Vulnerability Scan Assessment

Download Report

Transcript Vulnerability Scan Assessment 

Vulnerability Scan
Assessment
CS/IT 463
Bryan Dean
Jonathan Ammons
Scanners





Tenable Nessus
GFI LANGuard
Nmap
eEye Retina 5
Shadow Security Scanner
Network



Scanned CS network, IP range
129.138.6.0-255
Scanners found between 30-47 hosts
active
Low host count could be attributed to
the timing of our scans, after 5 pm.
Results



All together, scanners found 87
vulnerabilities on scanned hosts
Critical: 4, High: 40, Medium: 11, Low:
11 (Only one scanner gave the ‘critical’
rating)
Some vulnerabilities given different
CVSS ratings by different scanners.
Analysis Methods




Wrote unique parser in perl for each
scanner’s output.
Parse results were standardized.
Standardized results were consolidated
using another perl script.
Output to a comma delimited file.
Majority Voting


Looked for same vulnerability found by
different scanners on same machine
Only two vulnerabilities were identified
by more then one scanner on the
same machine.
Criticality Voting




4 critical vulnerabilities on 4 hosts.
40 high vulnerabilities on 25 hosts.
11 medium vulnerabilities on 11 hosts.
32 low vulnerabilities on 32 hosts.
SANS Top Twenty



Created a list of 2006 SANS top twenty
CVE codes.
A script compared that list to our
vulnerability found lists.
Only 1 vulnerability that we found was
on the SANS top twenty: CVE-20063439
Metasploit




Didn’t want to use Metasploit on the
CS network.
Ran Nessus on our private network,
then used that data to use Metasploit
for most likely vulnerability.
Weren’t able to penetrate.
Completely Manual.
Discussion of Scanners




Nessus and Retina gave CVE codes for
vulnerabilities found
Nessus, Retina, and GFI Languard gave
Bugtraq codes for some vulnerabilties found
NMap gave only port information, no real
vulnerabilties
Shadow Security Scanner didn’t give
meangingful data.
Final Process




Scanner creates individual output file
Scanner output is parsed into our own
standardized format
Parsed output from multiple scanners is
consolidated by hand using Excel, then
outputted to comma-deliminated file.
Final analysis (criticality, majority, and SANS
top twenty) are performed by final scripts.
Questions?