Upload
lauren-davidson
View
226
Download
0
Embed Size (px)
DESCRIPTION
A Security Professional should 3 Ensure level of security Discover the flaws Understand the Risks Put suitable countermeasure and safeguards Evaluate protocols and application components Evaluate the interactions among different system elements Evaluate the Communication Topology Evaluate the flow of sensitive data in the system
Citation preview
1
فصل ه�فتمTrust But Verify:
Checking Security
درس امنیت تجارت الکترونیک
به نام خدا
علی ناصراسدی
2
Objectives How to define trust and decide on the
level of security to apply to any given situation.
You must understand the target system. Holistic Perspective Detailed Perspective Pitfalls
3
A Security Professional should
Ensure level of security Discover the flaws Understand the Risks Put suitable countermeasure and safeguards Evaluate protocols and application components Evaluate the interactions among different
system elements Evaluate the Communication Topology Evaluate the flow of sensitive data in the
system
4
Requirements Analyzing the security of system with tools. then, System Hardening
Tools: Application Survey tools
Provide you very detailed insight into what the applications do how they behave from a security perspective whether there are hidden vulnerabilities in them
Protocols and Network tools Provide you
flaws in communication infrastructure when individual applications exchange data
5
Tools By applying these tools to your applications
and network infrastructure you set up what are called reconnaissance
posts around your system. Better results on virtualization softwares
VMWare KVM Sun xVM VirtualBox
Isolation Heterogeneous operating system environments
6
Vulnerability Assessment and Threat Analysis
Performing a thorough system survey from a security perspective is referred to as Vulnerability Assessment and Threat Analysis (VATA).
One of the most useful techniques to assist in performing an effective VATA is to compose what is called an attack tree.
a structure that illustrates the system components and the links through which they are connected.
7
Sample Attack Tree
8
Attack Tree Composing a complete attack tree is
practically impossible. combinatorial explosion state-space explosion
You need to be selective and choose the most important components and links
Unfortunately there is no automated tool to compose an attack tree.
9
Intrusion Detection and Prevention Using Snort
One of the worst things that can happen is entering your house and realizing that it has been broken into.
But the next worse thing that can happen is that you enter your house, it has been broken into, and you don’t know it.
Your computer system is no different than your house from a protection perspective. Need some intrusion-prevention mechanisms Snort 2.9.8.0 (http://www.snort.org)
10
Snort Snort is a rule-based Network Intrusion Prevention System
(NIPS) and Network Intrusion Detection System (NIDS) that operates using sensors.
Created by Martin Roesch in 1998. It is available in both open source and a commercial version
offered by Sourcefire. Operates in three modes
intrusion detection intrusion prevention packet sniffing
Several sub-modes depending on detection and prevention requirements of your network packet logging traffic analysis on an IP network
11
Snort - 2 Snort is rule-based
you could define a set of conditions based on how your evaluation is conducted
look for packets that are sent from a specific network address, or are destined to a particular address.
Snort uses sensors points of interest in your network topology a specific router in an office building
12
Network Scanning Using Nmap
Sometimes you need to audit and explore your network to perform inventory, upgrade schedules, and monitor your network for security-related activities.
Nmap (Network Mapper) is the perfect tool in your toolbox for this task.
network scanner Nmap can map the network based on hosts, services, ports,
topology, timing, and various other profiles. it can guess (with a reasonable accuracy) the operating
system that a host runs by sending a network packet to the target host, examining the response header, and comparing it with known patterns in its database.
13
Nmap Nmap discovers various elements and
produces a map of the network. It can discover passive services.
whether or not a service is available written by Gordon Lyon
14
Web Application Survey The most important piece of your website is its front-end. You need to evaluate the logic and the flow of this layer
extremely carefully. The best way to do this is to manually click through all the
links to check their integrity and ensure every page is operating as intended by the designer.
However, for a complex site, this is not always practical. Tools
Lynx Wget Teleport Pro BlackWidow BrownRecluse Pro
15
Lynx Lynx is a text browser for the World Wide
Web. allows the user to dynamically traverse
the target site and evaluate its contents. As of 2015, it is the oldest web browser
currently in general use and development, having started in 1992.
16
Wget Wget is a free software package
provided by GNU for retrieving files using HTTP, HTTPS, and FTP protocols.
Using a script and Wget, you could automatically download an entire website for static analysis.
