Securitytools
-
Upload
richmond-adebiaye -
Category
Technology
-
view
399 -
download
1
Transcript of Securitytools
![Page 1: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/1.jpg)
Great Tools for Securing and Testing Your Network
By
DR RICHMOND ADEBIAYE, CISSP, CISM
Presented at NASA Conference (EOSDIS) NASA Risk Management Conference VII (Environment & Security)
January 18-20 2012
GRC Network Security Team
![Page 2: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/2.jpg)
Outline• Silver Bullet Most
Used Tools• CD/USB Security• Perimeter Security• Vulnerability
Assessment • Password Recovery • Networking
Scanning• Data Rescue and
Restoration
• Application and Data Base Tools
• Encryption Software• Wireless Tools• Virtual Machines• New USB Exploits • Digital Forensic Tools• Backup Software• Tools that Cost but
Have Great Value
![Page 3: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/3.jpg)
No Silver Bullet
• No Silver Bullet for network and system testing:– Determine your needs – Finding the right tools– Using the right tool for the job
![Page 4: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/4.jpg)
My Most Used Tools:• Google (Get Google Hacking book)
– The Google Hacking Database (GHDB)• http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index
• SuperScan 4 – Network Scanner find open ports (I prefer version 3)
• http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan.htm
• Cain and Abel – (the Swiss Army knife) Crack passwords crack VOIP and so much more
• http://www.oxid.it/cain.html
• NMap – (Scanning and Foot printing)
• http://insecure.org/nmap/download.html
• Nessus – (Great system wide Vulnerability scanner)
• http://www.nessus.org/download/
![Page 5: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/5.jpg)
Cain and Abel Local Passwords
![Page 6: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/6.jpg)
Nessus Summary Tenable Nessus Security Report
Start Time: Sun Nov 05 13:46:11 2006 Finish Time: Sun Nov 05 14:16:16 2006 192.168.22.0/255.255.255.0
192.168.22.1 2 Open Ports, 6 Notes, 1 Warnings, 1 Holes.
192.168.22.8 7 Open Ports, 13 Notes, 1 Warnings, 1 Holes.
192.168.22.10 5 Open Ports, 9 Notes, 0 Warnings, 1 Holes.
192.168.22.11 5 Open Ports, 9 Notes, 0 Warnings, 1 Holes.
192.168.22.15 7 Open Ports, 22 Notes, 0 Warnings, 0 Holes.
192.168.22.80 5 Open Ports, 7 Notes, 0 Warnings, 0 Holes.
192.168.22.81 6 Open Ports, 12 Notes, 1 Warnings, 1 Holes.
192.168.22.100 5 Open Ports, 7 Notes, 0 Warnings, 0 Holes.
192.168.22.161 5 Open Ports, 12 Notes, 2 Warnings, 1 Holes.
192.168.22.166 3 Open Ports, 4 Notes, 2 Warnings, 1 Holes.
![Page 7: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/7.jpg)
My Most Used Tools 2:• Ethereal or Wireshark
– (packet sniffers Use to find passwords going across network)• SSL Passwords are often sent in clear text before logging on
– http://www.wireshark.org/download.html » http://www.ethereal.com/download.html
• Metasploit – (Hacking made very easy)
• http://www.metasploit.com/
• BackTrack or UBCD4WIN Boot CD – (Cleaning infected PC’s or ultimate hacking environment will run from USB)
• http://www.remote-exploit.org/index.php/BackTrack_Downloads – http://www.ubcd4win.com/downloads.htm
• Read notify – (“registered” email)
• http://www.readnotify.com/
• Virtual Machine for pen testing – (Leaves “no” trace)
![Page 8: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/8.jpg)
Security Testing Boot CD/USB:
• Bart PE or UBCD4WIN– http://www.bartpe.com– http://www.ubcd4win.com
• Back Track (one of the more powerful cracking network auditing packages) – http://www.remoteexploit.org
• Other Linux CD– Trinity Rescue Kit (recover/repair dead Windows
or Linux systems)• http://trinityhome.org/Home/index.php?wpid=28&fr
ont_id=12
– KNOPPIX (recover/repair dead systems and several security tools) • http://www.knoppix.net/
![Page 9: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/9.jpg)
Demo of UBCD/BackTrack
![Page 10: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/10.jpg)
BackTrack
![Page 11: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/11.jpg)
Secure Your Perimeter:
• DNS-stuff and DNS-reports• http://www.dnsstuff.com http://www.dnsreports.com
– Are you blacklisted?– Test your e-mail system– Check your HTML code for errors –
• (Also use WIN HTTrack for offline testing)
• Shields UP and Leak test– https://www.grc.com/x/ne.dll?rh1dkyd2 – http://grc.com/default.htm
