Transcript nmap_nessus
Security Essentials Toolkit Nmap 1 Information Networking Security and Assurance Lab National Chung Cheng University Outline Description Purpose Principle and Pre-Study Required Facilities Challenge Procedure Summary Reference 2 Information Networking Security and Assurance Lab National Chung Cheng University Description Reconnaissance is key for an attacker to be successful. To defend against attacks, you should examine your systems from the viewpoint of the attacker. Use some tools that you can see what the attackers see, and then you can patch any vulnerabilities. Nmap is a classic example of a reconnaissance tool. 3 Information Networking Security and Assurance Lab National Chung Cheng University Purpose To know: The features and role of Nmap in auditing systems. How to install, use, and analyze the output of Nmap. 4 Information Networking Security and Assurance Lab National Chung Cheng University Principle and Pre-Study Hacker’s attack methodology. Why we need Scanning Tools ? 5 Information Networking Security and Assurance Lab National Chung Cheng University Required Facilities Permission Do not proceed without receiving the necessary permissions. Hardware Intel-based PC Software Windows OS and Linux OS Nmap http://www.insecure.org/nmap/ 6 Information Networking Security and Assurance Lab National Chung Cheng University Challenge Procedure Step 1:Install Nmap (Skip) Step 2:Review Nmap Option Step 3:Test Nmap 7 Information Networking Security and Assurance Lab National Chung Cheng University Step 2:Nmap Option (1/2) By scan type : Hosts (-sP) TCP Ports (-sT) RPC servers (-sR) SYN scan (-sS) FIN scan (-sF), Xmas tree (-sX), null scan (-sN) ACK scan (-sA) Scanning for UDP Ports (-sU) 8 Information Networking Security and Assurance Lab National Chung Cheng University Step 2:Nmap Option (2/2) By other function : Fragmentation (-f) Decoys (-D) OS Fingerprinting (-O) Timing (-T option) option Time between Probes Probe Response Timeout Paranoid 5 min 5 min Sneaky 15 sec 15 sec Polite 0.4 sec 6 sec (10 max) Normal None 6 sec (10 max) Aggressive None 1 sec (1.5 max) Insane None 0.3 sec max 9 Information Networking Security and Assurance Lab National Chung Cheng University Step 3:Test Nmap (NMapWin v1.3.1) 10 Information Networking Security and Assurance Lab National Chung Cheng University Step 3:Test Nmap (Linux Nmap) 11 Information Networking Security and Assurance Lab National Chung Cheng University Summary Nmap is an powerful tool that allows administrators, as well as attackers, to determine what services and ports are open on a particular device. Nmap scans of your network should be run frequently to verify that new services or ports have not been unknowingly add your environment. 12 Information Networking Security and Assurance Lab National Chung Cheng University The premier open source Vulnerability Assessment tool 13 Information Networking Security and Assurance Lab National Chung Cheng University Outline Description Purpose Principle and Pre-Study Required Facilities Step by step Summary Reference 14 Information Networking Security and Assurance Lab National Chung Cheng University Description (I) A security scanner is a software which will audit remotely a given network and determine whether crackers may break into it, or misuse it in some way. Nessus is a free, open source vulnerability scanner that provide a view of your networks as seen by outsiders. 15 Information Networking Security and Assurance Lab National Chung Cheng University Description (II) Nessus also provide many kinds of detailed report that identifies the vulnerabilities and the critical issues that need to be corrected. Nessus Features: Plugin-based customized security checks can be written in C or NASL2(Nessus’s Scripting Language ver. 2) Exportable report Support many kinds of export report, like ASCII text, LaTex and HTML 16 Information Networking Security and Assurance Lab National Chung Cheng University Purpose Teach you how to install, configure and use Nessus. You will also learn how to interpret its output. 17 Information Networking Security and Assurance Lab National Chung Cheng University Principle and Pre-Study nessus client nessusd server FTP server Mail server Nessus – Client and Server architecture nessusWX win32 client Target network WWW server 18 Information Networking Security and Assurance Lab National Chung Cheng University Required Facilities Permission Do not proceed without receiving the necessary permissions Hardware PC or Workstation with UNIX-based OS Software Client GTK- the gimp toolkit, version 1.2 Server OpenSSL The latest stable release is nessus 2.0.9 19 Information Networking Security and Assurance Lab National Chung Cheng University Step (I): install nessus Some way to install lynx -source http://install.nessus.org | sh dangerous sh nessus-installer.sh Easy and less dangerous Install the nessus tarball archives individually nessus-libraries libasl nessus-core nessus-plugins Safe, but noisy 20 Information Networking Security and Assurance Lab National Chung Cheng University Step (II): create nessusd account add the client user’s account The authentication method by password check Edit user’s right 21 Information Networking Security and Assurance Lab National Chung Cheng University Step (III): create nessusd account The authentication method by key change The key information of user 22 Information Networking Security and Assurance Lab National Chung Cheng University Step (IV): Configure your nessusd Edit the file /usr/local/etc/nessus/nessus.conf