230 likes | 562 Views
Nessus’s report of Test server before Attack. Nessus’s report of Test server before Attack. Nessus Scan Report SUMMARY - Number of hosts which were alive during the test : 1 - Number of security holes found : 1 - Number of security warnings found : 5 - Number of security notes found : 2
E N D
Nessus’s report of Test server before Attack Nessus Scan Report SUMMARY - Number of hosts which were alive during the test : 1 - Number of security holes found : 1 - Number of security warnings found : 5 - Number of security notes found : 2 TESTED HOSTS 192.168.0.2 (Security holes found) DETAILS + 192.168.0.2 : . List of open ports : o unknown (135/tcp) o netbios-ssn (139/tcp) (Security hole found) o unknown (445/tcp) o unknown (1025/tcp) o general/tcp (Security warnings found) o netbios-ns (137/udp) (Security warnings found) o general/udp (Security notes found) o general/icmp (Security warnings found)
Nessus’s report of Test server before Attack . Vulnerability found on port netbios-ssn (139/tcp) : . It was possible to log into the remote host using a NULL session. The concept of a NULL session is to provide a null username and a null password, which grants the user the 'guest' access . All the smb tests will be done as ''/'' . Warning found on port netbios-ssn (139/tcp) Here is the browse list of the remote host : BOASDELL - BOASIBM - This is potentially dangerous as this may help the attack of a potential hacker by giving him extra targets to check for Solution : filter incoming traffic to this port Risk factor : Low . Warning found on port netbios-ssn (139/tcp) The host SID can be obtained remotely. Its value is : BOASIBM : 5-21-842925246-813497703-2146424147 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137 to 139 Risk factor : Low
Run a Trojan, Firehole in Test Server (ZoneAlarm) Message from user "rkeir" on computer WIN2K [192.168.0.1] at 11/06/01 19:37:38 ***** I have successfully bypassed the personal firewall! *****
Advantages • Shuts down all unused ports. • Cost: free for personal use. • Has different rules for LAN (local) and Internet networks. • Stops and asks for your permission before an application can use the net work, for the first time, or every time. • Disadvantages • No warning for Internet connection(default setting). • If many applications are used, the questions to the user can be annoying/confusing, and the user may end up having more applications trusted than expected. • If you use a dialup connection, sometimes for Intranet, sometimes for Internet, ZoneAlarm will always apply the same rules. • It would be nice if power users could customise the rules a bit more: cannot allow/deny specific incoming/outgoing ports/protocols.
Run Trojans, Firehole, Tooleaky in Test Server (Tiny Personal Firewall)
Advantages • Relatively small footprint (500KB on hard-disk). • Can be run manually or as a service. • In learning mode, the user is supplied with a maximum of information regarding the new traffic connection requests (e.g., application, ports and IP addresses affected). • A user manual is available for download. It explains the main features and how Tiny works. • Disadvantages • Port Scanners can generate lots of alerts and get port information about test server after denying all incoming connection. • FTP protocol not understood (automatic management of dynamic ports/FTP state engine). • Network adapters cannot be selected/excluded for firewalling.
Run Trojans, Firehole, Tooleaky in Test Server (Sygate Personal Firewall)
Advantages • Useful for both beginner, advanced and corporate user. • The Sygate Enterprise Network allows centralised (remote) management via a tool that consists of an SQL backend (Oracle, MS-SQL, Microsoft Data Engine etc.), a NT service and a Java-based interface to the management service. • Comprehensive logging: security, system, traffic, packet logs. • Security Schedule: All internet traffic can be blocked at certain times (e.g. at night) or when the screen saver is enabled. • The 'running applications' window shows what applications are using which ports to communicate with local or remote systems. • Disadvantages • Protection: • There is no way to specify rules that apply to all applications, for example deny all outgoing real audio, allow all outgoing SSH (no matter which SSH program is used). • Trusted addresses cannot be configured for all applications, it must be done on a per application basis. • Alert dialog: • Offer options to either block all traffic from this address, or trust all traffic from this address. • During an attack, there is no obvious way for the user to block the attacker or get more details. He/she has to know to go hunting in the logs->security log or logs->traffic log.
References • Nmap A utility for port scanning large networks and identifying potentially vulnerable nodes.http://www.insecure.org/nmap • Nessus A free, powerful, up-to-date and easy-to-use remote security scanner.www.nessus.org • ZoneAlarmhttp://www.zonealarm.com/ • Tiny Personal Firewall http://www.tinysoftware.com/home/tiny?la=EN&va=aa • Sygate Personal Firewall http://www.sygate.com/ • Firehole http://keir.net/firehole.html • Tooleaky http://tooleaky.zensoft.com/ • Best Comparative Personal Firewall Reviewhttp://www.firewallguide.com/freeware.htm • Free remote testing of your open ports:Neoworx port probe: http://www.hackerwatch.org/probe/ • July 2001 PERSONAL FIREWALLShttp://www.infosecuritymag.com/articles/july01/cover.shtml
Conclusions • Personal firewalls should be considered by any Windows user who directly connects • to hostile networks, such as the Internet. They can be used in both the corporate and • SOHO(Small Office/Home Office) markets. • There is a tendency for anti-virus and personal firewalls to be integrated into the one product. It may make sense for the home user, but the corporate user may want the choice of separate tools. • Personal firewalls can't just be installed and forgotten about. The user has to learn how to use them and understand their interface/consequences, for them to be effective. • The main difficulties are making such products easy to use, being flexible enough for power users. • Personal Firewalls cannot offer 100% protection. For instance, they can be badly configured, or switched off, or can start too late (e.g., after Trojans are running or long after the TCP/IP stack is active), may have bugs, may crash, etc. • In this test, Sygate v4 is the best between "Free for personal use" products.