• Other Firewall checkers– www.firewallcheck.com
![Page 12: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/12.jpg)
Tools to Assess Vulnerability
• Nessus(vulnerability scanners) – http://www.nessus.org
• Snort (IDS - intrusion detection system) – http://www.snort.org
• Metasploit Framework (vulnerability exploitation tools) Use with great caution and have permission– http://www.metasploit.com/projects/Frame
work/
![Page 13: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/13.jpg)
Password Recovery Tools:• Fgdump (Mass password auditing for Windows)
– http://foofus.net/fizzgig/fgdump • Cain and Abel (password cracker and so much
more….) – http://www.oxid.it/cain.htnl
• John The Ripper (password crackers)– http://www.openwall.org/john/
• RainbowCrack : An Innovative Password Hash Cracker tool that makes use of a large-scale time-memory trade-off.– http://www.rainbowcrack.com/downloads/?PHPSESSI
D=776fc0bb788953e190cf415e60c781a5
![Page 14: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/14.jpg)
Change/Discover Win Passwords• Windows Password recovery - Can retrieve
forgotten admin and users' passwords in minutes. Safest possible option, does not write anything to hard drive.
• Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator's password.
• John the Ripper - Good boot floppy with cracking capabilities.
• Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults.
• Austrumi - Bootable CD for recovering passwords and other cool tools.
![Page 15: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/15.jpg)
Networking Scanning• MS Baseline Analyzer
– http://www.microsoft.com/downloads/details.aspx?FamilyId=4B4ABA06-B5F9-4DAD-BE9D-7B51EC2E5AC9&displaylang=en
• The Dude (Great mapper and traffic analyzer)
– http://www.mikrotik.com/thedude.php • Getif (Network SNMP discovery and exploit tool)
– http://www.wtcs.org/snmp4tpc/getif.htm • SoftPerfect Network Scanner
– http://www.softperfect.com/
• HPing2 (Packet assembler/analyzer) – http://www.hping.org
• Netcat (TCP/IP Swiss Army Knife) – http://netcat.sourceforge.net
• TCPDump (packet sniffers) Linux or Windump for windows– http://www.tcpdump.org and http://www.winpcap.org/windump/
• LanSpy (local, Domain, NetBios, and much more)– http://www.lantricks.com/
![Page 16: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/16.jpg)
File Rescue and Restoration:
• Zero Assumption Digital Image rescue• http://www.z-a-recovery.com/digital-image-recovery.h
tm
• Restoration File recovery – http://www.snapfiles.com/get/restoration.html
• Free undelete– http://www.pc-facile.com/download/recupero_eliminazione_
dati/drive_rescue/
• Effective File Search : Find data inside of files or data bases– http://www.sowsoft.com/search.htm
![Page 17: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/17.jpg)
Discover & Securely Delete Important Information:• Windows and Office Key finder/Encrypting
– Win KeyFinder (also encrypts the keys)• http://www.winkeyfinder.tk/
– ProduKey (also finds SQL server key)• http://www.nirsoft.net
• Secure Delete software– Secure Delete
• http://www.objmedia.demon.co.uk/freeSoftware/secureDelete.html • DUMPSEC — (Dump all of the registry and share permissions)
– http://www.somarsoft.com/ • Win Finger Print (Scans for Windows shares, enumerates
usernames, groups, sids and much more ) – http://winfingerprint.sourceforge.net
![Page 18: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/18.jpg)
Application and Data Base Tools• N-Stealth – an effective HTTP Security Scanner
– https://secure.nstalker.com/ • WINHTTrack – Website copier
• http://www.httrack.com/page/2/en/index.html • SQLRecon (SQLRecon performs both active and passive
scans of your network in order to identify all of the SQL Server/MSDE installations)– http://www.sqlsecurity.com/Tools/FreeTools/tabid/
65/Default.aspx
• Absinthe (Tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.)– http://www.0x90.org/releases/absinthe/index.php
![Page 19: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/19.jpg)
AppDetective • AppDetective discovers database applications and
assesses their security strength • AppDetective assess two primary application tiers -
application / middleware, and back-end databases - through a single interface
• AppDetective locates, examines, reports, and fixes security holes and misconfigurations
• www.appsecinc.com/products/appdetective/mssql
• Cost $900
![Page 20: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/20.jpg)
