1 / 62

An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009

UCCSC 2009 - Focus on Security. An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009. Disclaimer. Don’t blame me if your workstation breaks or something bad happens to your network. Scientist Gone Bad - this is me!. Expectations.

odette
Télécharger la présentation

An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UCCSC 2009 - Focus on Security An Overview of Non-Commercial Software for Network Administrators Doug Nomura doug.nomura@gmail.com June 16 2009

  2. Disclaimer Don’t blame me if your workstation breaks or something bad happens to your network

  3. Scientist Gone Bad - this is me!

  4. Expectations • General overview - Only have 60 minutes! • Focus will be on tools to help detect problems with your network • Two Hat Perspective • If you can use the tool, think how it can be used against you!

  5. Approach • Tool will be described • What the tool does • How can you use it • Advantages/disadvantages

  6. Topics to be covered • Data Mining 1A • Web 2.0 • Kismet • OpenVAS • Metasploit

  7. More Topics • NMap • Web Vulnerability Scanners • Pros and Cons of the free stuff • The Future

  8. Data Mining 1A

  9. Data Mining 1A • Every network leaks or broadcasts information • What is allowable or acceptable by your organization? • This section will give examples of types of information being broadcast - allowable and sensitive

  10. Classic Sources of Data Leaks • DNS & MX records • Technical forums • Job sites

  11. Google’sAdvanced Operators • Reduce noise • Help to refine search • Operator:search term • Tutorial to advanced operators http://www.googletutor.com/google-manual/web-search/adding-advanced-operators/

  12. Operators • domain:ucdavis.edu • “Exact phrase” • Intitle: Look for phrase in page

  13. Types of information • Personal information • Technical information

  14. Let’s look for some personal information

  15. Does anyone from UCD know person?or My Gosh - Lookat the SSN!!!

  16. Sensitive information deleted from this slide

  17. Is anyone from UCSF?Or this probably shouldnot be broadcast to the world

  18. Sensitive information deleted from this slide

  19. Text Example of a technical google hack revealing Nessus Scan Reports

  20. Summary of Google Hacking • Use Google to peruse your servers for sensitive information • Clean up your mess like old scan reports • Educate users about the danger of broadcasting information

  21. The Pros of Google Hacking • Find information you didn’t know was being broadcast • It’s cheap and works

  22. The Cons of Google Hacking • Someone may have found the information already • You may not find everything • Fear the Google cache!!!!!

  23. References for Google Hacking • See Johnny Long’s book - Google Hacking for Penetration Testers - ISBN-10 1597491764 • Any questions - just send me an email

  24. Web 2.0 • Example: Twitter • Technical • Exploitation of code • Passive enumeration • Users careless of information being broadcast

  25. Solution • Identify types of data not be broadcast • Educate • Users need to be made aware there are people “watching.”

  26. “Free” Tools • Many released under GNU/GPL • Range from simple to complex • Many have great support and documentation

  27. Kismet • Detects presence of 802.11 APs • Sniffs traffic • IDS • kismewireless.net

  28. Kismet Note error messages at bottom - ignore them

  29. Courtesy of kismetwireless.net

  30. Why use Kismet? • Pen testing of APs • Seek out rogue APs • Survey and map 802.11 installation • Distributed IDS

  31. Kismet Advantages • Initial cost is free • Very powerful • Customizable • plugins

  32. Cons of Kismet • Interface • May require significant configuration • Incompatibilities • Long term cost could be high due to time spent configuring and tweaking apps

  33. OpenVAS • Vulnerability Assessment • Based upon Nessus 2.2 • Released under GNU/GPL • openvas.org

  34. Image Courtesy of openvas.org

  35. Image Courtesy of openvas.org

  36. Image Courtesy of openvas.org

  37. OpenVAS • Runs well on Linux • Financially - free VA tool • Growing support for project

  38. Disadvantages • Problems with some NVTs • Some difficulty non-linux platform

  39. Metasploit • Security Framework identifies vulnerabilities and exploits them • Intended for penetration testing and research • Customizable • metasploit.org

  40. Metasploit Text Command line interface of Metasploit

  41. Metasploit Example vulnerability to be used on Windows 2000 machine

  42. Metasploit Selection of exploit

  43. Metasploit Access has been achieved on remote machine

  44. Metasploit Advantages • Growing community of users • Growing documentation • Runs well on most flavors of *nix • Excellent tool to identify and exploit vulnerability

  45. Metasploit Disadvantages • Do not expect all exploits nor may be up to date with latest exploits • Lack of logging or reports • Machine running Metasploit can be compromised • This is a very dangerous tool and may violate policy at your institution. Use on test network

  46. NMap - Network Mapper • Sends raw IP packets to specific host, or a range of hosts • Determines OS, version, open ports, identifies potential vulnerability • nmap.org

  47. NMap • Network administrators and other IT folk responsible for network based assets • Pen testers and other security folk

  48. NMap Loki:/Users/Doug root# nmap -sV 192.168.1.1-25 Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-14 23:56 PDT Interesting ports on 192.168.1.1: Not shown: 998 closed ports PORT STATE SERVICE VERSION 23/tcp open telnet Cisco telnetd (IOS 6.X) 443/tcp open ssl/http Cisco PIX Device Manager MAC Address: 00:08:21:3A:29:B2 (Cisco Systems) Service Info: OS: IOS; Device: firewall Interesting ports on 192.168.1.2: Not shown: 997 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp tnftpd 20061217 22/tcp open ssh OpenSSH 5.1 (protocol 1.99) 548/tcp open afp Apple AFP (name: Feline; protocol 3.2; Mac OS X 10.4/10.5) MAC Address: 00:0D:93:32:D0:26 (Apple Computer) Service Info: Host: Feline.local Interesting ports on 192.168.1.4: Not shown: 999 closed ports PORT STATE SERVICE VERSION 5009/tcp open airport-admin Apple AirPort admin MAC Address: 00:03:93:1F:01:65 (Apple Computer) Interesting ports on 192.168.1.6: Part of a Nmap scan report

  49. Strengths of NMap • Large base of support from user and developer community • Mature product • Fast and versatile scanner • Extremely stable. Install and go!

More Related