/ ECSA / LPT EC Council EC - Council Module XVII Vulnerabilit y Anal y sis yy Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration Testing Fi ll Router and Internal Fi rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration Testing Denial of Service Penetration Testing Password Cracking Stolen Laptop, PDAs and Cell Phones Social Engineering Application Cont’d EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Penetration Testing Penetration Testin g Penetration Testing Penetration Testin g Penetration Testing Roadmap (cont ’ d) (cont d) Cont’d Physical Si Database Pii VoIP PiTi S ecur i t y Penetration Testing P enetrat i on test i ng P enetrat i on T est i n g Vi d Vi rus an d Trojan Detection War Dialing VPN Penetration Testing Log Management Penetration Testing File Integrity Checking Blue Tooth and Hand held Device Penetration Testing Telecommunication And Broadband Communication Email Security Penetration Testin g Security Patches Data Leakage Penetration Testing End Here EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Communication Penetration Testing g Penetration Testing Penetration Testing Why Assess? Before starting a penetration test, you must identify vulnerabilities a g ainst network s y stems usin g vulnera b ilit y scanner gygby Produce and analyze the vulnerability assessment report Identify areas where penetration is possible Locate hacking tools Att t t t t Att emp t t o pene t ra t e EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Vulnerability Classification Misconfigurations Default installations Buffer Overflows Unpatched servers Default passwords Default passwords Open services Application flaws Operating systems flaws Design flaws EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What is Vulnerability Assessment? Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to application, including current security procedures and controls, to withstand assault. A vulnerability assessment may be used to: • Identify weaknesses that could be exploited. • Predict the effectiveness of additional securit y measures in A vulnerability assessment may be used to: y protecting information resources from attack. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Types of Vulnerability Assessment An Active Assessment scans the network using any network scanner An Active Assessment scans the network using any network scanner to find hosts, services, and vulnerabilities. A Passive Assessment is a technique that sniffs the network traffic to A Passive Assessment is a technique that sniffs the network traffic to find out active systems, network services, applications, and vulnerabilities present. A Host-based Assessment is a sort of security check that carries out a configuration level test through command line. An Internal Assessment is a technique to scan the internal infrastructure to find out the ex p loits and v ulnerabilities. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited p Types of Vulnerability Assessment (cont ’ d) Assessment (cont d) An External Assessment assesses the network from a hacker's point f i t fi d t ht lit d l biliti ibl t th o f vi ew t o fi n d ou t w h a t exp l o it san d v u l nera biliti es are access ibl e t o th e outside world. Application Assessments tests the web server infrastructure for any misconfiguration, outdated content, and known vulnerabilities. Network Assessments determine the possible network security attacks that may occur on the organizations system. Wireless Network Assessments determine and track all the wireless tk lt t th li t’ it EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ne t wor k spreva l en t a t th ec li en t’ ss it e. How to Conduct a Vulnerability Assessment Assessment Use vulnerability assessment tools Check for misconfigured web servers, mail servers, firewalls, etc. Search the web for posting about the company’s vulnerability: • Example: A hacker would post something like “I could not believe the XSECURITY’s website had serious SQL injection flaws! Oh my God!” Search at underground websites for more postings about the company ’ s Search at underground websites for more postings about the company s vulnerabilities Hk ftl h tt k if ti ith th EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited H ac k ers f requen tl yexc h ange a tt ac k i n f orma ti on w ith one ano th er How to Obtain a High Quality Vulnerability Assessment Vulnerability Assessment Select the adviser carefully: • Check if he/she has good experience with various applications and operating systems • Check if he / she has g ood understandin g of the core p rotocol /g g p • Check if he/she has an idea of the detection techniques • Check if he/she has good communication skills and has the ability to offer proper mitigation recommendation Define the scope of the vulnerability assessment Define the rules that will manage the assessment EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Classify the v ulnerabilities that need instant notification [...]... training EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Vulnerability Analysis Stages Vulnerability analysis refers to identifying areas where vulnerability exists i t Perform vulnerability analysis and list the areas that needs testing and penetration t ti Vulnerability penetration capabilities can be broken down i t th b k d into three steps: t • Locating... is Strictly Prohibited Types of Vulnerability Assessment Tools Host-based vulnerability assessment tools: • A host-based vulnerability assessment tool finds and identifies the OS running on a particular host computer and tests it for known deficiencies • Searches for common applications and services Application-layer vulnerability assessment tools: • Application-layer vulnerability assessment tools... Rights Reserved Reproduction is Strictly Prohibited Timeline A typical vulnerability assessment can take as long as 12 weeks weeks EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Penetration Attempts Analyze Vulnerability Assessment Report Start Vulnerability assessment Identify areas Of vulnerability assessment Penetration Attempts Locate Hacking tools EC-Council... flaws EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Vulnerability Report Model Vulnerability Report Report ScanAlert Tool (name, version) Scan Information Scan Information Scanner Target Information Target Information Node Results Summary Vulnerability Target Node Vulnerability y Information Name OS Classification URL Date Summery EC-Council Services Security... Prohibited Qualys Vulnerability Scanner: Screenshot EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Cycorp CycSecure Scanner Features: • • • • Automated network state detection Compound vulnerability analysis Identifying the most critical vulnerabilities to be corrected Reporting the actual sequences of actions that can compromise your network • "What if" analysis. .. EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Vulnerability Assessment Tools Qualys Vulnerability Scanner Cycorp CycSecure Scanner eEye Retina Network Security Scanner Foundstone Professional Scanner GFI LANguard Network Security Scanner d k ISS Internet Scanner SAINT Vulnerability Scanner Symantec NetRecon Scanner Shadow Security Scanner Open Source Nessus... Reproduction is Strictly Prohibited Types of Vulnerability Assessment Tools (cont’d) (cont d) Active/passive tools: • Active scanners perform vulnerability checks on the network that consumes resources on the network • Passive scanners though does not affect system resources though, considerably, they only observe system data and performs data processing on a separate analysis machine Location/data examined... EC-Council Examines the network architecture Evaluates the threat environment Allows penetration testing Examines and evaluates physical security Performs a physical asset analysis P f h i l t l i Observes policies and procedures Conducts an impact analysis Performs a risk characterization P f i k h t i ti Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Post-Assessment Phase... EC-Council Network-based Network based scanner Agent-based scanner Proxy scanner Cluster scanner Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Choosing a Vulnerability Assessment Tool Vulnerability assessment tools are used to test a host or application for vulnerabilities While choosing these tools, they should satisfy the following requirements: • Test from dozens to... network, application mapping and penetration tests • Number of vulnerability scripts the tools have for the platforms you're scanning and how often they're updated • Generate reports • Check different levels of penetration to prevent lockups EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Choosing a Vulnerability Assessment Tool (cont’d) (cont d) Types of vulnerabilities . Reproduction is Strictly Prohibited Vulnerability Analysis Stages Vulnerability analysis refers to identifying areas where vulnerability it ex i s t s. Perform vulnerability analysis and list the areas. a Vulnerability Assessment Assessment Use vulnerability assessment tools Check for misconfigured web servers, mail servers, firewalls, etc. Search the web for posting about the company’s vulnerability: •. / ECSA / LPT EC Council EC - Council Module XVII Vulnerabilit y Anal y sis yy Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration Testing Fi