DATA COMMUNICATIONS AND NETWORKS IIPROJECT

Andrew Manborde

Owen Thompson

Yannick Morgan

Tian Boothe

Kadian Bailey

Daemone Brown

Problem Statement

UCC network has been compromised. Evaluate threats to the UCC network

using vulnerability tools.

Purpose of Study

Demonstrate and evaluate the named network vulnerability tools.

Determine which tool is best suited for which particular application.

Significance of Study

Informed Network Security decisions. Best suited tools to use.

International Review

Vulnerability scanning got its start as a tool of the "bad guys."

Port scanning or testing to see which TCP/UDP ports on a machine are "open" and thus vulnerable to intrusion.

Today's vulnerability scanning programs are designed with the "good guys" in mind

What does a vulnerability scanner do?

Can only scan for known vulnerabilities. And that means vulnerabilities that are known to their vendors.

Depend on databases that contain the descriptions of the vulnerabilities they can detect.

Only as good as the database it uses

Types of scans

Open ("listening") ports Unnecessary services DDoS agents and similar malware Means of remote access (terminal

services, PCAnywhere) Password crackers System configuration Coding flaws/unsafe code Missing service packs and security fixes

What a vulnerability scanner doesn't do

Vulnerability scanners don't do the job of anti-virus and anti-spyware products

Vulnerability scanners don't do the job of a firewall

Vulnerability scanners don't do the job of an Intrusion Detection System (IDS)

Wireshark

Network protocol analyzer (packet sniffer) which captures and decodes packets of information from a network.

Wireshark is used to capture and analyze network packets and discover a wide array of information

Snort

Open Source Intrusion Detection System which can be downloaded free of cost. It is a software package which needs to be installed (along with other software in many cases) in a standard server which acts as the sensor.

Network Sniffer Mode Network Intrusion Detection Mode

Kismet

802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Kismet identifies networks by passively collecting packets and detecting standard named networks, named/ hidden networks, and inferring the presence of nonbeaconing networks via data traffic.

Cain and Abel

Password recovery tool for Microsoft Operating Systems.

Sniffing the network. Cracking encrypted passwords using Dictionary,

Brute-Force and Cryptanalysis attacks. Recording VoIP conversations. Decoding scrambled passwords, recovering

wireless network keys. Revealing password boxes. Uncovering cached passwords and analyzing

routing protocols.

Local Case Study

International standards apply to Jamaica to a lesser scale.

Net Security pros use the same tools as hackers.

Hackers exploit to personal gain.

Implementation Recommendations

Net Vulnerability tools selection are based on:

Type of network Size of network

Provide counter measures to prevent future attacks.

Network Solution Steps

Select four viable candidates for use as a network vulnerability tool.

Evaluate each candidate. Use the selected candidate to evaluate

the security of the network in question.

Record and interpret the results.

Select 4 tools

Cain and Abel Wireshark Kismet Snort

Evaluate each candidate

Cain and Abel – Good functionality. Did not require additional software in

order to be compliant with the test network.

User friendly due to its user interface design.

Wireshark – Average functionality. Did not require additional software. Not user friendly due to its user interface

design.

Kismet – Poor functionality. Additional software was required to be

compliant with the test network.

 Snort – Poor functionality. Additional software was required to be

compliant.

Evaluate Selected Candidate

The network vulnerability tool that was selected as being the best candidate was Cain and Abel. The test was conducted and several vulnerabilities were revealed.

Record and interpret the results.

It was determined that a Kerberos firewall was required in order to secure the network.

Summary

Snort and Kismet required another piece of software in order to be fully compliant with our test network.

WireShark proved to be too complicated in its function and not very user friendly in its GUI

Cain and Abel is easily utilized and has a good GUI.

Conclusion

We recommend the network vulnerability tool Cain and Abel for use as it is fully functional i.e. it does not require additional software in order to function as well as it is user friendly by means of simple functionality and intuitive user interface design.