1 / 8

CSCI 530L

CSCI 530L. Vulnerability Assessment. Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four main steps Cataloging assets and capabilities (resources) in a system

janna
Download Presentation

CSCI 530L

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCI 530L Vulnerability Assessment

  2. Vulnerability Assessment • Process of identifying vulnerabilities that exist in a computer system • Has many similarities to risk assessment • Four main steps • Cataloging assets and capabilities (resources) in a system • Assigning quantifiable value and importance to the resources • Identifying the vulnerabilities or potential threats to each resource • Mitigating or eliminating the most serious vulnerabilities for the most valuable resources

  3. Penetration Testing • Method of evaluating the security of a system by simulating a hacker attack • Penetration Test and Vulnerability Assessment are different • In a vulnerability assessment, we identify the weaknesses, but do not exploit them • Tools for a penetration test • Metasploit • Exploit Tree

  4. Network-wide vulnerability assessment • Identify all the resources in the network • Assign a criticality rating • For example, a rating between 1 and 10 with 10 having a high criticality (such as a Domain Controller), and a 1 having a low criticality (a rarely used workstation) • Identify the threats to the resources • Start with the most critical resources and work your way down to the least critical systems • Start eliminating threats to the systems • Patching, closing ports, removing services, uninstalling programs, etc. • Start with the most critical systems and work your way downwards

  5. Single-system vulnerability assessment • Two different approaches • Attempt to figure out all the vulnerabilities yourself • Very difficult to do effectively unless you have complete knowledge of that particular operating system • Use a combination of common hacking tools and hacking techniques • If you are a good hacker and know a lot about operating systems, this method will potentially bring out more vulnerabilities of the system • Use a vulnerability scanner • Easier to use a tool to get a report of a particular system • Subject to false positives • Must be used by an expert in security, because otherwise the report generated is useless

  6. Nessus • The open-source vulnerability assessment tool • Most security experts consider it more powerful than even commercial software • Uses plug-ins for vulnerability assessment • Has up to date vulnerability exploits to scan • Has a scripting language called Nessus Attack Scripting Language (NASL), so if you find a vulnerability, you can write a script for Nessus to scan for that particular vulnerability • Can scan secure protocols, like SSL • Can scan multiple computers, generating one report for all systems on a network • Mature – its been around since 1998

  7. Nessus Components • Server • Nessusd • Used to be linux only, but the company recently released Nessus version 3, which has a Windows server version • Listens on ports for nessus clients to connect to it • Client • Nessus • Windows and Linux versions • Connects to the Server for certificates and plug-ins • Scans are run BY THE SERVER, the client configures how the scans are to be run

  8. How we are going to use Nessus • Backtrack • Linux live CD • Boots linux off of the CD and loads the tools into RAM • Specialized for vulnerability assessment and penetration testing • Nessus is already configured for us on Backtrack • Load up the CD, load the nessus daemon, and start scanning 

More Related