Transcript Project 2
Project 2
Introduction
Network Vulnerability Assessment
“A review of a system of systems to identify
weaknesses or errors in design,
implementation, or operation.”
Security Space Security Audit
Security scanning service.
It requires little or no knowledge or skill to set up and
run.
Platforms
–
–
–
–
–
–
Windows
Linux
Unix
Macintosh
Web servers
Database products. (Almost anything that can be remotely
tested).
Advantages (claimed)
An external view of your network. Getting an external view
of your network usually involves getting access to a machine
on the outside of your network for the purpose of running your
scan. The cost of setting up and maintaining this type of access
can often be more than the cost of this service alone.
Reproducible. As an audit mechanism, Security Audits are a
low cost, reproducible audit that can be run whenever you
need.
Low effort Setting up and configuring a vulnerability scanner
for proper operation can be time-consuming.
Always up to date By using a service, you automatically
receive the latest vulnerability tests without having to install
them into your own scanner
Different Services
They offer four different types of service.
–
–
–
–
Standard Service.
Advanced Service.
Dedicated Service.
Recurring Service.
Standard Service
The service scans more than 1500 ports (0-1024 and
other service ports).
The test can be set to start at time of convenience for the
user.
For monthly or annual subscription unlimited IP allocated
for the user can be scanned unlimited times.
The user can also purchase additional channels. Usually
one channel is allocated to each user which mean a
bandwidth of 50kbps. If the user wants to get more
bandwidth it can be bought.
Advanced Service
The service scans more than 65535 ports.
The test can be set to start at time of convenience for the user.
For monthly or annual subscription unlimited IP allocated for the
user can be scanned unlimited times.
It scan 256 IPs with one request for category or any test the
user desires in the same network and the results will be shown
in the same report.
The user can also purchase additional channels. If the user
wants to get more bandwidth it can be bought.
Dedicated Service
Designed for large scale networks, can run 50 audits
simultaneously (50 channels) per dedicated server.
Servers can be leased weekly or monthly, without long term
commitments.
The user can audit unlimited IPs (providing the IP is yours, or
allocated for your own use). Can run unlimited number of
audits.
The reports include detailed and comprehensive information on
vulnerabilities and remedies. The reports can also be able
merges into a single report, for comparison or summary
Recurring Service
Performs a port scan of all 65,535 port of an IP for
open ports and possible trojans.
Can schedule audits to be launched automatically at
selected times.
The report provides detailed and comprehensive
information on vulnerabilities and remedies.
May use up your quota of audits as quickly or as
slowly as you choose. May carry over unused audits
(if any) from one year to the next
Comparison
Report Contents
Risk Classification
Summary
Baseline Comparison
Control
Comparative Security
Rating
Vulnerability Category
Summary
Vulnerability Title
Summary
Vulnerability Details
Open Ports
Complete Report Order
Form
Appendix A: Risk
Definitions
Appendix B: CVE
Versioning
Appendix C: List of Tests
Executed
Conclusion to SecuritySpace Security Audit
For smaller organizations, Security scan is a means of
convenience and no capital expenditure.
Security scans of some kind should be part of any welldesigned security maintenance plan.
Disadvantages
–
Too many false positives (according to comments of various
security experts). Since it is paid for the user would like the reports
to be efficient.
–
If the system contains confidential information then it is not a very
good idea to store the reports of vulnerability in someone else’s
server.
SAINT5 (Security Administrator's
Integrated Network Tool)
SAINT™ screens every live system on a
network for TCP and UDP services.
For each service it finds running, it launches
a set of probes designed to detect anything.
When vulnerabilities are detected. SAINT
vulnerability scanner categorizes the results
in several ways, and creates a report
specified by the user and also recommends
fixes.
Diagram
Requirements.
Operating systems:
–
–
–
–
–
–
Disk space
–
10 MB for SAINT
Memory
–
SunOS 5.6/Solaris 2.6 or higher (Sun Sparc)
HP-UX 10.20 or higher
Linux 2.2 or higher (x86)
FreeBSD (x86)
OpenBSD (x86)
MacOS X
256 MB (minimum)
Other software tools required
–
PERL 5.004 or higher.
Features
Target Selection
Target File
Subnet Expansion
Data Preservation
Starting the Scan
Interactive Control Panel
Resuming an Interrupted Scan
Firewall Option
Windows Domain Authentication
Scan Levels
–
Discovery
–
Light
–
Normal
–
Heavy
–
Heavy Plus
–
Top 20
–
Custom
Firewall Option
For scanning targets which are behind a
firewall from a system which is not behind the
firewall, then choose the Firewall Support
option. This option will cause SAINT to use
TCP instead of ICMP for discovering live
targets, and to adjust port scan settings to
optimize performance through the firewall.
