Retina Network Security Scanner - PowerPoint PPT Presentation

About This Presentation
Title:

Retina Network Security Scanner

Description:

Download from. http://www.eeye.com/html/products/retina/download/index.html ... Aim: To test whether retina network scanner will detect the users weak passwords ... – PowerPoint PPT presentation

Number of Views:802
Avg rating:3.0/5.0
Slides: 29
Provided by: Aji64
Category:

less

Transcript and Presenter's Notes

Title: Retina Network Security Scanner


1
Retina Network Security Scanner
  • By
  • Ajith U Kamath
  • 60-564 Project

2
AGENDA
  • Introduction
  • Installation procedure
  • Features
  • Test cases and results
  • Points noted during testing
  • Conclusion

3
INTRODUCTION
  • Importance of Network Security Scanner
  • Retina Network Security Scanner

4
INSTALLATION
  • System Requirements
  • Download from
  • http//www.eeye.com/html/products/retina/down
    load/index.html
  • Install

5
FEATURES Retina Session
6
FEATURES (Cont)
  • Discover Tab
  • Discover network machines
  • Customizable TCP, UDP, and ICMP discovery, OS
    detection, and general machine information
  • Retina can also be configured to discover active
    wireless devices
  • Additional IPs with Retina licenses on the
    network

7
FEATURES (Cont)
  • Target Types

8
FEATURES (Cont)
  • Audit Tab

9
FEATURES (Cont)
  • Modifying the Port Groups
  • All Ports
  • Discovery Ports
  • HTTP Ports
  • NetBIOS Ports
  • Custom Ports added

10
FEATURES (Cont)
  • Modifying Audit Groups
  • All Audits
  • SANS20 All
  • SANS20 Unix
  • SANS20 Windows
  • Custom Audit Groups

11
FEATURES (Cont)
  • Remediate Tab
  • Generate reports used in remediation management
  • Create customized reports

12
FEATURES (Cont)
  • Configurations pane
  • Scan Jobs
  • Results

13
FEATURES (Cont)
  • Report Tab
  • Detailed information gathered by the scanner
  • Customized reports
  • Report can be opened in MS Word or Internet
    Explorer

14
TEST CASES AND RESULTS
  • Network Configuration

15
TEST CASES AND RESULTS
  • Test Case One
  • Aim To scan the ports on the windows server.
  • Description To run the complete scan of all the
    ports on the windows server.
  • Test Result Passed

16
TEST CASES AND RESULTS
17
TEST CASES AND RESULTS
  • Test Case Two
  • Aim To scan the Red Hat Linux server and match
    the result with other security tool.
  • Description By comparing the result with other
    network security tool like GFI LANguard we can
    actually check whether the result produced by
    Retina Scanner is proper or it lacks in giving
    some information.
  • Test Result Failed.

18
TEST CASES AND RESULTS
  • The result obtained from Retina

19
TEST CASES AND RESULTS
  • The result obtained from GFI LANguard

20
TEST CASES AND RESULTS
  • Test Case Three
  • Aim To test whether retina network scanner will
    detect the users weak passwords
  • Description The user account in question could
    have a password that is exactly the same as the
    account name except for it is backwards.
    Therefore an attacker could easily guess this
    password and gain access to your system via this
    account and then further their access into your
    network.
  • Test Condition Created a user account kamath
    with password as htamak i.e. opposite to the
    user login name on 137.207.234.151 machine.
  • Test Result Passed

21
TEST CASES AND RESULTS
22
TEST CASES AND RESULTS
  • Test Case Four
  • Aim To test the windows server 2003 for
    CVE-2000-1200.
  • Description Windows NT allows remote attackers
    to list all users in a domain by obtaining the
    domain security identifier (SID) with the
    LsaQueryInformationPolicy policy function via a
    null session and using the SID to list the users.
  • Test Result Passed

23
TEST CASES AND RESULTS
24
POINTS NOTED DURING TESTING
  • The results were not consistent in few test
    cases. The following diagrams shows while the
    network is discovered using the software.

25
POINTS NOTED DURING TESTING
  • In the following diagram, the Mac address for
    machine 137.207.234.151 is not displayed.

26
POINTS NOTED DURING TESTING
  • When the same machine is discovered again,
    Mac address is displayed.

27
POINTS NOTED DURING TESTING
  • The software was unstable during testing. When
    the link connecting to the destination went down
    while the retina was still scanning the machine,
    scanner hanged. The scanner was not responding
    for any commands. But the problem could not be
    reproduced when tested under the same conditions
    again.

28
Conclusion
  • The 2004 Readers' Choice Best Security Scanner
    award
  • User friendly interface
  • Many features included
  • Could not scan medium risk vulnerabilities when
    compared to other tools.
Write a Comment
User Comments (0)
About PowerShow.com