plugins_folder = /usr/local/lib/nessus/plugins max_hosts = 30 max_checks = 10 logfile = /usr/local/var/nessus/logs/nessusd.messages log_whole_attack = yes rules = /usr/local/etc/nessus/nessusd.rules users = /usr/local/etc/nessus/nessusd.users cgi_path = /cgi-bin:/scripts port_range = default use_mac_addr = no plugin_upload = no slice_network_addresses = no Maximum number of simultaneous host tested Maximum number of simultaneous checks Scan the range of port found in /etc/services Can users upload plugins? Execute nessusd –D Default listen on TCP 1241 Execute nessus Safely start nessusd as root on TCP 1241 23 Information Networking Security and Assurance Lab National Chung Cheng University Step (V): Nessus client configuration (UNIX) The nessusd server’s address The open port number of nessusd Login user name User password Click on “Log in” 24 Information Networking Security and Assurance Lab National Chung Cheng University The test would not cause the target host crash 25 Information Networking Security and Assurance Lab National Chung Cheng University The scan range You can give extra information to some security check so that the audit is more complete Send the test result to defined mail address Avoid the detection by IDS Choice the scan tools 26 Information Networking Security and Assurance Lab National Chung Cheng University Input the target’s address allow a user to restrict his test. For instance, I want to test 10.163.156.1/24, except 10.163.156.5. The ruleset I entered allows me to do that. A single IP address: 10.163.156.1 A range of IP addresses: 10.163.156.1-254 A range of IP addresses in CIDR: 10.163.156.1/24 A hostname in Full Qualified Domain Name notation: hope.fr.nessus.org 27 Information Networking Security and Assurance Lab National Chung Cheng University The Nessus Knowledge Base Feature: Allow user can save the Knowledge base in client host Nessus information 28 Information Networking Security and Assurance Lab National Chung Cheng University Step (VI): the scan process The target’s open port Scaning The security level Comments of this note The resource of this security include know-how and the solution 29 Information Networking Security and Assurance Lab National Chung Cheng University Step (VI): the export of the data Report in nessus clinent format export to XML LaTeX format can be output to PDF Report in Html with graphs 30 Information Networking Security and Assurance Lab National Chung Cheng University Summary PC Magazine nominated Nessus as being one of the “Best Products of 2003", in the "open-source" category ! Nessus is a powerful vulnerability assessment and port scanner that allows you to see the same view of your network that an outsider sees. 31 Information Networking Security and Assurance Lab National Chung Cheng University Reference Nessus & Nessus WX website http://www.nessus.org NeWT website http://www.tenablesecurity.com/newt.html PC Manage http://www.pcmag.com/article2/0,4149,1420870,00. asp 32 Information Networking Security and Assurance Lab National Chung Cheng University 33 Information Networking Security and Assurance Lab National Chung Cheng University Appendix A – other nessus commands nessus-build Script can be used to build a .nes nessus plugin from a .c source file. nessus-config Displays compiler/linker flags for the nessus libaries nessus-mkcert-client Create a client certificate Protects the communication between the client and the server by using SSL. SSL requires the server to present a certificate to the client, and the client can optionally present a certificate to the server. nessus-mkrand Create a file with random bytes nessus-adduser Is a simple program which will add a user in the proper nessusd configuration files, and wil send a singal to nessusd if it is running to notify it of the changes. 34 Information Networking Security and Assurance Lab National Chung Cheng University Appendix B - NessusWX Nessus Client for Win32 http://nessuswx.nessus.org/ Current version 1.4.4 35 Information Networking Security and Assurance Lab National Chung Cheng University 36 Information Networking Security and Assurance Lab National Chung Cheng University 37 Information Networking Security and Assurance Lab National Chung Cheng University 38 Information Networking Security and Assurance Lab National Chung Cheng University Options & port scan properties 39 Information Networking Security and Assurance Lab National Chung Cheng University Connection & comments 40 Information Networking Security and Assurance Lab National Chung Cheng University 41 Information Networking Security and Assurance Lab National Chung Cheng University 42 Information Networking Security and Assurance Lab National Chung Cheng University 43 Information Networking Security and Assurance Lab National Chung Cheng University 44 Information Networking Security and Assurance Lab National Chung Cheng University Applendix C – commercial product NeWT 1.0 A native port of Nessus under Windows, which is very easy to install and to use This is a commercial product from Tenable Network Security 45 Information Networking Security and Assurance Lab National Chung Cheng University Start Screen 46 Information Networking Security and Assurance Lab National Chung Cheng University Scan config 47 Information Networking Security and Assurance Lab National Chung Cheng University Scan in progress 48 Information Networking Security and Assurance Lab National Chung Cheng University Example report 49 Information Networking Security and Assurance Lab National Chung Cheng University