Key Tools for a Network Security...
Transcript of Key Tools for a Network Security...
Key Tools for a Network Security
Assessment
John Tannahill, CA, CISM, CGEIT, CRISC
Areas of Coverage
• Network Security Assessment Areas
• Methodology & Tools
• Reconnaissance
• TCP/IP Service Enumeration
• Network Vulnerability / Network Penetration Assessments
Network Security Assessments
• Internet Perimeter
• Virtual Private Networks– Business Partner
– Employee Remote Access
• Network Device Configurations– Firewall; Switch (VLAN)
• Sensitive Network Subnets / Segments
• Wireless LAN Infrastructure
• Remote Access
3
Network Security Controls
• Defense in Depth
• Firewalls - Security Zones
• Network Segmentation / Isolation
• Traffic Flow (Ingress / Egress)
• Hardened OS
• Hardened TCP/IP Services
• IDS/IPS/SIEM Architecture
• Network Management
4
Next Generation Firewalls
• Functions Used / Implemented (e.g. Palo Alto)– Policy based - user-id / context– Wildfire (Anti-malware; Anti-Spyware) -
cloud service– Vulnerability Protection– URL Filtering– Data Filtering (e.g. SSN)– Zone Protection (Trusted / Untrusted)– SSL Decryption (inbound / outbound)
• NGFW Security Configuration Standards
5
Network Security Assessments
• Vulnerability Assessment Areas– Network– Browser– Web / Mobile Application– Mobile Device– Social Engineering– Physical Ingress (Raspberry Pi)
• Host-Based Assessment (e.g. Windows OS)• TCP/IP Service Assessment (e.g. Database)• Penetration Testing• Red Team / Blue Team
6
Common Network Vulnerabilities
• Network services with known vulnerabilities and not patched
• Network services / applications that are not properly configured or secured
• Network services with poor authentication
• Network transmission of clear text passwords and traffic
7
8
Network Vulnerability Assessment Approach
• Reconnaissance– ping sweep– dns– Maltego– Shodan– Google Hacks
• TCP/IP Service Enumeration• Vulnerability Identification
– Network probes for known vulnerabilities– Exploit identification based on tcp/ip services found
• Exploit Testing– exploit code
9
Testing Methodologies
• NIST Special Publication 800-115
– Technical Guide to Information Security Testing and Assessment
• Penetration Execution Standard
• PCI Guidelines
SP800-115 Overview
• Security Testing and Examination Overview– Information Security Assessment Methodology
– Technical Assessment Techniques
• Target Identification and Analysis Techniques
• Target Vulnerability Validation Techniques
• Security Assessment Planning
• Security Assessment Execution
• Post-Testing Activities
10
15
Kali Distributions
• Pre-built Linux OS with Security and Audit Toolkit
• www.kali.org
• Kali Walkthrough
• Raspberry Pi
Nmap (nmap.org)
• Ping Sweep
• Port Scans– TCP; UDP
• Zenmap – network topology
• Ncat
• Nping
• Ndiff
• Vulnerability scanning (NSE)
21
Nmap Scan
> nmap 192.168.1.121
PORT STATE SERVICE21/tcp open ftp22/tcp open ssh25/tcp open smtp80/tcp open http135/tcp open msrpc139/tcp open netbios-ssn389/tcp open ldap443/tcp open https445/tcp open microsoft-ds1433/tcp open ms-sql-s3389/tcp open ms-term-serv5900/tcp open vnc
22
Scapy
• Python library: Scapy,
• Packet manipulation tool
• Example Uses
– Scanning
– Probing
– Attacks
– Network discovery
– Test snort rules
23
Network Vulnerability Assessment
• Generic assessment tools
– OpenVAS; Nexpose
• TCP/IP service-specific (e.g. http / database)
• Metasploit Framework
– Framework for testing and using exploit code
24
Kali – Web Testing Tools
• Local Proxies – OWASP ZAP Proxy
• Nikto
• Dirbuster
• SQL Injection Tools (sqlmap)
25
27
Metasploit Framework
• Metasploit– Auxiliary Modules– Exploits– Payloads e.g. Meterpreter / Reverse Shell– BeEF– Karmetasploit– SET
• Armitage• Tomcat Example:
– use auxiliary/scanner/http/tomcat_mgr_login– use exploit/multi/http/tomcat_mgr_deploy
28
Wireless Security Assessment
• Wireless Architecture• Network Segmentation • WPA / WPA2 Security• Rogue Access Point Detection• Tools:
– Kismet – Aircrack-ng– Sslstrip– Wifi Pineapple V– Raspberry Pi
• Bluetooth
Cloud Considerations
• Security as a Service
– Assessment Tools
• Vulnerability Assessment / Penetration Testing of Cloud Services
– AWS
29