1 / 16

ServiceTrak Meets NLOG/NMAP

ServiceTrak Meets NLOG/NMAP. Jon Finke Rensselaer Polytechnic Institute. Objectives. Identify existing security exposures Identify potential security exposures Validate meta system configuration Build on existing work Internal - Simon, ServiceTrak External - NMAP/NLOG.

bandele
Download Presentation

ServiceTrak Meets NLOG/NMAP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute

  2. Objectives • Identify existing security exposures • Identify potential security exposures • Validate meta system configuration • Build on existing work • Internal - Simon, ServiceTrak • External - NMAP/NLOG

  3. Computing Environment • Computer Center Machines • Unix - Centrally administered • WinTel - Mixed administration • Departmental Machines • Unix Administered by CC Staff • Unix Administered by non CC Staff • WinTel - Mixed Administration

  4. NLOG/NMAP • NMAP port scans networks • Matches TCP/IP Fingerprint for OS • Identifies open ports (services) • NLOG • Provides some data management • Provides a web interface

  5. ServiceTrak • Tracks Services and Servers • Web interface to Simon host info

  6. Host Groups lpr_Specials pop_Specials All_Workstations lpr_ok pop_ok Public Workstations Private Workstations AIX_Workstations Public_AIX Private_AIX Public_Irix Irix_Workstations Private_Irix Public_Solaris Solaris_Workstations Private_Solaris

  7. Service “Safety” • My Standards • History of attack/exposure - SMTP • Encourage Exposure - Telnet • Not required for user workstation • Specific servers only (ftp, dns, etc) • Set for the needs of my department • Your Mileage May Vary

  8. Similar Hosts • Do all hosts offer the SAME services • Do the services make sense for that group? • Is the OS fingerprint correct for each host?

  9. Remote Access Hosts

  10. Ssh (22/tcp)Remote Access NMAP • Safety Level: Safe • Secure Shell • TSV File

  11. Safety Level Breakdown • Special Group of ALL HOSTS • Which ones are running unsafe protocols? • Do we care?

  12. Protocol Specific Lists • Service specialists interested in their particular service. • Hostmaster interested in DNS servers • Webmaster interested in WWW servers • Operating system specialists interested in their own OS.

  13. Problems • NLOG can crash some services • Trips scan detectors • Irate email from other sys admins • False reports from detection tools • Back Officer Friendly • Policy Issues

  14. Our Results • Identified some exposures • OS upgrade turned some things on • Identified site configuration errors • “Trusted” unix host running NT • Integration of NLOG info with existing tools helpful.

  15. Lessons Learned • Host grouping is VERY useful • NLOG may be a good approach • OS (via TCP Fingerprint) very handy • Policy Issues • Let someone else run it and take the heat…..

  16. ServiceTrak Meets NLOG/NMAP Jon Finke Rensselaer Polytechnic Institute finkej@rpi.edu http://www.rpi.edu/~finkej

More Related