Upload
helen-freeman
View
233
Download
1
Tags:
Embed Size (px)
Citation preview
Module 5 – Vulnerability Identification
Phase II Controls Assessment Scheduling
○ Information Gathering○ Network Mapping○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation○ Enumerating Further○ Compromise Remote Users/Sites○ Maintaining Access○ Cover the Tracks
Heorot.net
Vulnerability Identification
Purpose behind Vulnerability Identification
“...find flaws within the network, servers, services and other attached information resources.”
Heorot.net
Vulnerability Identification Identify vulnerable services using service banners Perform vulnerability scan to search for known
vulnerabilities Perform false positive and false negative Enumerate discovered vulnerabilities Estimate probable impact (classify vulnerabilities
found) Identify attack paths and scenarios for exploitation
Heorot.net
Perform Vulnerability Scan
*Tools:NessusSaraInternet ScannerRetina Network Security ScannerNetreconCore IMPACT
*None of these tools are found on the BackTrack DiskHeorot.net
Perform Vulnerability Scan
Advantage of Vulnerability Scanners:“Click-and-Go”Basic knowledge of IT and SecurityPowerfulUp-to-date
Disadvantage of Vulnerability Scanners:“Click-and-Go”Basic knowledge of IT and Security
Heorot.net
Perform False Positive and False Negative
“False positives refer to non-issues that were incorrectly detected. Accordingly, false negatives refer to existent issues that were not detected during an assessment. In every assessment there is always the risk of any of these being present.”
Enumerate Discovered VulnerabilitiesIdentified Vulnerability
Apache/2.0.55 (UNIX) PHP/5.1.2
Tools:Web Sites:
○ Milw0rm.org○ Securityfocus.com○ Cert.org○ Packetstormsecurity.com○ National Vunerability Database
http://nvd.nist.gov/
MetasploitVulnerability Scanners
Heorot.net
Estimate Probable Impact
High Risk Vulnerability○ “...immediate threat of high and adverse impact on the
business critical processes of the target organization”
Medium Risk Vulnerability○ “...threat of high and adverse impact to non-critical
systems in terms of business.○ “...no immediate threat nor a big impact and the
vulnerability affects critical business systems.”
Low Risk Vulnerability○ ...”the technical and business impact is low.”
Heorot.net
Identify Attack Paths and Scenarios for Exploitation Game plan on how to attack the system List of vulnerabilities
Threat Level based on Impact to business goals Measures to mitigate vulnerabilities Stopping point
About to move away from “Blue Team”and move into “Red Team”
Heorot.net
Hands-On Exercise Identify Live Hosts
Tools:The InternetList of Services
○ Version InformationOperating System
○ Version Information
Find known VulnerabilitiesBugtraq
○ http://securityfocus.com/archive/1
National Vunerability Database○ http://nvd.nist.gov/
Find Potential Exploitsmilw0rm.org (that’s a “zero”)
Securityfocus.comCert.orgPacketstormsecurity.com
Heorot.net
Module 5 – Conclusion
Phase II Controls Assessment Scheduling
○ Information Gathering○ Network Mapping○ Vulnerability Identification
Identify vulnerable services using service bannersPerform vulnerability scanPerform false positive and false negative Enumerate discovered vulnerabilitiesEstimate probable impactIdentify attack paths and scenarios for exploitation
Heorot.net