Great tools for Securing and Testing Your Network
Download
Report
Transcript Great tools for Securing and Testing Your Network
Great Tools for Securing
and Testing Your
Network
Ernest Staats [email protected] MS Information
Assurance, CISSP, MCSE, CNA, CWNA, CCNA,
Security+, I-Net+, Network+, Server+, A+
Resources available @ http://www.es-es.net
Outline
• Silver Bullet Most
Used Tools
• CD/USB Security
• Perimeter Security
• Vulnerability
Assessment
• Password Recovery
• Networking
Scanning
• Data Rescue and
Restoration
• Application and Data
Base Tools
• Encryption Software
• Wireless Tools
• Virtual Machines
• New USB Exploits
• Digital Forensic Tools
• Backup Software
• Tools that Cost but
Have Great Value
No Silver Bullet
• No Silver Bullet for network and
system testing:
– Determine your needs
– Finding the right tools
– Using the right tool for the job
My Most Used Tools:
•
Google (Get Google Hacking book)
– The Google Hacking Database (GHDB)
•
•
SuperScan 4
–
Network Scanner find open ports (I prefer version 3)
•
•
(the Swiss Army knife) Crack passwords crack VOIP and so much more
•
http://www.oxid.it/cain.html
NMap
–
(Scanning and Foot printing)
•
•
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/
resources/proddesc/superscan.htm
Cain and Abel
–
•
http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index
http://insecure.org/nmap/download.html
Nessus
–
(Great system wide Vulnerability scanner)
•
http://www.nessus.org/download/
Cain and Abel Local Passwords
Nessus Summary
Tenable Nessus Security Report
Start Time: Sun Nov 05 13:46:11 2006 Finish Time: Sun Nov 05 14:16:16 2006
192.168.22.0/255.255.255.0
192.168.22.1
192.168.22.8
192.168.22.10
192.168.22.11
192.168.22.15
192.168.22.80
192.168.22.81
192.168.22.100
192.168.22.161
192.168.22.166
2 Open Ports, 6 Notes, 1 Warnings, 1 Holes.
7 Open Ports, 13 Notes, 1 Warnings, 1 Holes.
5 Open Ports, 9 Notes, 0 Warnings, 1 Holes.
5 Open Ports, 9 Notes, 0 Warnings, 1 Holes.
7 Open Ports, 22 Notes, 0 Warnings, 0 Holes.
5 Open Ports, 7 Notes, 0 Warnings, 0 Holes.
6 Open Ports, 12 Notes, 1 Warnings, 1 Holes.
5 Open Ports, 7 Notes, 0 Warnings, 0 Holes.
5 Open Ports, 12 Notes, 2 Warnings, 1 Holes.
3 Open Ports, 4 Notes, 2 Warnings, 1 Holes.
My Most Used Tools 2:
•
Ethereal or Wireshark
–
(packet sniffers Use to find passwords going across network)
•
SSL Passwords are often sent in clear text before logging on
– http://www.wireshark.org/download.html
»
•
Metasploit
–
(Hacking made very easy)
•
•
http://www.metasploit.com/
BackTrack or UBCD4WIN Boot CD
–
(Cleaning infected PC’s or ultimate hacking environment will run from USB)
•
http://www.remote-exploit.org/index.php/BackTrack_Downloads
–
•
http://www.ubcd4win.com/downloads.htm
Read notify
–
(“registered” email)
•
•
http://www.ethereal.com/download.html
http://www.readnotify.com/
Virtual Machine for pen testing
–
(Leaves “no” trace)
Security Testing Boot
CD/USB:
• Bart PE or UBCD4WIN
– http://www.bartpe.com
– http://www.ubcd4win.com
• Back Track (one of the more powerful cracking network
auditing packages)
– http://www.remoteexploit.org
• Other Linux CD
– Trinity Rescue Kit (recover/repair dead Windows
or Linux systems)
• http://trinityhome.org/Home/index.php?wpid=28&fr
ont_id=12
– KNOPPIX (recover/repair dead systems and
several security tools)
• http://www.knoppix.net/
Demo of UBCD/BackTrack
BackTrack
Secure Your Perimeter:
• DNS-stuff and DNS-reports
• http://www.dnsstuff.com http://www.dnsreports.com
– Are you blacklisted?
