280 likes | 702 Views
Great Tools for Securing and Testing Your Network. Ernest Staats erstaats@gcasda.org MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ http://www.es-es.net. Application and Data Base Tools Encryption Software
E N D
Great Tools for Securing and Testing Your Network Ernest Staats erstaats@gcasda.org MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ http://www.es-es.net
Application and Data Base Tools • Encryption Software • Wireless Tools • Virtual Machines • New USB Exploits • Digital Forensic Tools • Backup Software • Tools that Cost but Have Great Value Outline • Silver Bullet Most Used Tools • CD/USB Security • Perimeter Security • Vulnerability Assessment • Password Recovery • Networking Scanning • Data Rescue and Restoration
No Silver Bullet • No Silver Bullet for network and system testing: • Determine your needs • Finding the right tools • Using the right tool for the job
My Most Used Tools: • Google (Get Google Hacking book) • The Google Hacking Database (GHDB) • http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index • SuperScan 4 • Network Scanner find open ports (I prefer version 3) • http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan.htm • Cain and Abel • (the Swiss Army knife) Crack passwords crack VOIP and so much more • http://www.oxid.it/cain.html • NMap • (Scanning and Foot printing) • http://insecure.org/nmap/download.html • Nessus • (Great system wide Vulnerability scanner) • http://www.nessus.org/download/
My Most Used Tools 2: • Ethereal or Wireshark • (packet sniffers Use to find passwords going across network) • SSL Passwords are often sent in clear text before logging on • http://www.wireshark.org/download.html • http://www.ethereal.com/download.html • Metasploit • (Hacking made very easy) • http://www.metasploit.com/ • BackTrack or UBCD4WIN Boot CD • (Cleaning infected PC’s or ultimate hacking environment will run from USB) • http://www.remote-exploit.org/index.php/BackTrack_Downloads • http://www.ubcd4win.com/downloads.htm • Read notify • (“registered” email) • http://www.readnotify.com/ • Virtual Machine for pen testing • (Leaves “no” trace)
Security Testing Boot CD/USB: • Bart PE or UBCD4WIN • http://www.bartpe.com • http://www.ubcd4win.com • Back Track (one of the more powerful cracking network auditing packages) • http://www.remoteexploit.org • Other Linux CD • Trinity Rescue Kit (recover/repair dead Windows or Linux systems) • http://trinityhome.org/Home/index.php?wpid=28&front_id=12 • KNOPPIX (recover/repair dead systems and several security tools) • http://www.knoppix.net/
Secure Your Perimeter: • DNS-stuff and DNS-reports • http://www.dnsstuff.comhttp://www.dnsreports.com • Are you blacklisted? • Test your e-mail system • Check your HTML code for errors – • (Also use WIN HTTrack for offline testing) • Shields UP and Leak test • https://www.grc.com/x/ne.dll?rh1dkyd2 • http://grc.com/default.htm • Other Firewall checkers • www.firewallcheck.com
Tools to Assess Vulnerability • Nessus(vulnerability scanners) • http://www.nessus.org • Snort (IDS - intrusion detection system) • http://www.snort.org • Metasploit Framework (vulnerability exploitation tools) Use with great caution and have permission • http://www.metasploit.com/projects/Framework/
Password Recovery Tools: • Fgdump (Mass password auditing for Windows) • http://foofus.net/fizzgig/fgdump • Cain and Abel (password cracker and so much more….) • http://www.oxid.it/cain.htnl • John The Ripper (password crackers) • http://www.openwall.org/john/ • RainbowCrack : An Innovative Password Hash Cracker tool that makes use of a large-scale time-memory trade-off. • http://www.rainbowcrack.com/downloads/?PHPSESSID=776fc0bb788953e190cf415e60c781a5
Change/Discover Win Passwords • Windows Password recovery - Can retrieve forgotten admin and users' passwords in minutes. Safest possible option, does not write anything to hard drive. • Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator's password. • John the Ripper - Good boot floppy with cracking capabilities. • Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults. • Austrumi - Bootable CD for recovering passwords and other cool tools.
