number and nature of the open ports on a system are an important part of its attack surface. As a general design goal, security practitioners seek to reduce the attack surface of each system to minimize the potential for latent defects and unintended consequences to cause losses. At this point, we must caution that some activities performed routinely by security professionals—specifically, port scanning—may cause problems for casual system users. Even the use of the network ping command can cause issues at some organizations. Some organizations have strong policy prohibitions for activities that
  • 15. Port Number Protocol 7 Echo 20 File Transfer (default data) (FTP) 21 File Transfer (Control) (FTP) 23 Telnet 25 Simple Mail Transfer Protocol (SMTP) 53 Domain Name System(DNS) 80 Hypertext Transfer Protocol(HTTP) 110 Post Office Protocol version 3 (POP3) 161 Simple Network Management Protocol (SNMP) Table 9-2 Commonly Used Port Numbers
  • 16. FIREWALL ANALYSIS TOOLS Understanding exactly where an organization’s firewall is located and the functions of its existing rule sets are very important steps for any security administrator. Several tools automate the remote discovery of firewall rules and assist the administrator (or attacker) in analyzing the rules to determine what they allow and reject. The Nmap tool mentioned earlier has some advanced options that are useful for firewall analysis. For example, the option called idle scanning, which is run with the -I switch, allows the Nmap user to bounce a scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan. More specifically, most operating systems do not use truly random IP packet identification numbers (IP IDs), so if the DMZ has multiple hosts and one of them uses nonrandom IP IDs, the attacker can query the server and obtain the
  • 17. The attacker can then spoof a packet that is allegedly from the queried server and destined for an internal IP address behind the firewall. If the port is open on the internal machine, the machine replies to the server with a SYN-ACK packet, which forces the server to respond with a TCP RESET packet. In its response, the server increments its IP ID number. The attacker can now query the server again to see if the IP ID has incremented. If it has, the attacker knows that the internal machine is alive and has the queried service port open. In a nutshell, running the Nmap idle scan allows attackers to scan an internal network as if they were on a trusted machine inside the DMZ. Firewalk is another tool that can be used to analyze firewalls. Written by noted network security experts Mike Schiffman and David Goldsmith, Firewalk uses incrementing Time-To- Live (TTL) packets to determine the path into a network as well as the default firewall policy. Running Firewalk against a target machine reveals where routers and firewalls are filtering traffic to the target host.
  • 18. We must again caution that many tools used by security professionals may cause problems for casual system users. Some organizations have strong policy prohibitions against any form of hackerware, and even possessing the files needed to install it or having results from its use may be a violation that carries grave consequences. Many endpoint protection products trigger alarms for these types of tools. Always ask permission from the organization’s security office before using any tools of this nature. A final firewall analysis tool worth consideration is HPING (www.hping.org), which is a modified ping client. It supports multiple protocols and has a command-line method of specifying nearly any ping parameter. For instance, you can use HPING with modified TTL values to determine the infrastructure of a DMZ.
  • 19. You can use HPING with specific ICMP flags to bypass poorly configured firewalls that allow all ICMP traffic to pass through and find internal systems. Administrators who are wary of using the same tools that attackers use should remember two important points. Regardless of the tool that is used to validate or analyze a firewall’s configuration, user intent dictates how the gathered information is used. To defend a computer or network well, administrators must understand the ways it can be attacked. Thus, a tool that can help close an open or poorly configured firewall will help the network defender minimize the risk from attack.
  • 20. The ability to detect a target computer’s operating system is very valuable to an attacker. Once the OS is known, the attacker can easily determine all of the vulnerabilities to which it is susceptible. Many tools use networking protocols to determine a remote computer’s OS. One such tool is XProbe, which uses ICMP to determine the remote OS. When run, XProbe sends many different ICMP queries to the target host. As reply packets are received, XProbe matches these responses from the target’s TCP/IP stack with its own internal database of known responses. Because most OSs have a unique way of responding to ICMP requests, XProbe is very reliable in finding matches and thus detecting the operating systems of remote computers. Therefore, system and network administrators should restrict the use of ICMP through Operating System Detection Tools
  • 21. Vulnerability Scanners An example of a vulnerability scanner is Nessus, a professional freeware utility that uses IP packets to identify hosts available on the network, the services (ports) they offer, their operating system and OS version, the type of packet filters and firewalls in use, and dozens of other network characteristics. Figures 9-14 and 9-15 show sample screens from Nessus. Vulnerability scanners should be proficient at finding known, documented holes, but what happens if a Web server is from a new vendor or a new application was created by an internal development team? In such cases, you Active vulnerability scanners examine networks for highly detailed information An active scanneris one that initiates traffic on the network to determine security holes.
  • 22. is a straightforward technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. Vulnerabilities can be detected by measuring the outcome of the random inputs. Fuzz testing One example of a fuzz scanner is Spike, which has two primary components. The first is the Spike Proxy (www.spikeproxy.com), which is a full-blown proxy server. As Web site visitors use the proxy, Spike builds a database of each traversed page, form, and other Web- specific asset. When the Web site owner determines that enough history has been collected to completely characterize the full site, Spike can be used to check for bugs. In other words, administrators can use the usage history collected by Spike to traverse all known pages, forms, and active programs such as asp and cgibin, and then can test the system by attempting overflows, SQL injection, cross-site scripting, and many other
  • 23.
