Network Vulnerability Toolsx - Yimg

homuskratΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

69 εμφανίσεις

DATA COMMUNICATIONS
AND NETWORKS II

PROJECT

Andrew Manborde

Owen Thompson

Yannick Morgan

Tian

Boothe

Kadian

Bailey

Daemone

Brown

Problem Statement


UCC network has been compromised.


Evaluate threats to the UCC network using
vulnerability tools.

Purpose of Study


Demonstrate
and evaluate
the
named network
vulnerability
tools.


Determine
which tool is best suited for which
particular application.


Significance of Study


Informed Network Security decisions.


Best suited tools to use.

International Review


Vulnerability scanning
got its start as a tool of the
"bad guys."



Port
scanning or testing to see which TCP/UDP
ports on a machine are "open" and thus vulnerable
to intrusion
.


Today's vulnerability scanning programs are
designed with the "good guys" in mind

What does a vulnerability scanner do?



Can
only scan for
known
vulnerabilities. And that
means vulnerabilities that are known to their
vendors
.


Depend
on databases that contain the descriptions
of the vulnerabilities they can detect.


Only
as good as the database it uses

Types of
scans



Open ("listening") ports


Unnecessary services


DDoS

agents and similar malware


Means of remote access (terminal services,
PCAnywhere
)


Password crackers


System
configuration


Coding flaws/unsafe code


Missing service packs and security fixes


What a vulnerability scanner doesn't
do



Vulnerability scanners don't do the job of anti
-
virus
and anti
-
spyware
products


Vulnerability scanners don't do the job of a
firewall


Vulnerability scanners don't do the job of an
Intrusion Detection System (IDS)

Wireshark



Network
protocol analyzer
(packet sniffer)
which
captures and decodes packets of information from
a network
.


Wireshark

is used to capture and analyze network
packets and discover a wide array of information

Snort



Open Source Intrusion Detection System which can
be downloaded free of cost. It is a software
package which needs to be installed (along with
other software in many cases) in a standard server
which acts as the sensor.


Network Sniffer
Mode


Network Intrusion Detection Mode

Kismet


802.11 layer2 wireless network detector, sniffer,
and intrusion detection system.


Kismet identifies networks by passively collecting
packets and detecting standard named networks,
named/ hidden
networks, and inferring the
presence of
nonbeaconing

networks via data
traffic.


Cain and Abel



Password
recovery tool for Microsoft Operating
Systems.


Sniffing
the
network.


Cracking
encrypted passwords using
Dictionary, Brute
-
Force
and Cryptanalysis
attacks.


Recording
VoIP
conversations.


Decoding
scrambled passwords, recovering wireless
network
keys.


Revealing
password
boxes.


Uncovering
cached passwords and analyzing routing
protocols.


Local Case Study


International standards apply to Jamaica to a
lesser scale.


Net Security pros use the same tools as hackers.


Hackers exploit to personal gain.

Implementation Recommendations


Net Vulnerability tools selection are based on:


Type of network


Size of network



Provide counter measures to prevent future attacks.


Network Solution Steps


Select four

viable candidates for use as a network
vulnerability
tool.


Evaluate each
candidate.


Use
the selected candidate
to evaluate the security
of the network in question.


Record and interpret the results.


Select 4 tools



Cain
and
Abel


Wireshark


Kismet


Snort

Evaluate each candidate


Cain and Abel




Good functionality.


Did
not require additional software in order to be
compliant with the test
network.


User
friendly due to its user interface
design.


Wireshark





Average functionality.


Did
not require additional
software.


Not
user friendly due to its user interface design.



Kismet




Poor functionality.


Additional
software was required to be compliant
with the test
network.



Snort





Poor functionality.


Additional
software was required to be
compliant.

Evaluate Selected Candidate


The network vulnerability tool that was selected as
being the best candidate was Cain and Abel. The
test was conducted and several vulnerabilities were
revealed.


Record and interpret the results.




It was determined that a Kerberos firewall was
required in order to secure the network.


Summary


Snort
and Kismet required another piece of
software in order to be fully compliant with our test
network.


WireShark

proved to be too complicated in its
function and not very user friendly in
its GUI


Cain and Abel is easily utilized and has a good
GUI.

Conclusion


We recommend the network vulnerability tool Cain
and Abel for use as it is fully functional i.e. it does
not require additional software in order to function
as well as it is user friendly by means of simple
functionality and intuitive user interface design.