Windows Domain Authentication
While some vulnerabilities on Microsoft Windows
systems can be detected by an unprivileged
scan, others, such as missing hot fixes and
service packs, require administrative privileges
on the target. In order to conduct a thorough
scan of Windows targets, SAINT gives you the
option of authenticating to the domain in order to
detect these types of vulnerabilities.
Scan Levels
Scan level can be of different intensity.
– Discovery
–
Light
–
Hosts which are alive and reports their IP addresses.
SAINT collects information from the DNS (Domain Name
System), tries to identify the operating system, and tries
to establish what RPC (Remote Procedure Call) services
the host offers and what file systems it shares via the
network.
Normal
This level includes all of the Light scan probes, and also
includes probes for the presence of common network
services
Scan Levels (cont.)
–
Heavy
–
Heavy Plus
–
This scanning level is the same as heavy except that it does not
attempt to avoid ports which are known to cause certain software
to crash
Top 20
–
At this level, SAINT will check for services listening on any TCP
and UDP port. (with the exception of ports which are known to
cause certain software to crash when scanned) Any services
detected will then be scanned for any known vulnerabilities.
This is a special scanning level designed specifically to detect
vulnerabilities which are among the SANS Top 20 Most Critical
Internet Security Vulnerabilities
Custom
This scanning level allows the user to run any combination of
SAINT probes. Which of the user-defined scan levels to use is
selected from the pull-down menu.
Pricing.
Perpetual License
Single Site
SAINT License
Class C Network:
Annual
Package Price
Second year
Subscription
(includes first year's
maintenance fee
maintenance fee)
(lock in today's price)
$1,647
$2,994
$499
$448
$789
$1,009
$1,119
$1,317
$1,581
$1,713
$1,977
$815
$1,434
$1,835
$2,034
$2,394
$2,874
$3,114
$3,594
$136
$239
$306
$339
$399
$479
$519
$599
Single Hosts:
10-host pack
30-host pack
50-host pack
75-host pack
100-host pack
150-host pack
200-host pack
250-host pack
Conclusion to SAINT5
You can configure this tool extensively, tailoring scans to your
network’s characteristics and determining the depth of the scans you
run.
SAINT has a very efficient way of presenting the report. The
installation procedure is very easy.
Conveniently, SAINT 5 can be configured to log on to Microsoft
Windows domains— simply by using an administrative user name and
password—to perform tests that require domain authentication.
Disadvantages
–
–
Within reports there’s no query feature or grouping function that
would help the user zero in on certain problems.
Quickly become overwhelming, especially if scanning larger
networks.
Security Audit V.S SAINT.
Price is definitely a factor. Secuirty Audit is available at just below $1000
(dedicated server) while SAINT while cost a shade below $3000.
SAINT is runs specific scans as introduced by the user. While Security Audit
is more general.
SAINT provides more privacy than Security Audit since the reports are with
the user.
Security Audit is hassle free. And more convenient for small businesses and
home user. While SAINT is built with the picture to maintain of large network
in mind.
Security Audit makes the maintenance easier and cheap, since no need to
hire a in-house security expert (if situation permits it).
SAINT offers technical support for a fee.
SAINT provides a SAINTwriter to edit and present reports in different forms
(e.g. executive form etc).
Security Audit provides an external view of the system. While to get external
view by using SAINT might prove expensive (setting up and maintaining the
external machine).
SAINT cannot be set up in a windows machine. While Security Audit does not
need to be set up.
SOURCES
http://www.saintcorporation.com
http://www.securityspace.com
www.pcmag.com
http://specials.cramsession.com/s/promos/Security_Watch/Security_Watch_LP_2_2.htm
http://www.esecurityplanet.com/trends/print.php/10751_1475291
http://www.nwc.com/1201/1201f1b1.html
Security space (E-Soft Inc)
2025 Guelph Line
Burlington, ON
L7P 4X4
Phone:(905) 331-2260 Fax:(905) 331-2504
Toll-free:(800) 799 4831Email:[email protected]
SAINT Corporation
4720 Montgomery Lane
Suite 800
Bethesda, MD 20814
Phone: (301) 656-0521 or 1-(800) 596-2006
Fax: (301) 656-4806
Questions
KAZI NASIM FAISAL
100659146
PICTURE TAKEN
FROM:http://www.haverhillpl.org/images/question001.jpg