computer science innovations llc n.
Skip this Video
Loading SlideShow in 5 Seconds..
Cybersecurity PowerPoint Presentation
Download Presentation


20 Vues Download Presentation
Télécharger la présentation


- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Computer Science Innovations, LLC Cybersecurity

  2. Fingerprinting So, we have a file at the top level of a Web site. It is called robots.txt It specifies where to find content and What content to avoid. What can this tell us from a fingerprinting perspective? Tells us the stuff we wish to protect.

  3. Fingerprinting Perspective Take down the robots.txt Take down the sitemaps Try to take down the disallows Use wget …

  4. Lab Fingerprint Web Server Use wget Use wget Use more robots.txt Use wget <sitemap files> Use more <sitemap files> Use www.schwans.file Try to wget disallowed files.

  5. What Did We Learn? What can we do with robots.txt from a fingerprint perspective. Part of directory structure. Show's you what they do not want to share. Why does wget not pull disallow information? Hint man wget . It adhere's to the robots.txt protocol. How could we get disallowed information? What type of licensing is wget? Open Source. We can get the source. Change it and go after the disallow.

  6. Web Site Fingerprinting Best Practices: 1) Use robots.txt for things you want found by a search engine and disallow for things you do not want found. 2) Use a tool (if you are a penetration tester) to work around the disallow in robots.txt. Remember disallow is a protocol. 3) Use security in the web server to protect sensitive files.

  7. Network 101 Typically three types of networks A, B, C Differ by.... netmask A netmask B netmask C netmask So how does this work.

  8. OSI Networking Model Application - Applications running on top - ssh Presentation --- Map data between representations. Session --- Support conversation. Transport --- Put stuff in order, end to end Network – communicate with routing Data Link --- communicate without routing Physical --- Cable

  9. Data Link Layer Data link – no routing Scott Brian

  10. Command to See Network Ifconfig -a Scott inet addr: Bcast: Mask: Brian ….. Netmask What does that mean.

  11. Netmask • • Class C network. • Only route if you differ by more than the last octet. • • • No Routing necessary. Only differ by where the Netmask is 0 therefore resolved at the data link layer. MAC/IP. The conversion between MAC and IP is datalink.

  12. More Netmask • is a B network only route if differ by left-most two octets. Routing? No. Why? The only values that differ are where you have a bit pattern of 1111's is an A network and does it require routing. Only differs by where it is 1.

  13. Netmask Concluded • Class C network • Netmask • What is that in HEX? • FFFF.FFFF.FFFF.0000 • What is that in Binary? • 1111111111111.1111111111111111.111111111111.0 So Class C network one computer is • and one is • Need Routing?

  14. Netmask Lab • Class C Network • and Need routing? Yes. Differs by third • Class A Network • and need routing? no. • and need routing? yes • Question for a router Cisco– who makes it. – Dlink Netgear, who makes it?

  15. A Little Further in the Network • Find the router.. • Unix • Command netstat -rn scott@kitchen:~$ ifconfig -a eth0 Link encap:Ethernet HWaddr c8:0a:a9:b5:9d:db inet addr: Bcast: Mask: scott@kitchen:~$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface U 0 0 0 eth0 U 0 0 0 eth0 UG 0 0 0 eth0

  16. DHCP • Distributed Hosts Configuration Protocol • Machine comes up and looks for a DHCP server • Gets an IP address, Netmask and DNS. • What vulnerability do we have here.

  17. DHCP - Vulnerability • Get on Network and put your own DHCP Server up • The DNS Server it give or serves up is yours. • And it routes to spoofed web sites. • Why does this work? • Because it looks for the first DHCP sever. The one that responds first will be the one closest to the computer asking. Unless you have an intrusion detection systems, you will get away with this. • An intrusion detection system at the network layer would find this. • Part of a penetration test.

  18. What About DNS? • Domain Name Service. Maps names to IP addresses. • It is given to us by DHCP • Unix find it? More /etc/resolv.conf scott@kitchen:~$ more /etc/resolv.conf # Generated by NetworkManager nameserver

  19. On My Network • is the DNS Server and the Router • Netmask is • It is CISCO like???? • That is what we found out. • To do on Windows ipconfig /all Lab.... Tell me what you have on your Windows box?

  20. Conventions • Class C • Generally 192.168.x.x • Class A (bigger network) Generally 10.x.x.x. • Gateway … generally. What ever you are working with .1 DHCP Server is generally the Gateway.