  • 24. A list of the top commercial and residential vulnerability scanners includes the following product:  Nessus  OpenVAS  CoreImpact  Nexpose  GFI LanGuard  Microsoft Baseline Security Analyzer (MBSA)  Retina  Secunia PSI  Nipper  Security Administrator`s Integrated Network Tool (SAINT
  • 25. The Nessus scanner features a class of attacks called destructive attacks. If enabled, Nessus attempts common overflow techniques against a target host. Fuzzers or black-box scanners and Nessus in destructive mode can be very dangerous tools, so they should be used only in a lab environment. In fact, these tools are so powerful that even experienced system defenders are not likely to use them in the most aggressive modes on their production networks. At the time of this writing, the most popular scanners seem to be Nessus, OpenVAS, and Nexpose. The Nessus scanner was originally open source, but it is now strictly commercial.
  • 26. Members of an organization often require proof that a system is vulnerable to a certain attack. They may require such proof to avoid having system administrators attempt to repair systems that are actually not broken or because they have not yet built a satisfactory relationship with the vulnerability assessment team. In these instances, a class Of scanners is available that actually exploits the remote machine and allows the vulnerability analyst (sometimes called a penetration tester) to create an account, modify a Web page, or view data. These tools can be very dangerous and should be used only when absolutely necessary. Three such tools are Core Impact, Immunity’s
  • 27. Of these three tools, only the Metasploit Framework is available without a license fee. The Metasploit Framework is a collection of exploits coupled with an interface that allows penetration testers to automate the custom exploitation of vulnerable systems. For instance, if you wanted to exploit a Microsoft Exchange server and run a single command (perhaps add the user “security” into the administrators group), the tool allows you to customize an overflow in this manner. Figure 9-16 shows the Metasploit Framework.
  • 28.
  • 29. Passive vulnerability scanner - A scanner that listens in on a network and identifies vulnerable versions of both server and client software. At the time of this writing, two primary vendors offer this type of scanning solution: Tenable Network Security, with its Passive Vulnerability Scanner (PVS), and Watcher Web Security Scanner from Casaba (see Figure 9-17). The advantage of using passive scanners is that they do not require vulnerability analysts to obtain approval prior to testing. These tools simply monitor the network connections to and from a server to obtain a list of vulnerable applications. Furthermore, passive vulnerability scanners can find clientside vulnerabilities that are typically not found by active scanners. For instance, an active scanner operating without domain admin rights would be unable to determine the version of Internet Explorer running on a desktop machine, but a passive scanner could make that determination by observing traffic to and from the client.
  • 30. PACKET SNIFFERS -A software program or hardware appliance that can intercept copy, and interpret network traffic. -A packet sniffer or network protocol analyzer can provide a network administrator with valuable information for diagnosing and resolving networking issues. In the wrong hands, however, a sniffer can be used to eavesdrop on network traffic. commercial and open-source sniffers are both available—for example, Sniffer is a commercial product and Snort is open-source software. The dominant network protocol analyzer is Wireshark (www.wireshark.org), formerly known as Ethereal, which is available in open-source and commercial versions. Wireshark allows the administrator to examine data
  • 31. Wireshark’s features include a language filter and a TCP session reconstruction utility. Figure 9-20 shows a sample screen from Wireshark. To use these types of programs most effectively, the user must be connected to a network from a central location using a monitoring port. Simply tapping into an Internet connection floods you with more data than you can readily process, and the action technically constitutes a violation of the U.S. Wiretap Act. To use a packet sniffer legally, the administrator must: 1.be on a network that the organization owns, 2.have authorization of the network’s owners, and 3.have knowledge and consent of the content creators.
  • 32. If all three conditions are met, the administrator can selectively collect and analyze packets to identify and diagnose problems on the network. Consent is usually obtained by having all system users sign a release when they are issued a user ID and passwords; the release states that “use of the systems is subject to monitoring.” These three conditions are the same requirements for employee monitoring in general; therefore, packet sniffing should be construed as a form of employee monitoring. Many administrators feel safe from sniffer attacks when their computing environment is primarily a switched network, but they couldn’t be more wrong. Several open-source sniffers support alternate networking approaches and can enable packet sniffing in a switched network environment. Two of these approaches are ARP spoofing and session hijacking, which use tools like Ettercap (www.ettercap-project.org/). To secure data in transit across any network, organizations must use a carefully
  • 33. WIRELESS SECURITY TOOLS 802.11 wireless networks have sprung up as subnets on nearly all large networks. A wireless connection is convenient, but it has many potential security holes. An organization that spends all of its time securing the wired network while ignoring wireless networks is exposing itself to a security breach. As a security professional, you must assess the risk of wireless networks. A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. Sectools.org identified the top wireless tools in current use:
  • 34. • Aircrack, a wireless network protocol cracking tool • Kismet, a powerful wireless network protocol sniffer, network detector, and IDPS, which works by passively sniffing networks • NetStumbler, a freeware Windows file parser available at www.netstumbler.org • inSSIDer, an enhanced scanner for Windows, OS X, and Android • KisMAC, a GUI passive wireless stumbler for Mac OS X (a variation of Kismet)31
  • 35. Another wireless tool, AirSnare (https://airsnare.en.softonic.com/), is freeware that can be run on a low-end wireless workstation. AirSnare monitors the airwaves for any new devices or access points. When it finds one, AirSnare sounds an alarm to alert administrators that a new and potentially dangerous wireless apparatus is attempting access on a closed wireless network. The tools discussed in this module help the attacker and the defender prepare themselves to complete the next steps in the attack protocol: attack, compromise, and exploit. These steps are beyond the scope of this text and are usually covered in more advanced classes on computer and network attack and defense.