Latest Version: 1.17 (12.2015)
17
Teleport Pro Teleport Pro is shareware for offline
browsing by Tennyson Maxwell Information Systems, Inc.
provides cookie support JavaScript parsing capability simultaneous retrieval threads Java Applet retrieval retrieval filters
18
BlackWidow BlackWidow is shareware from SoftByte Labs. For scanning a site and creating a complete
profile of its structure and external and internal links, and even figuring out link errors.
has a powerful filtering capability to download all the file’s contents for further offline analysis.
scan a site remotely (that is, without downloading it to the local system).
19
Vulnerability Scanning Vulnerability scanning is different than application
survey and network scanning in that you already have knowledge of the existence of known flaws, you know how to detect them, and you go about finding them in target products.
Modes destructive mode non-destructive mode
Tools Nessus Nikto Wireshark
20
Nessus One of the most comprehensive
vulnerability scanners available to security professionals is without a doubt Nessus.
Latest Ver: 6.3.3 (03-2015) It is developed and maintained by Tenable
Network Security, Inc. Has a client and a server component. The server piece is called Nessus
vulnerability scanner.
21
Nessus - 2 Vulnerabilities that allow a
remote hacker to control or access sensitive data on a system.
Misconfiguration (e.g. open mail relay, missing patches, etc.).
Default passwords, a few common passwords, and blank/absent passwords on some system accounts.
Denials of service against the TCP/IP stack by using malformed packets.
22
Nikto Nikto is an open source software package for
Web server scanning. Nikto is a good tool to reveal insecure
configuration on web servers. including over 6700 potentially dangerous
files/CGIs checks for outdated versions of over 1250
servers version specific problems on over 270 servers It also checks for server configuration items such
as the presence of multiple index files
23
Wireshark Wireshark (formerly known as Ethereal) is a
very powerful network protocol analyzer. Although its design purpose was not to
perform vulnerability scanning, we place it in this category because it provides a very rich set of features that, combined with Nessus and Snort, make for a hacker’s dream toolset for network vulnerability scanning.
Initial Release: 1998 Latest Ver: 2.0 (11-2015)
24
Wireshark - 2 is licensed under GNU GPL v2 It can plug in to almost any known network interface:
Ethernet, Token-Ring, FDDI, Serial (PPP and SLIP), 802.11 Wireless LAN, ATM connections, and many more.
Wireshark is a pluggable and extensible network packet analyzer.
Wireshark uses colors to help the user identify the types of traffic at a glance
By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems
25
Penetration Testing Penetration testing (or PenTest) is a combination of
methods to simulate an attack by adversary entities — machine, human, or a combination of both — to assess the system protection for potential vulnerabilities.
try to break the system yourself before a hacker does it for you.
There are two types of tests: destructive and non-destructive.
Tools Metasploit Aircrack-ng
26
Metasploit Metasploit is one of the most advanced
penetration testing tools available to security professionals.
Consists of runtime environment (Metasploit Framework,
or MSF) a shell (Meterpreter attack platform) predefined exploits (Payloads) a well-defined function (Exploits)
Lates ver: 4.11 (18-12-2015)
27
Metasploit - 2 Metasploit deploys what is called a Soft
Architecture. That is, it easily integrates with complementary tools such as Nmap, Nessus, Wireshark, code editors, and various types of debuggers and disassemblers, such as IDA Pro or SoftIce.
28
Aircrack-ng Aircrack-ng is a key-cracking program for 802.11
WEP and WPA-PSK wireless protocols. Latest ver: 1.2 (04-2015) It cracks the keys by capturing enough data
packets from the target wireless access point. It can also be used as an auditing tool for
wireless LANs. Aircrack-ng is a network software suite consisting
of a detector, packetsniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs.
29
Aircrack-ng - 2
30
Wireless Reconnaissance Almost all corporate entities have both
wired and wireless access points. You have to determining what type of
traffic is available, and how to circumvent security measures protecting it.
Tools NetStumbler Kismet AirMagnet Wi-Fi Analyzer
31
NetStumbler NetStumbler is a simple tool for detecting
Wireless Local Area Networks (WLANs), or wireless hotspots.
It is available only for the Microsoft Windows operating system and is very easy to use.
facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards.
Latest ver: 0.4.0 (04-2014)
32
NetStumbler - 2 The program is commonly used for:
Wardriving Verifying network configurations finding locations with poor coverage in a
WLAN Detecting causes of wireless interference Detecting unauthorized ("rogue") access
points Aiming directional antennas for long-haul
WLAN links
33
Kismet It is a feature-rich wireless network
detector and Intrusion Detection System (IDS).
Kismet can sniff or intercept the content of all variants of the 802.11 protocol
Latest ver: 2013-03-R1b (04-2013) Without sending any loggable packets, it
is able to detect the presence of both wireless access points and wireless clients, and to associate them with each other.