– Test your e-mail system
– Check your HTML code for errors –
• (Also use WIN HTTrack for offline testing)
• Shields UP and Leak test
– https://www.grc.com/x/ne.dll?rh1dkyd2
– http://grc.com/default.htm
• Other Firewall checkers
– www.firewallcheck.com
Tools to Assess Vulnerability
• Nessus(vulnerability scanners)
– http://www.nessus.org
• Snort (IDS - intrusion detection system)
– http://www.snort.org
• Metasploit Framework (vulnerability
exploitation tools) Use with great
caution and have permission
– http://www.metasploit.com/projects/Frame
work/
Password Recovery Tools:
• Fgdump (Mass password auditing for Windows)
– http://foofus.net/fizzgig/fgdump
• Cain and Abel (password cracker and so much
more….)
– http://www.oxid.it/cain.htnl
• John The Ripper (password crackers)
– http://www.openwall.org/john/
• RainbowCrack : An Innovative Password Hash
Cracker tool that makes use of a large-scale
time-memory trade-off.
– http://www.rainbowcrack.com/downloads/?PHPSESSI
D=776fc0bb788953e190cf415e60c781a5
Change/Discover Win Passwords
• Windows Password recovery - Can retrieve
forgotten admin and users' passwords in
minutes. Safest possible option, does not
write anything to hard drive.
• Offline NT Password & Registry Editor - A
great boot CD/Floppy that can reset the local
administrator's password.
• John the Ripper - Good boot floppy with
cracking capabilities.
• Emergency Boot CD - Bootable CD, intended
for system recovery in the case of software
or hardware faults.
• Austrumi - Bootable CD for recovering
passwords and other cool tools.
Networking Scanning
• MS Baseline Analyzer
–
http://www.microsoft.com/downloads/details.aspx?FamilyId=4B4ABA06-B5F9-4DAD-BE9D7B51EC2E5AC9&displaylang=en
• The Dude (Great mapper and traffic analyzer)
–
http://www.mikrotik.com/thedude.php
• Getif (Network SNMP discovery and exploit tool)
– http://www.wtcs.org/snmp4tpc/getif.htm
• SoftPerfect Network Scanner
–
http://www.softperfect.com/
• HPing2 (Packet assembler/analyzer)
–
http://www.hping.org
• Netcat (TCP/IP Swiss Army Knife)
–
http://netcat.sourceforge.net
• TCPDump (packet sniffers) Linux or Windump for
windows
–
•
http://www.tcpdump.org and http://www.winpcap.org/windump/
LanSpy (local, Domain, NetBios, and much more)
–
http://www.lantricks.com/
File Rescue and
Restoration:
• Zero Assumption Digital Image rescue
• http://www.z-a-recovery.com/digital-imagerecovery.htm
• Restoration File recovery
– http://www.snapfiles.com/get/restoration.html
• Free undelete
– http://www.pcfacile.com/download/recupero_eliminazione_dati/drive_resc
ue/
• Effective File Search : Find data inside of files or
data bases
– http://www.sowsoft.com/search.htm
Discover & Securely Delete
Important Information:
• Windows and Office Key finder/Encrypting
– Win KeyFinder (also encrypts the keys)
• http://www.winkeyfinder.tk/
– ProduKey (also finds SQL server key)
• http://www.nirsoft.net
• Secure Delete software
– Secure Delete
• http://www.objmedia.demon.co.uk/freeSoftware/secureDelete.html
• DUMPSEC — (Dump all of the registry and share permissions)
– http://www.somarsoft.com/
• Win Finger Print (Scans for Windows shares, enumerates
usernames, groups, sids and much more )
– http://winfingerprint.sourceforge.net
Application and Data Base
Tools
• N-Stealth – an effective HTTP Security Scanner
– https://secure.nstalker.com/
• WINHTTrack – Website copier
• http://www.httrack.com/page/2/en/index.html
• SQLRecon (SQLRecon performs both active and passive
scans of your network in order to identify all of the SQL
Server/MSDE installations)
– http://www.sqlsecurity.com/Tools/FreeTools/tabid/
65/Default.aspx
• Absinthe (Tool that automates the process of downloading the
schema & contents of a database that is vulnerable to Blind SQL
Injection.)