Encryption Software:
• Hard drive or Jump Drives– True Crypt for cross platform encryption with lots of options
• http://www.truecrypt.org/downloads.php
– Dekart its free version is very simple to use paid version has more options
• http://www.dekart.com/free_download/ – http://www.dekart.com/
• Email or messaging– PGP for encrypting email
• http://www.pgp.com/downloads/index.html
![Page 21: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/21.jpg)
Wireless Tools:• Aircrack : The fastest available WEP/WPA cracking
toolAircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP or WPA 1 or 2– The suite includes
• airodump (an 802.11 packet capture program)• aireplay (an 802.11 packet injection program)• aircrack (static WEP and WPA-PSK cracking)• airdecap (decrypts WEP/WPA capture files)
– http://www.aircrack-ng.org/doku.php#download • Net Stumbler (finds wireless networks works well)
– http://wwww.netsumbler.com • Kismet (wireless tools or packet sniffers)
– http://wwww.kismetwireless.net
![Page 22: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/22.jpg)
Virtual Machines• Xen for Linux
– http://www.xensource.com/download/ • VM server or VM workstation for booting Part
Pe ISO’s or Remote Exploit – http://www.vmware.com/products/server/
• MS Virtual Server (slower but very easy to use)– http://www.microsoft.com/windowsserversystem/vi
rtualserver/software/privacy.mspx
• VM’s can be used to run auditing applications that typically would require a dedicated server
![Page 23: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/23.jpg)
Network Toolbox U3• Analyzers• Network monitors• Traffic Generators• Network Scanners• IDS• Network Utilities • Network Clients• Secure Clients• SNMP• Web• Auditing Tools• Password revealers• System Tools• Supplementary tools (Dos prompt, Unix shell, etc..)
– http://www.cacetech.com/products/toolkit.htm
![Page 24: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/24.jpg)
USB Switchblade• Access all stored passwords on a windows computer
– [System info] [Dump SAM] [Dump Product Keys] [Dump LSA secrets (IE PWs)] [Dump Network PW] [Dump messenger PW] [Dump URL History]
• Available at http://www.hak5.org/wiki/USB_Switchblade• Plug U3 Drive in any windows XP/2000/2003 computer• Wait about 1 minute• Eject Drive• Go to run on the start menu, then type x:\Documents\
logfiles (x = flash drive letter) then press enter• Look at username and passwords or start cracking
hashed windows passwords
![Page 25: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/25.jpg)
Digital Forensic Tools• The Sleuth Kit and Autopsy Browser. Both
are open source digital investigation tools (digital forensic tools)– http://www.sleuthkit.org/
• Boot CD – UBCD4WIN
• http://www.ubcd4win.com – BACKTRACK
• http://www.remoteexploit.org
![Page 26: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/26.jpg)
Backup Software• SyncBack
– http://www.snapfiles.com/get/SyncBack.html – Secure: Encrypt a zip file with a 256-bit AES
encryption– Copy Open Files (XP/2003)– Compression: You can compress an
unlimited size, and an unlimited number of files. (Paid)
– Performance & Throttling limit bandwidth usage, (Paid)
– FTP and Email :Backup or sync files with an FTP server. Auto email the results of your backup
– Overview PPT on my web site• http://www.es-es.net/
![Page 27: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/27.jpg)
Tools That Cost But Have Great Value:• Spy Dynamics Web Inspect• QualysGuard• EtherPeek• Netscan tools Pro (250.00 full network forensic reporting
and incident handling) • LanGuard Network Scanner• AppDetective (Data base scanner and security testing
software)• Air Magnet (one of the best WIFI analyzers and rouge
blocking) • RFprotect Mobile • Core Impact (complete vulnerability scanning and
reporting) • WinHex– (Complete file inspection and recovery
even if corrupt ) Forensics and data recovery
![Page 28: Securitytools](https://reader035.fdocuments.in/reader035/viewer/2022062707/55860383d8b42a81638b46aa/html5/thumbnails/28.jpg)
Q&A • Resources are available at
– Files and suggestions • http://www.es-es.net/9.html
– Security and Information Assurance Links• http://www.es-es.net/6.html
– PPT for this and VM Security • http://www.es-es.net/3.html
• Best Step by Step Security Videos Free– http://www.irongeek.com
• Shameless plug – Virtual Server Security Presentation– Thursday 9:30AM Location: Salon 7– Resources available @ http://www.es-es.net