190 likes | 410 Views
Security Tools. CS-480b Dick Steflik. CACLS. Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files. CACLS. cacls /T /E /G administrator:F d:users*.*
E N D
Security Tools CS-480b Dick Steflik
CACLS • Windows NT, W2000, XP • Displays or modifies access control lists (ACLs) of files
CACLS • cacls /T /E /G administrator:F d:\users\*.* • Cacls will add Full Control for the adminsitrator account all files and subfolders in the Users folder of the D:\ drive. • cacls /T /E /R Everyone d:\users • Cacls will remove all permissions for the 'Everyone' group in all files and subfolders in the Users folder of the D:\ drive. • Be sure to use the /E switch when you are just making modifications to a specific account or group. Without the /E switch, your settings will replace the current security with only what is specified.
CACLS Of course anything done using CACLS could also be done through the GUI.
NSLOOKUP • Name Server Lookup • Windows NT, W2000, Linux, UNIX • used to resolve Internet names to IP addresses • default (no parameter) returns default name server address (windows) ; on Linux/UNIX enters conversational mode allowing lookups until you quit
Traceroute • Tracert (windows) ; traceroute (Linux/Unix) • used to display all of the routers between two communicating Internet hosts • options: • -d don’t resolve addresses to host names • -h (m) max number of hops to search for target • -j (hostlist) loose source route along the host list • -w (timeout) wait (timeout) msec for each reply
xmtr • LINUX version of traceroute • requires superuser authority • GUI application
ping • Send an ICMP echo request message to a specific host • plat form differences • Linux - no parameters, sends repeated /continuous requests until terminated • Windows - -t switch send continuous pings • Unix (most) -s switch sends continuous pings
WS-Ping – Security Analysis Tool • COTS (common Off The Shelf) IPSwitch • www.ipswitch.com • Verify connectivity to a particular device on your network • Quantitatively test data connections between your computer and a remote system • Trace the path to a network host or device • Obtain information on host names and IP addresses • Scan your network and list devices and network services • View summary information about a network host or device including the official hostname, IP address, and contact information (from the Whois database) • View Simple Network Management Protocol values as well as Windows network domains, hosts, and workstations • Search information (such as user's full names and e-mail addresses) available through LDAP
WS-Ping • Features tools for : • Ping - Click to Enlarge Ping - Use Ping to determine if a network device is reachable. • Traceroute - Use traceroute to trace the path to a network host or device. • Throughput - Click to Enlarge Throughput - Use Throughput to test the data speed on a connection with a remote host. • Lookup - Use Lookup to obtain information on host names and IP addresses. • Info - Use the Info tool to view summary information about a network host or device. • Whois - Use Whois to obtain information on names from the Network Information Center. • Finger - Use finger to obtain information about a user or host (if supported on the remote host). • SNMP - Use the SNMP tool to view Simple Network Management Protocol values. • Scan - Use Scan to scan your network and list devices. • WinNet - Use the WinNet tool to view your Windows Network domains, hosts, and workstations. • LDAP- Use the LDAP tool to search for names and information available through LDAP. • Time - Use the time tool to query multiple time servers or to synchronize your local system clock. • Quote - Use Quote to view quotations from a Quote server. • HTML - Use the HTML tool to help you efficiently debug your Web site.
SATAN • Security Administrators Tool for Analyzing Networks • web based • Ten years old • Open Source ( http://www.fish.com/satan • Rational for SATAN is explained at : • http://www.fish.com/satan/admin-guide-to-cracking.html • There are a number of SATAN derivatives: • SAINT Scan Engine – Saint Corporation • http://www.saintcorporation.com/products/saint_engine.html • SANTA
SATAN • SATAN recognizes several common networking-related security problems, and reports the problems without actually exploiting them. • For each type or problem found, SATAN offers a tutorial that explains the problem and what its impact could be. • The tutorial also explains what can be done about the problem: correct an error in a configuration file, install a bugfix from the vendor, use other means to restrict access, or simply disable service.
Problems Found by SATAN • NFS file systems exported to arbitrary hosts • NFS file systems exported to unprivileged programs • NFS file systems exported via the portmapper • NIS password file access from arbitrary hosts • Old (i.e. before 8.6.10) sendmail versions • REXD access from arbitrary hosts • X server access control disabled • arbitrary files accessible via TFTP • remote shell access from arbitrary hosts • writable anonymous FTP home directory
Nessus • Vulnerability Scanner • Nessus development Team • plug-in based • Finger Abuses • Windows • Backdoors • Gain a shell remotely • CGI abuses • Remote file access • RPC • Firewalls • FTP • SMTP • Gain root remotely • NIS • DOS • Miscellaneous
Nessus • Client Server architecture • plug-ins are for the server, client is for administration and analysis • creates reports in HTML, LaTeX, ASCII, and XML • including graphs