1 / 16

Enhancing Network Security with ServiceTrak, NLOG, and NMAP at Rensselaer Polytechnic Institute

This report outlines the objectives and results of integrating ServiceTrak with NLOG and NMAP at Rensselaer Polytechnic Institute. Key goals included identifying existing and potential security exposures, validating system configurations, and building on previous analyses. Utilizing NMAP for port scanning, we identified open ports and matched TCP/IP fingerprints for OS identification. The process revealed vulnerabilities and historical exposure trends, while also highlighting the importance of proper network administration practices and tool integration for enhanced security.

bandele
Télécharger la présentation

Enhancing Network Security with ServiceTrak, NLOG, and NMAP at Rensselaer Polytechnic Institute

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute

  2. Objectives • Identify existing security exposures • Identify potential security exposures • Validate meta system configuration • Build on existing work • Internal - Simon, ServiceTrak • External - NMAP/NLOG

  3. Computing Environment • Computer Center Machines • Unix - Centrally administered • WinTel - Mixed administration • Departmental Machines • Unix Administered by CC Staff • Unix Administered by non CC Staff • WinTel - Mixed Administration

  4. NLOG/NMAP • NMAP port scans networks • Matches TCP/IP Fingerprint for OS • Identifies open ports (services) • NLOG • Provides some data management • Provides a web interface

  5. ServiceTrak • Tracks Services and Servers • Web interface to Simon host info

  6. Host Groups lpr_Specials pop_Specials All_Workstations lpr_ok pop_ok Public Workstations Private Workstations AIX_Workstations Public_AIX Private_AIX Public_Irix Irix_Workstations Private_Irix Public_Solaris Solaris_Workstations Private_Solaris

  7. Service “Safety” • My Standards • History of attack/exposure - SMTP • Encourage Exposure - Telnet • Not required for user workstation • Specific servers only (ftp, dns, etc) • Set for the needs of my department • Your Mileage May Vary

  8. Similar Hosts • Do all hosts offer the SAME services • Do the services make sense for that group? • Is the OS fingerprint correct for each host?

  9. Remote Access Hosts

  10. Ssh (22/tcp)Remote Access NMAP • Safety Level: Safe • Secure Shell • TSV File

  11. Safety Level Breakdown • Special Group of ALL HOSTS • Which ones are running unsafe protocols? • Do we care?

  12. Protocol Specific Lists • Service specialists interested in their particular service. • Hostmaster interested in DNS servers • Webmaster interested in WWW servers • Operating system specialists interested in their own OS.

  13. Problems • NLOG can crash some services • Trips scan detectors • Irate email from other sys admins • False reports from detection tools • Back Officer Friendly • Policy Issues

  14. Our Results • Identified some exposures • OS upgrade turned some things on • Identified site configuration errors • “Trusted” unix host running NT • Integration of NLOG info with existing tools helpful.

  15. Lessons Learned • Host grouping is VERY useful • NLOG may be a good approach • OS (via TCP Fingerprint) very handy • Policy Issues • Let someone else run it and take the heat…..

  16. ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute finkej@rpi.edu http://www.rpi.edu/~finkej

More Related