DIYTP 2009

Assessing a System - Basics Why?

Vulnerabilities What to look at:

The six ‘P’s Patch Ports Protect Policies Probe Physical

Assessing a System - Basics Patches

First rule of computer security Patches are released for all types of

software, all the time MUST BE UP-TO-DATE!! Organization should have a patch

management policy/system

Assessing a System - Basics Ports

Should be managed by ‘least privilege’ principle

Ports which are not needed, should be shut down ….as well as their associated services

Protect Protective software/devices should be used

Firewall IDS Anti-virus

Assessing a System - Basics Policies

Should be reviewed periodically as organizational needs and software/hardware changes

Types: Acceptable use (i.e. e-mail, Internet use) Disaster recovery Password

Assessing a System – Basics Probe

Take a look and see what the network looks like

Should use multiple analysis tools to assess your network

Look for security flaws Should be scheduled regularly

Assessing a System - Basics Physical

Policy or procedures should address how systems are secured Do they need to be locked up?

Backup media Is it stored in a secure location? (i.e.

fireproof safe) Routers/switches/hubs

Who has access? How should it be secured?

Assessing a System – Initial Reconnaissance Tools

Nslookup IP addresses Records for domain

Whois Owner of a domain, IP address

ARIN IP address allocation

Assessing a System – Initial Reconnaissance Netcraft www.netcraft.com

What the target is running VisualRoute www.visualware.com

Visual traceroute to target Sam Spade www.samspade.org

Multiple tools in one package

Assessing a System – Social Engineering Social Engineering

People are security’s weakest link Many attack vectors

Impersonation Dumpster diving Shoulder surfing

Assessing a System - Scanning Common Tools:

Nmap and Nessus Finds hosts Operating system Firewalls Vulnerabilities

Ping IP Connectivity

Traceroute Maps out route to target