1 / 48

Assembling a security software tool kit

Assembling a security software tool kit. Presented by Stan Dormer, B.Sc., FIIA Director of Education & Training Services MindGrove Ltd. Framework. 1730 – 1845 Refreshments Chance to talk. Assembling a security toolkit – important drivers. Simple, cost effective, non-intrusive

marcy
Download Presentation

Assembling a security software tool kit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assembling a security software tool kit Presented by Stan Dormer, B.Sc., FIIADirector of Education & Training ServicesMindGrove Ltd MindGrove

  2. Framework • 1730 – 1845 • Refreshments • Chance to talk MindGrove

  3. Assembling a security toolkit – important drivers • Simple, cost effective, non-intrusive • Maybe even free • Don’t destabilise the installation • Rapid to learn, rapid to deploy • Don’t have to read the 3,000 page handbook • Don’t have to wait for the next day for results MindGrove

  4. Good selection via MindGrove website • Forensic Tools, Utilities and Resources • The Coroner's Toolkit • The Digital Detective • TUCOFS– The Ultimate Collection of Forensic Software • Password Recovery Resources– Tools to Recover Passwords • Freeware Tools site containing many items useful to auditors • AUDIT & SECURITY TOOLS AND USEFUL UTILITIES • AIDA32 - good and comprehensive inventory tool • The Centre for Internet Security (CIS)– provides tools to improve, measure, monitor and compare the security status of Internet-connected systems and appliances – Windows – Solaris – Linux – HP-UX – Cisco IOS – Oracle • UNIX– security tools and utilities – including SATAN and SARA • Sawmill– a powerful log analysis tool • Sam Spade– a free and useful network lookup tool that includes finding an IP address from a hostname, or vice-versa, traceroute, dig, email header analysis and more • Microsoft security tools from Microsoft Security • Netcraft– site that enables you to determine which hosting software is being run • Software and network auditing– free hardware, software and network inventory tools • SPAM - are we on someone's blacklist? Look up mail IP address here then check spam database lookup on same site • What's that process in Task Manager?– look-up processes that you see in task manager and find out if they are safe –What's going on in XP?– a huge inventory of Windows XP knowledge –What's that UNIX process?– a useful repository of knowledge about common UNIX processes and programs • Wireless Scanner– Retina eEye Scanner for Windows and Pocket PC • Windows NT/2000/XPDumpSec– free reporting tool/s to create audit reports from Windows systems MindGrove

  5. Begin with a bit of probing at the workstation level Try AIDA32 for a click and point overview BelArc is good too! Nice report in Browser And let’s check that the Baseline kernel is authentic – use SigVerif MindGrove

  6. So now to the security infrastructure – try MBSA, it’s free MindGrove

  7. MindGrove

  8. MindGrove

  9. MindGrove

  10. MindGrove

  11. MindGrove

  12. MindGrove

  13. MindGrove

  14. MindGrove

  15. MindGrove

  16. And to top off the review we should add in one of the free to acquire security sweep tools from CIS Here we are going to use the Scanner for XP from CIS but they also have scanners for: Windows XP Professional Windows Server Mac OS X FreeBSD Solaris 10 Solaris 2.5.1 - 9.0 Red Hat Linux SUSE Linux Slackware Linux HP-UX AIX Novell Cisco IOS Router Cisco PIX Exchange Server 2003 Oracle Database 8i Oracle Database 9i/10g Apache Web Server SQL Server 2000 BIND Novell eDirectory MindGrove

  17. Part of a network? Perhaps we want to find nearby wireless networks – try Retina Scan from eEye - free MindGrove

  18. Excellent range of utilities for file searching Try SnapView for a rapid peek at objects Try Snowbird for quick basic searches MindGrove

  19. What’s in the file? • Here we need a fast search engine that is capable of finding what we want in seconds • Better than that we want a tool that will rapidly index the file making it easy to find any word of choice • Here we are using dtSearch – this requires licensing – will cost £100 for the desktop version dTsearch MindGrove

  20. The power comes from the search engine doing a pre-index MindGrove

  21. Indexing complete MindGrove

  22. Search index for words MindGrove

  23. Retrieve locations MindGrove

  24. Display location when value found MindGrove

  25. Really good bit level searcher • Sometimes we need to probe at a much lower level – maybe even down to the disc surface itself We like WinHex – its pretty low cost – less than £30 for a standard version and less than £500 for a full forensic suite MindGrove

  26. Standard workspace MindGrove

  27. File selection MindGrove

  28. File Properties MindGrove

  29. Making an identical copy MindGrove

  30. Finding a word MindGrove

  31. Finding a text based passage MindGrove

  32. Marking off records or transactions MindGrove

  33. Cloning a disc MindGrove

  34. Looking for differences MindGrove

  35. Explore Drive MindGrove

  36. Fundamental structures - MFT MindGrove

  37. There’s always room for one more nice file viewer We like TextPad – a low cost shareware product MindGrove

  38. Notion of Hashing • Computing an unique value for the contents of a file • Uses one of a variety of algorithms • SHA1; MD5 • Each algorithm computes the unique digital fingerprint of a file MindGrove

  39. Hashing… 0010010101000100111010001000101000100010001010101000000 001001010100010 MindGrove

  40. SHA1 – MD5 differences MindGrove

  41. Use Hashing to detect alteration • Hash file to create protective hash-sum • Re-check hash at future date to prove absence of activity MindGrove

  42. Invoice before and after alteration Hash before alteration File: F:\CATS\Correspondence\Invoices-IM35.doc Hash: 46EC620AE635E31094D0925FF18B0993 Hash after alteration File: F:\CATS\Correspondence\Invoices-IM35.doc Hash: 1FE0B7C54F7C2723BF4678BEA5888FCD MindGrove

  43. Hashing • Demonstration of hashing – most simple tools are free At the file level At the transaction level MindGrove

  44. Eliminating known files • Hash a target file • Compare to known value in hash dictionary • Dictionaries are available with hundreds of thousands of file hash values corresponding to known files • Dictionaries hold both SHA-1 and MD5 values • Eliminate known files and concentrate on unknown files • May remove up to 95% of files from consideration MindGrove

  45. IP Address trace • Sam Spade MindGrove

  46. And finally a little bit about cookies Load the cookie folder Then the cookie viewer – we like CookieView – it’s free MindGrove

  47. Assembling a security toolkit – important drivers • Simple, cost effective, non-intrusive • Maybe even free • Don’t destabilise the installation • Rapid to learn, rapid to deploy • Don’t have to read the 3,000 page handbook • Don’t have to wait for the next day for results MindGrove

  48. Assembling a security software tool kit Presented by Stan Dormer, B.Sc., FIIADirector of Education & Training ServicesMindGrove Ltd MindGrove

More Related