Vulnerability Detection Department of Computer Science Montclair State University Course : CMPT 585-01 - Computer and Data Security Semester : Fall 2005 Student : Hung Nhu Nguyen Instructor : Dr. Stefan Robila http://www.geocities.com/ngnhuhung/project_585.html Dec 12, 2005CMPT 585 – 01. (Fall 05) Project: Vulnerability detection Student: Hung Nhu Nguyen 2 Table of contents 1. Abstract. 2. Introduction. 2.1. What is a vulnerability? 2.2. Vulnerabilities detection system 2.3. Vulnerability scanner 3. Introduce ATK. 3.1. What is ATK? 3.2. What is plugin? 3.3. How does ATK scan vulnerability? 3.4. How to use the ATK? 3.4.1. Configuration 3.4.2. Selecting a plugin 3.4.3. Running the scan and Analyzing the results 3.4.4. Portscanner, ICMPPing, nslookup 4. Conclusion 5. ReferencesCMPT 585 – 01. (Fall 05) Project: Vulnerability detection Student: Hung Nhu Nguyen 3 1. Abstract. Everything has both two sides, the left side and the right side, the useful side and the harmful side. Also in the world of computers, the computers bring to people too much convenient. Certainly everybody knows that, so I do not want to say again. Beside these convenient, sometimes they have some problems that reduce the convenient, even effect to user’s information and harmful for users. On the other hand, when the crimes of computer were born, people use computer (internet) is being concerned by them. They always find out the flaws on the internet, in the software to attack. On the computer systems always exist the vulnerabilities. A vulnerability represents a weak point though which the security of a computer can be breached. A vulnerability is a programming error in an application that can be exploited to gain access to the computer with that program installed. So that we have to discover those vulnerabilities as soon as possible to reduce the damage has done by attackers. In this project, I would like to study about the vulnerability detection system as well as build tool to help to detect the vulnerability on a system. In addition, I introduce the ATK that is vulnerability scanner and exploiting framework. It is possible to detect potential flaws and exploit found vulnerabilitiesCMPT 585 – 01. (Fall 05) Project: Vulnerability detection Student: Hung Nhu Nguyen 4 2. Introduction. 2.1. What is a vulnerability? A vulnerability represents a weak point though which the security of a computer can be breached. A vulnerability is a programming error in an application that can be exploited to gain access to the computer with that program installed. 2.2. Vulnerabilities detection system. A vulnerability detection system (VDS) is a continuously monitoring, always-on system that can detect and alert administrators to the presence of vulnerabilities as they appear. Think of it conceptually akin to an IDS except instead of constantly monitoring for hackers attempting to break-in, you are constantly monitoring for vulnerabilities hackers COULD use to break-in, before they actually do. A vulnerability detection system is a type of monitoring system that you can build yourself out of existing security products you are probably already using by doing a little bit of tweaking and integration work. Of course, vendors are sure to come along to make that easier for you, but the main advantage of pre-built solutions will be to save you time and money in building, deploying, and managing these systems, and be wary of those who claim otherwise. 2.3. Vulnerability scanner. A vulnerability scanner is a type of computer program specifically designed to search a given target (piece of software, computer, network, etc) for weaknesses. The scanner systematically engages the target in an attempt to assess where the target is vulnerable to “attack”. The program can be used either prophylactically (to find holes and plug them before they are exploited) or maliciously (to find holes and exploit them). VDS is not the same thing as a vulnerability scanner or security assessment tool. But a vulnerability scanner is the closest relative to a VDS and they share a common goal. Vulnerability scanners take a snapshot of a system and report the vulnerabilities that appear at that point in time. In contrast, a vulnerability detection system is continuously monitoring a network for the appearance of new vulnerabilities so that if one appears,CMPT 585 – 01. (Fall 05) Project: Vulnerability detection Student: Hung Nhu Nguyen 5 administrators are instantly alerted to the presence of it. A good way to think of it is that vulnerability scanners audit periodically and VDS monitor continuously. Figure 1: Components of a network-based scanner 3. Introduce ATK 3.1. What is ATK? The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize fast checks for dedicated vulnerabilities. In the meanwhile it is a combination of security scanner (e.g. Nessus) and exploiting framework (e.g. MetaSploit). The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is developed and maintained by Marc Ruef. (http://www.computec.ch/mruef/) ATK is written in Visual Basic, underlies the General Public License (GPL) and is absolutely free to use and distribute. The ATK is a vulnerability scanner and exploiting framework. It is possible to detect potential flaws and exploit found vulnerabilities. Thus the ATK is a very powerfulCMPT 585 – 01. (Fall 05) Project: Vulnerability detection Student: Hung Nhu Nguyen 6 tool for administrators, security auditors and penetration testers to secure an IT environment. 3.2. What is plugin? A plugin is a small file that provides the data for checking. Every plugin contains one single check, the description, the procedure to verify the existence of the flaw and further informations. Plugins are necessary to use the ATK, doing checkings