introduction to vulnerability assessment labs
play

Introduction to Vulnerability Assessment Labs Ge Zhang - PowerPoint PPT Presentation

Nov 22, 2022 •5 likes •315 views

Introduction to Vulnerability Assessment Labs Ge Zhang ge.zhang@kau.se Dvg-C03 Karlstad University Schedule 3 Attacking methods Password cracking ARP spoofing & sniffing Port Scanning 1 Defense methods

  1. Introduction to Vulnerability Assessment Labs Ge Zhang ge.zhang@kau.se Dvg-C03 Karlstad University

  2. Schedule • 3 Attacking methods – Password cracking – ARP spoofing & sniffing – Port Scanning • 1 Defense methods – Firewall configuration • 2 Vulnerability assessment tool – Nessus – Bastille Karlstad University

  3. Environment • 3 VM images ( c:\vmware\valab-ht11 ) Hub Hub Switch Hub Hub Host machine VM Karlstad University

  4. Password Cracking • Authentication: – Something you know – Something you have – Something you are • Password need to be transferred • Password need to be stored Karlstad University

  5. Brute Force • Attempts all possible combinations of letters and numbers • Possible Solution – Limit amount of unsuccessful logins – Change password often – The length should be at least 8 characters Karlstad University

  6. Dictionary • Type of Brute Force • Only tries possibilities that are likely to succeed • List are derived from dictionary • Possible Solutions – Mix and match numbers, letters, upper and lower case – Avoid passwords based on dictionary words, letter or number sequences, usernames, or biographical information Karlstad University

  7. John the ripper • Traditionally the account information is stored in the /etc/passwd file • The /etc/passwd file is world-readable • Shadow password system stores passwords in the file /etc/shadow which is not world-readable • Have a look on – /usr/share/doc/john-1.7.0.2/EXAMPLES • Then create your own account and password, run “john” again to see the result • useradd [your account] • passwd [your account] Karlstad University

  8. Sniffing Hub shared Token Ring • Hub : a hub simply receives incoming packets and broadcasts these packets out to all devices on the network • Adapt promiscuous mode : an adapter can receive all frames on the network, not just frames are addressed to that adapter Karlstad University

  9. Wireshark Show capture options Select network interface Filters for display Filters for Capture Karlstad University

  10. Wireshark Stop capturing Captured datagrams Datagrams analysis Datagrams in Hex Karlstad University

  11. Hub v.s. switch • Hub: Layer 1 (physical) Hub • Switch: Layer 2 shared (data-link) Token Ring Switch Dedicated Karlstad University

  12. ARP (Address Resolution Protocol) • MAC address (layer 2) – Global unique – Unchangeable • IP address (layer 3) – Network unique IP address IP address – Changeable ARP RARP MAC address MAC address Karlstad University

  13. ARP spoofing (cache poisoning) on switch Who has the IP address 192.163.0.4? Tell 192.163.0.4->DD I am 192.163.0.4, with mac address DD 192.163.0.1 with mac: AA 192.163.0.1 (AA) 192.163.0.1 (AA) 192.163.0.2 (BB) 192.163.0.2 (BB) 192.163.0.3 (CC) 192.163.0.3 (CC) 192.163.0.4 (DD) 192.163.0.4 (DD) 192.163.0.4->CC I am 192.163.0.4, with mac address CC 192.163.0.1 (AA) 192.163.0.1 (AA) I am 192.163.0.1, with mac address CC 192.163.0.1->CC 192.163.0.2 (BB) 192.163.0.2 (BB) 192.163.0.3 (CC) 192.163.0.3 (CC) 192.163.0.4 (DD) 192.163.0.4 (DD) Karlstad University

  14. Preparation • ipconfig /all • Let me know the last number of your ip address and mac address • ping [IP address] –t Door Door ping ping ping ping ping ping ping ping ping ping ping ping ping ping ping Ping Window Karlstad University

  15. Cain Select interface Scan MAC addresses Scanned results ARP spoofing configuration Karlstad University

  16. Cain Add to list for spoofing Spoof the arp cache for these two hosts to intercept the conversation between them Karlstad University

  17. Cain Start ARP Spoofing Karlstad University

  18. Port Scanning • Attackers wish to discover services they can break into. • Whether the service existing? • sending a packet to each port, once at a time. – Based on the type of response, an attacker knows if the port is used. – The used ports can be probed further for weakness. • Well-known: tcp 21, tcp 22, tcp 23, tcp 80 … Karlstad University

  19. Nmap • -sT (scanning by TCP connections) • -sS (SYN scanning) • -sU (UDP scanning) • -sV (Version detection) • -O (OS fingerprinting) • -T[0-5] (time interval) • -f (fragmenting) Karlstad University

  20. Nmap Karlstad University

  21. Nmap • Zenmap: graphical interface Karlstad University

  22. Firewall • A set of related programs that protects the resources of a private network or a host from external environment. • A mechanism for filtering network packets based on information contained within the IP header. Karlstad University

  23. IPtables 3 default chains • input Used to control packets entering the interface. (The packets will be ended in this machine) • output Used to control packets leaving the interface. (The packets are originated from this machine) • forward Used to control packets being masqueraded, or sent to remote hosts. Karlstad University

