1 / 23

Nessus’s report of Test server before Attack

Nessus’s report of Test server before Attack. Nessus’s report of Test server before Attack. Nessus Scan Report SUMMARY - Number of hosts which were alive during the test : 1 - Number of security holes found : 1 - Number of security warnings found : 5 - Number of security notes found : 2

bud
Download Presentation

Nessus’s report of Test server before Attack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Nessus’s report of Test server before Attack

  2. Nessus’s report of Test server before Attack Nessus Scan Report SUMMARY - Number of hosts which were alive during the test : 1 - Number of security holes found : 1 - Number of security warnings found : 5 - Number of security notes found : 2 TESTED HOSTS 192.168.0.2 (Security holes found) DETAILS + 192.168.0.2 : . List of open ports : o unknown (135/tcp) o netbios-ssn (139/tcp) (Security hole found) o unknown (445/tcp) o unknown (1025/tcp) o general/tcp (Security warnings found) o netbios-ns (137/udp) (Security warnings found) o general/udp (Security notes found) o general/icmp (Security warnings found)

  3. Nessus’s report of Test server before Attack . Vulnerability found on port netbios-ssn (139/tcp) : . It was possible to log into the remote host using a NULL session. The concept of a NULL session is to provide a null username and a null password, which grants the user the 'guest' access . All the smb tests will be done as ''/'' . Warning found on port netbios-ssn (139/tcp) Here is the browse list of the remote host : BOASDELL - BOASIBM - This is potentially dangerous as this may help the attack of a potential hacker by giving him extra targets to check for Solution : filter incoming traffic to this port Risk factor : Low . Warning found on port netbios-ssn (139/tcp) The host SID can be obtained remotely. Its value is : BOASIBM : 5-21-842925246-813497703-2146424147 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 Risk factor : Low

  4. Nmap’s report of Test server before Attack

  5. ZoneAlarm Internet and Security Settings

  6. Nmap’s report and ZoneAlarm’s reaction for Nmap scan

  7. Run a Trojan, Firehole in Test Server (ZoneAlarm) Message from user "rkeir" on computer WIN2K [192.168.0.1] at 11/06/01 19:37:38 ***** I have successfully bypassed the personal firewall! *****

  8. Run a Trojan, Tooleaky in Test Server(ZoneAlarm)

  9. Advantages • Shuts down all unused ports. • Cost: free for personal use. • Has different rules for LAN (local) and Internet networks. • Stops and asks for your permission before an application can use the net work, for the first time, or every time. • Disadvantages • No warning for Internet connection(default setting). • If many applications are used, the questions to the user can be annoying/confusing, and the user may end up having more applications trusted than expected. • If you use a dialup connection, sometimes for Intranet, sometimes for Internet, ZoneAlarm will always apply the same rules. • It would be nice if power users could customise the rules a bit more: cannot allow/deny specific incoming/outgoing ports/protocols.

  10. Tiny Personal Firewall

  11. Tiny Personal Firewall’s Rule setup

  12. Tiny Personal Firewall’s Rule setup

  13. Tiny Personal Firewall’s reaction for Nmap and Nessus scan

  14. Reports of Nmap and Nessus scan

  15. Run Trojans, Firehole, Tooleaky in Test Server (Tiny Personal Firewall)

  16. Advantages • Relatively small footprint (500KB on hard-disk). • Can be run manually or as a service. • In learning mode, the user is supplied with a maximum of information regarding the new traffic connection requests (e.g., application, ports and IP addresses affected). • A user manual is available for download. It explains the main features and how Tiny works. • Disadvantages • Port Scanners can generate lots of alerts and get port information about test server after denying all incoming connection. • FTP protocol not understood (automatic management of dynamic ports/FTP state engine). • Network adapters cannot be selected/excluded for firewalling.

  17. Sygate Personal Firewall

  18. Run Trojans, Firehole, Tooleaky in Test Server (Sygate Personal Firewall)

  19. Traffic Logs in Sygate Personal Firewall

  20. Advantages • Useful for both beginner, advanced and corporate user. • The Sygate Enterprise Network allows centralised (remote) management via a tool that consists of an SQL backend (Oracle, MS-SQL, Microsoft Data Engine etc.), a NT service and a Java-based interface to the management service. • Comprehensive logging: security, system, traffic, packet logs. • Security Schedule: All internet traffic can be blocked at certain times (e.g. at night) or when the screen saver is enabled. • The 'running applications' window shows what applications are using which ports to communicate with local or remote systems. • Disadvantages • Protection: • There is no way to specify rules that apply to all applications, for example deny all outgoing real audio, allow all outgoing SSH (no matter which SSH program is used). • Trusted addresses cannot be configured for all applications, it must be done on a per application basis. • Alert dialog: • Offer options to either block all traffic from this address, or trust all traffic from this address. • During an attack, there is no obvious way for the user to block the attacker or get more details. He/she has to know to go hunting in the logs->security log or logs->traffic log.

  21. Result of comparison

  22. References • Nmap A utility for port scanning large networks and identifying potentially vulnerable nodes.http://www.insecure.org/nmap • Nessus A free, powerful, up-to-date and easy-to-use remote security scanner.www.nessus.org • ZoneAlarmhttp://www.zonealarm.com/ • Tiny Personal Firewall http://www.tinysoftware.com/home/tiny?la=EN&va=aa • Sygate Personal Firewall http://www.sygate.com/ • Firehole http://keir.net/firehole.html • Tooleaky http://tooleaky.zensoft.com/ • Best Comparative Personal Firewall Reviewhttp://www.firewallguide.com/freeware.htm • Free remote testing of your open ports:Neoworx port probe: http://www.hackerwatch.org/probe/ • July 2001 PERSONAL FIREWALLShttp://www.infosecuritymag.com/articles/july01/cover.shtml

  23. Conclusions • Personal firewalls should be considered by any Windows user who directly connects • to hostile networks, such as the Internet. They can be used in both the corporate and • SOHO(Small Office/Home Office) markets. • There is a tendency for anti-virus and personal firewalls to be integrated into the one product. It may make sense for the home user, but the corporate user may want the choice of separate tools. • Personal firewalls can't just be installed and forgotten about. The user has to learn how to use them and understand their interface/consequences, for them to be effective. • The main difficulties are making such products easy to use, being flexible enough for power users. • Personal Firewalls cannot offer 100% protection. For instance, they can be badly configured, or switched off, or can start too late (e.g., after Trojans are running or long after the TCP/IP stack is active), may have bugs, may crash, etc. • In this test, Sygate v4 is the best between "Free for personal use" products.

More Related