Networking Scanning • MS Baseline Analyzer • http://www.microsoft.com/downloads/details.aspx?FamilyId=4B4ABA06-B5F9-4DAD-BE9D-7B51EC2E5AC9&displaylang=en • The Dude (Great mapper and traffic analyzer) • http://www.mikrotik.com/thedude.php • Getif (Network SNMP discovery and exploit tool) • http://www.wtcs.org/snmp4tpc/getif.htm • SoftPerfect Network Scanner • http://www.softperfect.com/ • HPing2 (Packet assembler/analyzer) • http://www.hping.org • Netcat (TCP/IP Swiss Army Knife) • http://netcat.sourceforge.net • TCPDump (packet sniffers) Linux or Windump for windows • http://www.tcpdump.org and http://www.winpcap.org/windump/ • LanSpy (local, Domain, NetBios, and much more) • http://www.lantricks.com/
File Rescue and Restoration: • Zero Assumption Digital Image rescue • http://www.z-a-recovery.com/digital-image-recovery.htm • Restoration File recovery • http://www.snapfiles.com/get/restoration.html • Free undelete • http://www.pc-facile.com/download/recupero_eliminazione_dati/drive_rescue/ • Effective File Search : Find data inside of files or data bases • http://www.sowsoft.com/search.htm
Discover & Securely Delete Important Information: • Windows and Office Key finder/Encrypting • Win KeyFinder (also encrypts the keys) • http://www.winkeyfinder.tk/ • ProduKey (also finds SQL server key) • http://www.nirsoft.net • Secure Delete software • Secure Delete • http://www.objmedia.demon.co.uk/freeSoftware/secureDelete.html • DUMPSEC — (Dump all of the registry and share permissions) • http://www.somarsoft.com/ • Win Finger Print (Scans for Windows shares, enumerates usernames, groups, sids and much more ) • http://winfingerprint.sourceforge.net
Application and Data Base Tools • N-Stealth – an effective HTTP Security Scanner • https://secure.nstalker.com/ • WINHTTrack – Website copier • http://www.httrack.com/page/2/en/index.html • SQLRecon (SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations) • http://www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx • Absinthe (Tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.) • http://www.0x90.org/releases/absinthe/index.php
AppDetective • AppDetective discovers database applications and assesses their security strength • AppDetective assess two primary application tiers - application / middleware, and back-end databases - through a single interface • AppDetective locates, examines, reports, and fixes security holes and misconfigurations • www.appsecinc.com/products/appdetective/mssql • Cost $900
Encryption Software: • Hard drive or Jump Drives • True Crypt for cross platform encryption with lots of options • http://www.truecrypt.org/downloads.php • Dekart its free version is very simple to use paid version has more options • http://www.dekart.com/free_download/ • http://www.dekart.com/ • Email or messaging • PGP for encrypting email • http://www.pgp.com/downloads/index.html
Wireless Tools: • Aircrack : The fastest available WEP/WPA cracking toolAircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP or WPA 1 or 2 • The suite includes • airodump (an 802.11 packet capture program) • aireplay (an 802.11 packet injection program) • aircrack (static WEP and WPA-PSK cracking) • airdecap (decrypts WEP/WPA capture files) • http://www.aircrack-ng.org/doku.php#download • Net Stumbler (finds wireless networks works well) • http://wwww.netsumbler.com • Kismet (wireless tools or packet sniffers) • http://wwww.kismetwireless.net
Virtual Machines • Xen for Linux • http://www.xensource.com/download/ • VM server or VM workstation for booting Part Pe ISO’s or Remote Exploit • http://www.vmware.com/products/server/ • MS Virtual Server (slower but very easy to use) • http://www.microsoft.com/windowsserversystem/virtualserver/software/privacy.mspx • VM’s can be used to run auditing applications that typically would require a dedicated server
Network Toolbox U3 • Analyzers • Network monitors • Traffic Generators • Network Scanners • IDS • Network Utilities • Network Clients • Secure Clients • SNMP • Web • Auditing Tools • Password revealers • System Tools • Supplementary tools (Dos prompt, Unix shell, etc..) • http://www.cacetech.com/products/toolkit.htm
USB Switchblade • Access all stored passwords on a windows computer • [System info] [Dump SAM] [Dump Product Keys] [Dump LSA secrets (IE PWs)] [Dump Network PW] [Dump messenger PW] [Dump URL History] • Available at http://www.hak5.org/wiki/USB_Switchblade • Plug U3 Drive in any windows XP/2000/2003 computer • Wait about 1 minute • Eject Drive • Go to run on the start menu, then type x:\Documents\logfiles (x = flash drive letter) then press enter • Look at username and passwords or start cracking hashed windows passwords
Digital Forensic Tools • The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (digital forensic tools) • http://www.sleuthkit.org/ • Boot CD • UBCD4WIN • http://www.ubcd4win.com • BACKTRACK • http://www.remoteexploit.org
Backup Software • SyncBack • http://www.snapfiles.com/get/SyncBack.html • Secure: Encrypt a zip file with a 256-bit AES encryption • Copy Open Files (XP/2003) • Compression: You can compress an unlimited size, and an unlimited number of files. (Paid) • Performance & Throttling limit bandwidth usage, (Paid) • FTP and Email :Backup or sync files with an FTP server. Auto email the results of your backup • Overview PPT on my web site • http://www.es-es.net/
Tools That Cost But Have Great Value: • Spy Dynamics Web Inspect • QualysGuard • EtherPeek • Netscan tools Pro (250.00 full network forensic reporting and incident handling) • LanGuard Network Scanner • AppDetective (Data base scanner and security testing software) • Air Magnet (one of the best WIFI analyzers and rouge blocking) • RFprotect Mobile • Core Impact (complete vulnerability scanning and reporting) • WinHex– (Complete file inspection and recovery even if corrupt ) Forensics and data recovery
Q&A • Resources are available at • Files and suggestions • http://www.es-es.net/9.html • Security and Information Assurance Links • http://www.es-es.net/6.html • PPT for this and VM Security • http://www.es-es.net/3.html • Best Step by Step Security Videos Free • http://www.irongeek.com • Shameless plug • Virtual Server Security Presentation • Thursday 9:30AM Location: Salon 7