1 / 14

Module 5 – Vulnerability Identification

Module 5 – Vulnerability Identification. Phase II  Controls Assessment  Scheduling Information Gathering Network Mapping Vulnerability Identification Penetration Gaining Access & Privilege Escalation Enumerating Further Compromise Remote Users/Sites Maintaining Access

aradia
Télécharger la présentation

Module 5 – Vulnerability Identification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 5 – Vulnerability Identification • Phase II  Controls Assessment  Scheduling • Information Gathering • Network Mapping • Vulnerability Identification • Penetration • Gaining Access & Privilege Escalation • Enumerating Further • Compromise Remote Users/Sites • Maintaining Access • Cover the Tracks Heorot.net

  2. Vulnerability Identification • Purpose behind Vulnerability Identification “...find flaws within the network, servers, services and other attached information resources.” Heorot.net

  3. Vulnerability Identification • Identify vulnerable services using service banners • Perform vulnerability scan to search for known vulnerabilities • Perform false positive and false negative • Enumerate discovered vulnerabilities • Estimate probable impact (classify vulnerabilities found)‏ • Identify attack paths and scenarios for exploitation Heorot.net

  4. Identify Vulnerable ServicesUsing Service Banners Heorot.net

  5. Apache Demonstration Identify Vulnerable ServicesUsing Service Banners

  6. Perform Vulnerability Scan • *Tools: • Nessus • Sara • Internet Scanner • Retina Network Security Scanner • Netrecon • Core IMPACT *None of these tools are found on the BackTrack Disk Heorot.net

  7. Perform Vulnerability Scan • Advantage of Vulnerability Scanners: • “Click-and-Go” • Basic knowledge of IT and Security • Powerful • Up-to-date • Disadvantage of Vulnerability Scanners: • “Click-and-Go” • Basic knowledge of IT and Security Heorot.net

  8. “False positives refer to non-issues that were incorrectly detected. Accordingly, false negatives refer to existent issues that were not detected during an assessment. In every assessment there is always the risk of any of these being present.” Perform False Positive and False Negative

  9. Enumerate Discovered Vulnerabilities • Identified Vulnerability • Apache/2.0.55 (UNIX) PHP/5.1.2 • Tools: • Web Sites: • Milw0rm.org • Securityfocus.com • Cert.org • Packetstormsecurity.com • National Vunerability Database • http://nvd.nist.gov/ • Metasploit • Vulnerability Scanners Heorot.net

  10. Apache / milw0rm Demonstration Enumerate Discovered Vulnerabilities

  11. Estimate Probable Impact • High Risk Vulnerability • “...immediate threat of high and adverse impact on the business critical processes of the target organization” • Medium Risk Vulnerability • “...threat of high and adverse impact to non-critical systems in terms of business. • “...no immediate threat nor a big impact and the vulnerability affects critical business systems.” • Low Risk Vulnerability • ...”the technical and business impact is low.” Heorot.net

  12. Identify Attack Paths and Scenarios for Exploitation • Game plan on how to attack the system • List of vulnerabilities • Threat Level based on Impact to business goals • Measures to mitigate vulnerabilities • Stopping point About to move away from “Blue Team”and move into “Red Team” Heorot.net

  13. Hands-On Exercise Identify Live Hosts • Tools: • The Internet • List of Services • Version Information • Operating System • Version Information • Find known Vulnerabilities • Bugtraq • http://securityfocus.com/archive/1 • National Vunerability Database • http://nvd.nist.gov/ • Find Potential Exploits • milw0rm.org (that’s a “zero”) • Securityfocus.com • Cert.org • Packetstormsecurity.com Heorot.net

  14. Module 5 – Conclusion • Phase II  Controls Assessment  Scheduling • Information Gathering • Network Mapping • Vulnerability Identification • Identify vulnerable services using service banners • Perform vulnerability scan • Perform false positive and false negative • Enumerate discovered vulnerabilities • Estimate probable impact • Identify attack paths and scenarios for exploitation Heorot.net

More Related