  21. What is DHCP? • Distributed Hosts Configuration Protocol • Turn on a computer, get the IP address, DNS Server, Router, and any Routes. • Broadcasts for it. • In other words, comes up, says who is my DHCP? First one wins.

  22. What is wrong with our Network, via Conventions? • C Network, why netmask • IP address starts with 10, which is an A network • Should start with ???? 192.168 • Router ends in .254, what does it typically do? • .1

  23. Review Fingerprinting • Why do we Fingerprint? To learn about the system. If you are an adversary, you want to find something easy. • If you are a security professional, you want to see how hard your systems are. • Most common tool is nmap. • Nmap can help you work around an IDS. • Inspects traffic to tell you about products and ports. • Nmap is a TCP/IP expert, Xmas, Stealth, etc.

  24. Network use Netmask Typical network --- cisco … Ip address of the router is C So if I talk to to Do I need to route? No? So if the address differs by the octet with a 0 in the netmask no routing.

  25. Network Route When Addresses differ from where there is a 1. For If we wish to go from to Do we need to route? Yes How do we find our router? Use netstat -rn

  26. Talk About Addresses TCP/IP protocol We agree to not route what addresses: 169.254 what you get when you do not get a dhcp address. 172. 10. 192.168 192.168.1.x CISCO 192.168.0.x DLINK

  27. Network Topology So, I want three networks to be separate and have one external address to the internet. How do I do this? external address internal Network1 192.168.1.x gtw Internal ( Network2 192.168.2.x gtw Internal ( Network3 192.168.3.x gtw Internal (

  28. What Did We Learn 1) Netmask determines your address range.. Route when difference is in the area of 1's on netmask. 2) Router must be on same subnet as network it is routing. 3) How do we find netmask Unix (ifconfig -a) windows ipconfig /all 4) How do we find router – netstat -rn 5) How do we find dns server windows its ipconfig /all Use more /etc/resolv.conf

  29. Email Tracking Let's say, I sent an email to Mo and I wanted assurance that he has read it. Email itself is a datagram. In the email message <img src=””> Tools that do this for you. Put a link that does not require a click and sends that to a server for recordiing.

  30. Email Tracking <img src=””> This can be a servlet that returns a graphic. When the email is read, the servlet it called (it has to show the graphic). While getting the graphic, it denotes the fact that the email was read.

  31. Fingerprinting Lab Tell me what I am running nmap By using nmap Tell me what hosts on your subnet are running. By using nmap

  32. Fingerprinting • We want to see what is on our network. • If you are bad.... then you are looking for easy things. • We want to make sure, we are not one of those easy things. • So for Bad People, Fingerprinting is a way to find easy systems to crack. • For Security Professionals, hardening our systems.

  33. Best Practices • Only SSH login and only through a private key. • Open Ports 22 (private key only) and 443 • This is for externally facing Servers • So how do we find out?

  34. How Do We Fingerprint • Command - telnet host port • Then send it commands • Then get what's running by parsing the results of commands. scott@companion:~$ telnet 80 Trying HEAD <address>Apache/2.2.14 (Ubuntu) Server at localhost Port 80</address> </body></html>

  35. Instead Of • Telnet to a port. • Writing a socket level program • Ping scott@companion:~$ ping PING ( 56(84) bytes of data. 64 bytes from ( icmp_req=1 ttl=52 time=24.7 ms

  36. We Use Nmap • What is good about Nmap? • Price.... Free • Runs on every system. • Around a long time – stable. • Defacto Standard. • Does a lot of things.

  37. nmap • We can see what systems are up on a subnet • We can see what ports are open • We can see what tools are runinng on the open ports. • We don't have to fool around with TCP/IP

  38. Two Movies on nmap Let's watch a youtube movie on nmap.

  39. Lab • Tell me what is running on my machine. • • Do it two ways. • First telnet port HEAD port 80. • Telnet 80 • HEAD • Then do an nmap on my box. • Tell me what is running. • Tell me what hosts are up on our 10. subnet.

  40. Let's Simulate nmap scott@companion:~$ telnet 80 Trying Connected to Escape character is '^]'. head <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>501 Method Not Implemented</title> </head><body> <h1>Method Not Implemented</h1> <p>head to /index.html not supported.<br /> </p> <hr> <address>Apache/2.2.14 (Ubuntu) Server at localhost Port 80</address> </body></html> Connection closed by foreign host. scott@companion:~$