Assessing a System - Eastern Michigan University

Download Report

Transcript Assessing a System - Eastern Michigan University 

DIYTP 2009
ASSESSING A SYSTEM
Assessing a System - Basics
 Why?
 Vulnerabilities
 What to look at:
 The six ‘P’s
 Patch
 Ports
 Protect
 Policies
 Probe
 Physical
Assessing a System - Basics
 Patches
 First rule of computer security
 Patches are released for all types of software, all
the time
 MUST BE UP-TO-DATE!!
 Organization should have a patch management
policy/system
Assessing a System - Basics
 Ports
 Should be managed by ‘least privilege’ principle
 Ports which are not needed, should be shut down
 ….as well as their associated services
 Protect
 Protective software/devices should be used
 Firewall
 IDS
 Anti-virus
Assessing a System - Basics
 Policies
 Should be reviewed periodically as organizational
needs and software/hardware changes
 Types:
 Acceptable use (i.e. e-mail, Internet use)
 Disaster recovery
 Password
Assessing a System – Basics
 Probe
 Take a look and see what the network looks like
 Should use multiple analysis tools to assess your
network
 Look for security flaws
 Should be scheduled regularly
Assessing a System - Basics
 Physical
 Policy or procedures should address how systems
are secured
 Do they need to be locked up?
 Backup media
 Is it stored in a secure location? (i.e. fireproof safe)
 Routers/switches/hubs
 Who has access?
 How should it be secured?
Assessing a System – Initial
Reconnaissance
 Tools
 Nslookup
 IP addresses
 Records for domain
 Whois
 Owner of a domain, IP address
 ARIN
 IP address allocation
Assessing a System – Initial
Reconnaissance
 Netcraft www.netcraft.com
 What the target is running
 VisualRoute www.visualware.com
 Visual traceroute to target
 Sam Spade www.samspade.org
 Multiple tools in one package
Assessing a System – Social
Engineering
 Social Engineering
 People are security’s weakest link
 Many attack vectors
 Impersonation
 Dumpster diving
 Shoulder surfing
Assessing a System - Scanning
 Common Tools:
 Nmap and Nessus
 Finds hosts
 Operating system
 Firewalls
 Vulnerabilities
 Ping
 IP Connectivity
 Traceroute
 Maps out route to target