Presenting a Technical Report

Download Report

Transcript Presenting a Technical Report 

Retina Network Security
Scanner
By
Ajith U Kamath
60-564 Project
AGENDA
• Introduction
• Installation procedure
• Features
• Test cases and results
• Points noted during testing
• Conclusion
INTRODUCTION
Importance of Network Security Scanner
Retina Network Security Scanner
INSTALLATION
 System Requirements
 Download from
http://www.eeye.com/html/products/retina/download/index.html
 Install
FEATURES – Retina Session
FEATURES (Cont…)
 Discover Tab
 Discover network machines
 Customizable TCP, UDP, and ICMP discovery,
OS detection, and general machine information
 Retina can also be configured to discover active
wireless devices
 Additional IP’s with Retina licenses on the
network
FEATURES (Cont…)
 Target Types
FEATURES (Cont…)
 Audit Tab
FEATURES (Cont…)
 Modifying the Port
Groups
• All Ports
• Discovery Ports
• HTTP Ports
• NetBIOS Ports
• Custom Ports added
FEATURES (Cont…)
 Modifying Audit
Groups
 All Audits
 SANS20 [All]
 SANS20 [Unix]
 SANS20 [Windows]
 Custom Audit
Groups
FEATURES (Cont…)
 Remediate Tab
 Generate reports used in remediation
management
 Create customized reports
FEATURES (Cont…)
 Configurations pane
 Scan Jobs
 Results
FEATURES (Cont…)
 Report Tab
 Detailed information gathered by the
scanner
 Customized reports
 Report can be opened in MS Word or
Internet Explorer
TEST CASES AND RESULTS
 Network Configuration
137.207.234.56
IBM Server
Windows Server 2003
`
137.207.234.119
Dell Machine
Windows XP
Switch -1
100Mbps link
Switch -2
`
137.207.234.151
Windows 2000 Professional
137.207.234.57
IBM Server
Red Hat Linux
TEST CASES AND RESULTS
 Test Case One
 Aim: To scan the ports on the windows
server.
 Description: To run the complete scan of all
the ports on the windows server.
 Test Result: Passed
TEST CASES AND RESULTS
TEST CASES AND RESULTS
 Test Case Two
 Aim: To scan the Red Hat Linux server and
match the result with other security tool.
 Description: By comparing the result with
other network security tool like GFI
LANguard we can actually check whether
the result produced by Retina Scanner is
proper or it lacks in giving some
information.
 Test Result: Failed.
TEST CASES AND RESULTS
 The result obtained from Retina
TEST CASES AND RESULTS
 The result obtained from GFI LANguard
TEST CASES AND RESULTS
 Test Case Three
 Aim: To test whether retina network scanner will detect
the users weak passwords
 Description: The user account in question could have a
password that is exactly the same as the account name
except for it is backwards. Therefore an attacker could
easily guess this password and gain access to your
system via this account and then further their access
into your network.
 Test Condition: Created a user account ‘kamath’ with
password as ‘htamak’ i.e. opposite to the user login
name on 137.207.234.151 machine.
 Test Result: Passed
TEST CASES AND RESULTS
TEST CASES AND RESULTS
 Test Case Four
 Aim: To test the windows server 2003 for
CVE-2000-1200.
 Description: Windows NT allows remote
attackers to list all users in a domain by
obtaining the domain security identifier
(SID) with the LsaQueryInformationPolicy
policy function via a null session and using
the SID to list the users.
 Test Result: Passed
TEST CASES AND RESULTS
POINTS NOTED DURING
TESTING
 The results were not consistent in few
test cases. The following diagrams shows
while the network is discovered using the
software.
POINTS NOTED DURING
TESTING
 In the following diagram, the Mac address for
machine 137.207.234.151 is not displayed.
POINTS NOTED DURING
TESTING
 When the same machine is discovered
again, Mac address is displayed.
POINTS NOTED DURING
TESTING
 The software was unstable during
testing. When the link connecting to the
destination went down while the retina
was still scanning the machine, scanner
hanged. The scanner was not responding
for any commands. But the problem
could not be reproduced when tested
under the same conditions again.
Conclusion
 The 2004 Readers' Choice Best Security
Scanner award
 User friendly interface
 Many features included
 Could not scan medium risk
vulnerabilities when compared to other
tools.