CSCI 530LVulnerability AssessmentPenetration TestingNetwork-wide vulnerability assessmentSingle-system vulnerability assessmentNessusNessus ComponentsHow we are going to use NessusCSCI 530LVulnerability AssessmentVulnerability AssessmentProcess of identifying vulnerabilities that exist in a computer systemHas many similarities to risk assessmentFour main stepsCataloging assets and capabilities (resources) in a system Assigning quantifiable value and importance to the resources Identifying the vulnerabilities or potential threats to each resource Mitigating or eliminating the most serious vulnerabilities for the most valuable resourcesPenetration TestingMethod of evaluating the security of a system by simulating a hacker attackPenetration Test and Vulnerability Assessment are differentIn a vulnerability assessment, we identify the weaknesses, but do not exploit themTools for a penetration testMetasploitExploit TreeNetwork-wide vulnerability assessmentIdentify all the resources in the networkAssign a criticality ratingFor example, a rating between 1 and 10 with 10 having a high criticality (such as a Domain Controller), and a 1 having a low criticality (a rarely used workstation)Identify the threats to the resourcesStart with the most critical resources and work your way down to the least critical systemsStart eliminating threats to the systemsPatching, closing ports, removing services, uninstalling programs, etc.Start with the most critical systems and work your way downwardsSingle-system vulnerability assessmentTwo different approachesAttempt to figure out all the vulnerabilities yourselfVery difficult to do effectively unless you have complete knowledge of that particular operating systemUse a combination of common hacking tools and hacking techniquesIf you are a good hacker and know a lot about operating systems, this method will potentially bring out more vulnerabilities of the systemUse a vulnerability scannerEasier to use a tool to get a report of a particular systemSubject to false positivesMust be used by an expert in security, because otherwise the report generated is uselessNessusThe open-source vulnerability assessment toolMost security experts consider it more powerful than even commercial softwareUses plug-ins for vulnerability assessmentHas up to date vulnerability exploits to scanHas a scripting language called Nessus Attack Scripting Language (NASL), so if you find a vulnerability, you can write a script for Nessus to scan for that particular vulnerabilityCan scan secure protocols, like SSLCan scan multiple computers, generating one report for all systems on a networkMature – its been around since 1998Nessus ComponentsServerNessusdUsed to be linux only, but the company recently released Nessus version 3, which has a Windows server versionListens on ports for nessus clients to connect to itClientNessusWindows and Linux versionsConnects to the Server for certificates and plug-insScans are run BY THE SERVER, the client configures how the scans are to be runHow we are going to use NessusBacktrackLinux live CDBoots linux off of the CD and loads the tools into RAMSpecialized for vulnerability assessment and penetration testingNessus is already configured for us on BacktrackLoad up the CD, load the nessus daemon, and start scanning
View Full Document