Gap Analysis & Security Evaluation

Jason Murray, D.CSCornwall-Lebanon SD

www.slideshare.net/jasonmurray72

Goals

• Awareness• Information Gathering• Phases of Exploitation– Think like a hacker

• Security Gap Analysis Framework• Demonstrate a few Kali Linux tools

How vulnerable are you?

How easy is it to gather information?

FireForce

sqlmap –u [URL]

What happens if we become a target?

5 Phases of Exploitation

1. Reconnaissance2. Scanning3. Gaining Access4. Maintaining Access5. Covering Tracks

Reconnaissance

• Target– Internal DNS– Private Website– Dumpster Diving– Shoulder Surfing– Eavesdropping

Reconnaissance – Whiteboarding

• Phone• Network• Websites• Email • Google• WhoIs• AnyWho• DNS• Social Network

• IP Blocks• Net Blocks• Web Server

Content• Source Code• Directories• Databases• Search Engines• URL Analysis

• Google Earth• People Sites• Financial Analysis• Job Sites• Alert Websites• Archive Sites• Web Monitoring• Google Dorking

Target - Demo

https://www.kali.org/

Scanning

• Layer 4 – TCP (flags) & UDP• Layer 3 – IP (v4 or v6) & ICMP– Host– Ports & Services– Vulnerabilities– Diagrams

Scanning - Tools

• DNS Enumeration• nikTo• hping3• NMAP– ZenMap

Advanced

• Gaining Access• Maintaining Access• Covering Tracks

Avoid Getting Targeted

Security Gap Analysis

Team

• Considerations– IT staff– Security– End Users• Teachers• Students• Community

– Management– Tech savvy & non-savvy

Step 1: Policy, Procedure, & Guideline

• Standards– COBIT– ISO 27001

Step 1: Policy, Procedure, & Guideline

• Pen Testing Standards– Open Web Application Security Project– Penetration Testing Execution Standard– Open Source Security Testing Methodology Manual– Penetration Testing Framework

Step 1: Policy, Procedure, & Guideline

• Who has access/privileges?– For how long?– Vendors vpn?– Retirees/terminations?– Logging?

• Updates?– Every node?

• Passwords– Saved in browser?– Frequency of changes?

Step 2: Audit

• Permission• Scope– Physical and/or electronic

• Social engineering– Timetable– Resources (outsourced/in house)

• Review Framework– Following policies (awareness)

• Openings– Ports– Human Factor– Physical equipment

Step 2: Audit

• Device Security– Encryption– Password– Device storage– Device on a non-secure network

Step 2: Audit

• Physical Security– Access to infrastructure– Environmental safeguards• Temperature• Humidity

– Protection safeguards• Fire• Water

Step 2: Audit

• Personnel Security– Staff backgrounds– Security awareness programs that discourage

insider attacks– Protection against terminated staff– Repercussions of malicious violation of

information security

Step 2: Audit

• OpenVAS

Step 3: Technical Review

• Up to date– Software/patches– Policies

• Awareness – Justification for openings

• Consistency– OS, antivirus, update procedures

• Vulnerability/risk management• Encryption

Step 4: Findings & Prioritization Summary

• Review the findings• Organize & arrange tasks to fix gaps– Electronic– Policy, procedures, guidelines– Physical

• Update Risk Management Strategy

Questions

Resources

• CIO• Faulkner Information Services• Forbes• Pen Test Frameworks• Tech Target• University of Minnesota• YouSigma

Kali Resources

• Free Education For All (120 lessons)• JackkTutorials• Royal Hacks• Royal Hacks (advanced)• Kali Linux Tutorials

https://www.cybrary.it/