1 / 9

Chapter 7: Reconnaissance, Vulnerabilities, and Cyber Testing

Chapter 7: Reconnaissance, Vulnerabilities, and Cyber Testing. Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions. Types of Cyber Security Evaluations. Body of Evidence (BOE) Review Penetration Tests

colleen-montgomery
Download Presentation

Chapter 7: Reconnaissance, Vulnerabilities, and Cyber Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 7: Reconnaissance, Vulnerabilities, and Cyber Testing Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  2. Types of Cyber Security Evaluations • Body of Evidence (BOE) Review • Penetration Tests • Vulnerability Assessment • Security Controls Audit • Software Inspection • Iterative/Incremental Testing Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  3. Understanding the Cybersecurity Testing Method • Reconnaisance • Network and Port Scanning • Policy Scanning • Vulnerability Probes and Fingerprinting • Penetration • Enumeration and Cracking • Escalation • Backdoors and Rootkits • Exfiltration and Abuse Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  4. Reconnaissance and Google Hacks • Google is a powerful tool that can search the entire Internet within seconds • It is useful to know Google search operators, such as: site, -minus, inurl, intitle, “exact phase”, link • Google Hacks are famous and amusing techniques for finding vulnerable systems and devices on the Internet. • The Google Hacking database is at: www.hackersforcharity.org/ghdb/ • Other useful reconnaisance commands include: nslookup, whois, dig and host Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  5. Network and Port Scanning • Common nmap commands for scanning: • # nmap –A 10.10.100.1-254 • # nmap –A --reason –vvv –PN 10.10.100.100 –p0-65536 • For located hosts, some tests include: • # tcpdump –w capture.cap host 10.10.100.99 and host 10.10.100.5 • # hping3 –S --scan all –spoof 10.10.100.99 10.10.100.5 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  6. Policy Configuration Scanning • Scanning for installed executables from the command line: • dkpg (Debian), rpm/yum (Red Hat), pkginfo (Solaris) • On windows: dir /s “C:\Program Files” • Widely used policy config tools include: Retina, AppDetective, and the DISA SRR, and Navy WASSP/SECSCAN Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  7. Vulnerability Probes and Fingerprinting • A popular tool is Tenable’s Nessus • It is web based with configurable scanning policies, multiple simultaneous scans, and detailed reporting from a knowledge base • Nmap and Amap can be used together: • # nmap –oM netmap.txt 192.168.10.1-255 • # amap –i netmap.txt –bqv –H • OpenVAS and Nikto are on Backtrack • OpenVAS is similar in purpose to Nessus • Nikto is a web application probe • WebInspect is a popular web application probe Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  8. Cyber Security Test Planning and Reporting • Key testing documents include: • Risk Analysis • Test Preparation Checklist • Certification Test Plan • Security Assessment Plan • Rules of Engagement • Security Assessment Report • Plan of Actions and Milestones • Initial Authority to Test • Authority to Operate Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  9. Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions REVIEW Chapter Summary

More Related