– http://www.0x90.org/releases/absinthe/index.php
AppDetective
• AppDetective discovers database applications and
assesses their security strength
• AppDetective assess two primary application tiers application / middleware, and back-end databases through a single interface
• AppDetective locates, examines, reports, and fixes
security holes and misconfigurations
• www.appsecinc.com/products/appdetective/
mssql
• Cost $900
Encryption Software:
• Hard drive or Jump Drives
– True Crypt for cross platform encryption with lots of options
• http://www.truecrypt.org/downloads.php
– Dekart its free version is very simple to use paid version has
more options
• http://www.dekart.com/free_download/
– http://www.dekart.com/
• Email or messaging
– PGP for encrypting email
• http://www.pgp.com/downloads/index.html
Wireless Tools:
• Aircrack : The fastest available WEP/WPA cracking
tool
Aircrack is a suite of tools for 802.11a/b/g WEP and
WPA cracking. It can recover a 40 through 512-bit
WEP or WPA 1 or 2
– The suite includes
•
•
•
•
airodump (an 802.11 packet capture program)
aireplay (an 802.11 packet injection program)
aircrack (static WEP and WPA-PSK cracking)
airdecap (decrypts WEP/WPA capture files)
– http://www.aircrack-ng.org/doku.php#download
• Net Stumbler (finds wireless networks works well)
– http://wwww.netsumbler.com
• Kismet (wireless tools or packet sniffers)
– http://wwww.kismetwireless.net
Virtual Machines
• Xen for Linux
– http://www.xensource.com/download/
• VM server or VM workstation for booting Part
Pe ISO’s or Remote Exploit
– http://www.vmware.com/products/server/
• MS Virtual Server (slower but very easy to
use)
– http://www.microsoft.com/windowsserversystem/vi
rtualserver/software/privacy.mspx
• VM’s can be used to run auditing applications
that typically would require a dedicated
server
Network Toolbox U3
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Analyzers
Network monitors
Traffic Generators
Network Scanners
IDS
Network Utilities
Network Clients
Secure Clients
SNMP
Web
Auditing Tools
Password revealers
System Tools
Supplementary tools (Dos prompt, Unix shell, etc..)
– http://www.cacetech.com/products/toolkit.
htm
USB Switchblade
• Access all stored passwords on a windows computer
– [System info] [Dump SAM] [Dump Product Keys] [Dump LSA
secrets (IE PWs)] [Dump Network PW] [Dump messenger PW]
[Dump URL History]
•
•
•
•
•
Available at http://www.hak5.org/wiki/USB_Switchblade
Plug U3 Drive in any windows XP/2000/2003 computer
Wait about 1 minute
Eject Drive
Go to run on the start menu, then type
x:\Documents\logfiles (x = flash drive letter) then press
enter
• Look at username and passwords or start cracking
hashed windows passwords
Digital Forensic Tools
• The Sleuth Kit and Autopsy Browser. Both
are open source digital investigation tools
(digital forensic tools)
– http://www.sleuthkit.org/
• Boot CD
– UBCD4WIN
• http://www.ubcd4win.com
– BACKTRACK
• http://www.remoteexploit.org
Backup Software
• SyncBack
– http://www.snapfiles.com/get/SyncBack.html
– Secure: Encrypt a zip file with a 256-bit AES
encryption
– Copy Open Files (XP/2003)
– Compression: You can compress an
unlimited size, and an unlimited number of
files. (Paid)
– Performance & Throttling limit bandwidth
usage, (Paid)
– FTP and Email :Backup or sync files with an FTP
server. Auto email the results of your backup
– Overview PPT on my web site
• http://www.es-es.net/
Tools That Cost But Have
Great Value:
•
•
•
•
•
•
•
•
•
Spy Dynamics Web Inspect
QualysGuard
EtherPeek
Netscan tools Pro (250.00 full network forensic reporting
and incident handling)
LanGuard Network Scanner
AppDetective (Data base scanner and security testing
software)
Air Magnet (one of the best WIFI analyzers and rouge
blocking)
RFprotect Mobile
Core Impact (complete vulnerability scanning and
reporting)
• WinHex– (Complete file inspection and recovery
even if corrupt ) Forensics and data recovery
Q&A
• Resources are available at
– Files and suggestions
• http://www.es-es.net/9.html
– Security and Information Assurance Links
• http://www.es-es.net/6.html
– PPT for this and VM Security
• http://www.es-es.net/3.html
• Best Step by Step Security Videos Free
– http://www.irongeek.com
• Shameless plug
– Virtual Server Security Presentation
– Thursday 9:30AM Location: Salon 7