  24. IPtables • iptables command [match] [target] • Command: -A, -I, -D, -F, -L • Match: -p [protocol], -s [source IP], -d [destination IP], -i [interface], --sport [source port], --dport [destination port] • Target: -j [ACCEPT/DROP/LOG…] • Example: – iptables –I INPUT –p ICMP –j DROP – iptables –I INPUT –p ICMP –icmp-type 0 –j ACCEPT • Our task: restrict all inbound traffic, except SSH requests on port 22. However, any outgoing requests should not be affected. Karlstad University

  25. Nessus • Remote vulnerability scanner • Nessus will – Perform over 900 security checks – Accept new plugins to expand new checks – List security concerns and recommend actions to correct them Karlstad University

  26. Nessus • Client/server architecture – Server: perform checking – Client: Front-end • Can test unlimited amount of hosts in each scan www FTP Nessus Server Nessusd Nessus Client Mail VoIP Karlstad University

  27. Nessus Karlstad University

  28. Nessus Karlstad University

  29. Bastille • Operating System Hardening – Remove unnecessary processes – Setting file permissions – Patching and updating – Setting networking access controls • Generate your own hardening policy • Can be run manually to provide advice and information Karlstad University

  30. Bastille • Assessment mode: bastille -a Karlstad University

  31. Bastille • Configuration mode: bastille -x Karlstad University

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures Islamabad Pakistan Assessment and Vulnerability Assessment and Vulnerability Reduction Measures Reduction Measures adpc Asian Disaster

702 views • 46 slides
Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides
Introduction to Risk Assessment Introduction to Risk Assessment Samjwal Ratna Bajracharya

Introduction to Risk Assessment Introduction to Risk Assessment Samjwal Ratna Bajracharya

Training/workshop on Training/workshop on Earthquake Vulnerability and Multi Earthquake Vulnerability and Multi- -Hazard Risk Assessment: Hazard Risk Assessment: Geospatial Tools for Rehabilitation and Reconstruction Effort

739 views • 49 slides
Contents What is vulnerability? Why conduct vulnerability assessments? Defining

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides
Climate Change and Health An Introduction to PPHs Vulnerability Assessment and Adaptation Plan

Climate Change and Health An Introduction to PPHs Vulnerability Assessment and Adaptation Plan

Climate Change and Health An Introduction to PPHs Vulnerability Assessment and Adaptation Plan December 5, 2019 Ontario Public Health Standards Healthy Environments Program Standard Goal: To reduce exposure to health hazards and promote the

350 views • 16 slides
vulnerability in urban area Olivier SANTONI FERDI AREQUIPA - May 2017 Risk assessment

vulnerability in urban area Olivier SANTONI FERDI AREQUIPA - May 2017 Risk assessment

Using GIS to assess hazard and vulnerability in urban area Olivier SANTONI FERDI AREQUIPA - May 2017 Risk assessment Hazard mapping Vulnerability mapping at city block scale - Population vulnerability - Physical vulnerability

287 views • 28 slides
Assessment of Vulnerability to Sea Level Rise and Recommended Mitigation Strategies for

Assessment of Vulnerability to Sea Level Rise and Recommended Mitigation Strategies for

Assessment of Vulnerability to Sea Level Rise and Recommended Mitigation Strategies for Pasquotank County Bobby Harris, Radha Patel, Neil Sullivan, Molly Fisher, and Cassy Karlsson Professor David Salvesen Vulnerability Mitigation

440 views • 40 slides
Hillsborough County MPO: Vulnerability Assessment and Adaptation Pilot Project Presented to:

Hillsborough County MPO: Vulnerability Assessment and Adaptation Pilot Project Presented to:

12/22/2014 Hillsborough County MPO: Vulnerability Assessment and Adaptation Pilot Project Presented to: Florida MPO Advisory Council January 22, 2015 1 Project background FHWA Pilot: Climate change vulnerability assessment and adaptation

563 views • 14 slides
Vulnerability Extrapolation USENIX WOOT 2011 Fabian fabs Yamaguchi Recurity Labs GmbH,

Vulnerability Extrapolation USENIX WOOT 2011 Fabian fabs Yamaguchi Recurity Labs GmbH,

Vulnerability Extrapolation USENIX WOOT 2011 Fabian fabs Yamaguchi Recurity Labs GmbH, Germany Agenda Patterns you find when auditing code Exploiting these patterns: Vulnerability Extrapolation Using machine learning to get

730 views • 25 slides
Health Vulnerability Assessment: MOHLTC Guidance and Resources Clean Air Partnership Health

Health Vulnerability Assessment: MOHLTC Guidance and Resources Clean Air Partnership Health

Health Vulnerability Assessment: MOHLTC Guidance and Resources Clean Air Partnership Health Vulnerability Assessments & Climate Resilience Opportunities November 10, 2017 Environmental Health Policy and Programs, Population and Public

317 views • 9 slides
Climate Change Vulnerability Assessment of Socio-Ecological Systems (VASES): Part 1. Approach

Climate Change Vulnerability Assessment of Socio-Ecological Systems (VASES): Part 1. Approach

Climate Change Vulnerability Assessment of Socio-Ecological Systems (VASES): Part 1. Approach and Methods Hanoi 20 December 2016 Content 1. Starting point for EbA and Socio-ecological systems (SES) 2. Vulnerability Assessment steps 3.

