Network Security Fundamentals Security Training Course Dr. Charles - - PowerPoint PPT Presentation

▶

May 07, 2023 25 likes •240 views

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 8 Scanning Topics Scanning fundamentals Nessus installation & examination 04/13

SLIDE 1

Network Security Fundamentals

Security Training Course

Dr. Charles J. Antonelli

The University of Michigan 2013

SLIDE 2

Network Security Fundamentals

Module 8 Scanning

SLIDE 3

Topics

Scanning fundamentals
Nessus installation & examination

04/13 3 cja 2013

SLIDE 4

Scanning Fundamentals

SLIDE 5

Scanning

Purpose: Examine host(s) from the

network

What ports are open
What services are running
What flaws exist in those services
What type of OS is running
What kind of filtering is in place

04/13 5 cja 2013

SLIDE 6

Scanning

Modus operandi:
Phase 1: determine all hosts in specified range
Phase 2: interrogate open ports on each host

identified in Phase 1

Uses:
Attack tool

 Reconnaissance

Defensive tool

 Where are the security risks?

04/13 6 cja 2013

SLIDE 7

Scanners

Commercial
eEye Retina
ISS
…
Open source
Nessus
Nmap
…

04/13 7 cja 2013

SLIDE 8

Nessus Installation and Examination

SLIDE 9

Nessus

Was open-source, GPL
… Nessus 3.0 closed-source
… Nessus 4.0 plugins not free
Client/server architecture
Server placed on host(s) in network

 UNIX/Linux, AIX, Mac OS X

Client connects to server(s), runs test

 Web client

Strong authentication
SSL

04/13 9 cja 2013

SLIDE 10

Install Nessus

Download Nessus from http://www.tenable.com/products/nessus
Register scanner
Nessus no longer ships with any plugins
HomeFeed vs. ProfessionalFeed

 http://www.nessus.org/register/

Start the nessusd server
Browse to https://localhost.localdomain:8834
Create nessusd account
Get the plugins
This will consume about twenty minutes
Nessus is pre-installed in the virtual lab environment

04/13 10 cja 2013

SLIDE 11

Run Nessus

sudo nessusd start
Browse to https://localhost.localdomain:8834
Port opened after plugins have been processed
Understand certificate issues
Login to nessusd account
Add a policy: select plugins (checks to perform)
Add a scan: select targets (networks)
Start test!

04/13 11 cja 2013

SLIDE 12

04/13 12

Nessus login

cja 2013

SLIDE 13

04/13 13

Add a policy

cja 2013

SLIDE 14

04/13 14

Settings

cja 2013

SLIDE 15

04/13 15

Add a scan

cja 2013

SLIDE 16

04/13 16

Launch a scan

cja 2013

SLIDE 17

04/13 17

Running a scan

cja 2013

SLIDE 18

04/13 18

Scan finished

cja 2013

SLIDE 19

Examine results

Browse report
Three severity levels
Low - informational
Medium - possible vulnerability
High - verified vulnerability
Detail pane gives descriptions, suggested

fixes, CVE numbers, references and links

04/13 19 cja 2013

SLIDE 20

04/13 20

Scan results

cja 2013

Network Security Fundamentals

Security Training Course

The University of Michigan 2013

Network Security Fundamentals

Module 8 Scanning

Topics

04/13 3 cja 2013

Scanning Fundamentals

Scanning

network

04/13 5 cja 2013

Scanning

identified in Phase 1

 Reconnaissance

 Where are the security risks?

04/13 6 cja 2013

Scanners

04/13 7 cja 2013

Nessus Installation and Examination

Nessus

 UNIX/Linux, AIX, Mac OS X

 Web client

04/13 9 cja 2013

Install Nessus

 http://www.nessus.org/register/

04/13 10 cja 2013

Run Nessus

04/13 11 cja 2013

04/13 12

Nessus login

cja 2013

04/13 13

Add a policy

cja 2013

04/13 14

Settings

cja 2013

04/13 15

Add a scan

cja 2013

04/13 16

Launch a scan

cja 2013

04/13 17

Running a scan

cja 2013

04/13 18

Scan finished

cja 2013

Examine results

fixes, CVE numbers, references and links

04/13 19 cja 2013

04/13 20

Scan results

cja 2013

Additional Features

protocol, severity

04/13 21 cja 2013