120 likes | 252 Views
DIYTP 2009. Assessing a System. Assessing a System - Basics. Why? Vulnerabilities What to look at: The six ‘P’s Patch Ports Protect Policies Probe Physical. Assessing a System - Basics. Patches First rule of computer security
E N D
DIYTP 2009 Assessing a System
Assessing a System - Basics • Why? • Vulnerabilities • What to look at: • The six ‘P’s • Patch • Ports • Protect • Policies • Probe • Physical
Assessing a System - Basics • Patches • First rule of computer security • Patches are released for all types of software, all the time • MUST BE UP-TO-DATE!! • Organization should have a patch management policy/system
Assessing a System - Basics • Ports • Should be managed by ‘least privilege’ principle • Ports which are not needed, should be shut down • ….as well as their associated services • Protect • Protective software/devices should be used • Firewall • IDS • Anti-virus
Assessing a System - Basics • Policies • Should be reviewed periodically as organizational needs and software/hardware changes • Types: • Acceptable use (i.e. e-mail, Internet use) • Disaster recovery • Password
Assessing a System – Basics • Probe • Take a look and see what the network looks like • Should use multiple analysis tools to assess your network • Look for security flaws • Should be scheduled regularly
Assessing a System - Basics • Physical • Policy or procedures should address how systems are secured • Do they need to be locked up? • Backup media • Is it stored in a secure location? (i.e. fireproof safe) • Routers/switches/hubs • Who has access? • How should it be secured?
Assessing a System – Initial Reconnaissance • Tools • Nslookup • IP addresses • Records for domain • Whois • Owner of a domain, IP address • ARIN • IP address allocation
Assessing a System – Initial Reconnaissance • Netcraft www.netcraft.com • What the target is running • VisualRoute www.visualware.com • Visual traceroute to target • Sam Spade www.samspade.org • Multiple tools in one package
Assessing a System – Social Engineering • Social Engineering • People are security’s weakest link • Many attack vectors • Impersonation • Dumpster diving • Shoulder surfing
Assessing a System - Scanning • Common Tools: • Nmap and Nessus • Finds hosts • Operating system • Firewalls • Vulnerabilities • Ping • IP Connectivity • Traceroute • Maps out route to target