858 views • 56 slides
SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc.

SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc.

SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc. June 22, 2012 HACK IN PARIS Agenda SCADA Basics Threats (where, why & how) Challenges Recommendations and Proposals ScadaScan tool HACK

997 views • 65 slides
Climate Change Vulnerability Assessment for the Town of Truckee GEOS INSTITUTE Whole Community

Climate Change Vulnerability Assessment for the Town of Truckee GEOS INSTITUTE Whole Community

U.S. BLM NOAA W. Stewert Climate Change Vulnerability Assessment for the Town of Truckee GEOS INSTITUTE Whole Community Adaptation HUMAN BUILT NATURAL ECONOMIC CULTURAL Components of Vulnerability Climate change is simple, serious,

247 views • 24 slides
Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
Introduction What is Disaster vulnerability? Vulnerability is the inability to resist a

Introduction What is Disaster vulnerability? Vulnerability is the inability to resist a

Vulnerability to Disasters: A Gendered Analysis on Water Availability and Livelihoods in Nadu Colony, Kovalam, Chennai, India Group No: 02 Sumaia Kashem Shreeya Lohani Shanmuga Priya. G Meththa Prabodhani Menike

834 views • 40 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
Internet Protocol v6 October 25, 2016 v6@nkn.in Table of Content Why IPv6? Why IPv6?

Internet Protocol v6 October 25, 2016 v6@nkn.in Table of Content Why IPv6? Why IPv6?

Internet Protocol v6 October 25, 2016 v6@nkn.in Table of Content Why IPv6? Why IPv6? IPv6 Address Space IPv6 Address Space Customer LAN Migration Customer LAN Migration Why IPv6? Why IPv6? IPv6 Address Space IPv6

770 views • 58 slides
Compliance Verification Process for Ethernet ECUs Its alive! Munich, Feb, 3rd 2016 Georg

Compliance Verification Process for Ethernet ECUs Its alive! Munich, Feb, 3rd 2016 Georg

Compliance Verification Process for Ethernet ECUs Its alive! Munich, Feb, 3rd 2016 Georg Janker CTO experts in automotive data communication www.ruetz-system-solutions.com Agenda 1. Motivation 2. The Compliance Verification Process 3.

497 views • 22 slides
Fail-Safe/Local IP Address and Local Link Fail-Safe/Local IP address - the IP address

Fail-Safe/Local IP Address and Local Link Fail-Safe/Local IP address - the IP address

Fail-Safe/Local IP Address and Local Link Fail-Safe/Local IP address - the IP address designed to be always reachable by the administrator with a direct Local Link connections Local Link Local Link 1 Mesh Manager Direct Wireless

109 views • 9 slides
Computer Networks I Computer Networks I Networks A networks connection structure is known as

Computer Networks I Computer Networks I Networks A networks connection structure is known as

Computer Networks I Computer Networks I Networks A networks connection structure is known as its network topology . Host nodes source and destination of messages Communication nodes where messages pass through; can be

304 views • 26 slides
Presentation by the East African Community on Silencing the Guns in Africa: Nexus between

Presentation by the East African Community on Silencing the Guns in Africa: Nexus between

Presentation by the East African Community on Silencing the Guns in Africa: Nexus between Peace, Security, Governance and Development CHARLES NJOROGE,EBS EAC Deputy Secretary General (Political Federation). His Excellency Mahamat Zene

57 views • 5 slides
Graph Model of an IEEE802.1 Based Network Structure and Its Application for Enterprise

Graph Model of an IEEE802.1 Based Network Structure and Its Application for Enterprise

Advances in Methods of Information and Communication Technology, 2015 Graph Model of an IEEE802.1 Based Network Structure and Its Application for Enterprise ICT-infrastructure Discovery Anton Andreev Iurii A. Bogoiavlenskii Aleksandr Kolosov

464 views • 34 slides
Disclosures No conflicts of interest 2 | Global Action Plan AMR Growing Awareness &

Disclosures No conflicts of interest 2 | Global Action Plan AMR Growing Awareness &

Global Strategies to Address AMR Carmem Lcia Pessoa-Silva, MD, PhD Antimicrobial Resistance Secretariat EMA Working Parties with Patients and Consumers Organisations (PCWP) and Healthcare Professionals Organisations (HCPWP) joint

738 views • 30 slides
Incentivize decentralized WiFi roaming through VPN on home routers RP2 rp-id 25, Security and

Incentivize decentralized WiFi roaming through VPN on home routers RP2 rp-id 25, Security and

Incentivize decentralized WiFi roaming through VPN on home routers RP2 rp-id 25, Security and Network Engineering, UvA Sander.Lentink@os3.nl Peter.Boers@surfnet.nl 2019-11-13 1 / 38 Introduction We desire Wi-Fi Wi-Fi being the best

576 views • 38 slides

More recommend