Vulnerability Scanners - PowerPoint PPT Presentation

1 / 62
About This Presentation
Title:

Vulnerability Scanners

Description:

a network in order to determine if a system can be exploited ... Firewalling. Time to complete scan can range from minutes. to an hours. Scanning Steps (cont) ... – PowerPoint PPT presentation

Number of Views:105
Avg rating:3.0/5.0
Slides: 63
Provided by: AmyDe6
Category:

less

Transcript and Presenter's Notes

Title: Vulnerability Scanners


1
Vulnerability Scanners
Jeffrey Savoy, Information Security Officer
2
Roadmap
  • Background of vulnerability scanners
  • Scanning steps
  • Scanning case studies

3
Background of vulnerability scanners
Vulnerability scanning definition
The automated process of proactively
of identifying vulnerabilities of computers
systems in a network in order to determine if a
system can be exploited with known flaws.
4
Background of vulnerability scanners (cont)
Not the same as a formal IT risk assessment but
rather a component.
5
Background of vulnerability scanners (cont)
How fit into the IT security controls picture?
Vulnerability scanners
Firewalls
Intrusion detection systems
VPN
Virus protection
File integrity
6
Background of vulnerability scanners (cont)
Vulnerability scanning software categories
7
Background of vulnerability scanners (cont)
Network scan
Possible issue with host based?
Since need to install software, possible
problem with printer, hub and other OSes
8
Background of vulnerability scanners (cont)
In general, network scans most effectively
implemented by IT staff and not end users.
Complexities that we will discuss
However, results may be of interest to some end
users.
9
Background of vulnerability scanners (cont)
  • Scan Steps
  • Planning
  • Scanning
  • Action

10
Scanning Steps
Illustrate with ISS Internet Scanner 7.0
Similar concepts with other scanners, eg Nessus
Major change from Internet Scanner 6.2.1
11
Scanning Steps (cont)
Planning
Scanning perspectives (outer vs inner)
Bonus note Scanning engines can help verify
other security controls, eg nids.
12
Scanning Steps (cont)
Scanning software install
Install highlights
Windows 2000 Professional or XP
MSDE needed before Internet Scanner
install Microsoft SQL Desktop Engine sp 3 Can
download from ISS www.iss.net/download
13
Scanning Steps (cont)
Need an Internet Scanner license file to perform
more than loopback (127.0.01) scans.
Loopback scans useful! May contain additional
info
14
Scanning Steps (cont)
Installing Internet Scanner license
C\program files\iss\scannerconsole\licenses
License file needs .isslicense ending!
15
Scanning Steps (cont)
Confirm license install
16
Scanning Steps (cont)
Run before each scan!
Start menu
ISS/Internet Scanner 7.0/X-Press Update Install
Most current XPU for version 7 is 7.2
17
Scanning Steps (cont)
Create a Scan Session
  • License
  • Scan Policy
  • IP Address Range

Set Session Properties
18
Scanning Steps (cont)
Choices to learn if a host is alive for
subsequent scan
  • Scan if Ping Successful
  • Scan if Open Ports Discovered
  • Scan Always

Factors to consider Time and Firewalls
19
Scanning Steps (cont)
Choose Scan Policy
Basic levels Discovery, L3, L4 and L5
20
Scanning Steps (cont)
Review and/or copy existing policy and update
Key Blank -gt No options selected Gray -gt Some
options selected Checked -gt All options selected
21
Scanning Steps (cont)
Details available for each option
22
Scanning Steps (cont)
Vulnerabilities
Denial of Service
  • Not chosen by default
  • May cause an outage

Standard
23
Scanning Steps (cont)
Many Windows vulnerability checks need
administrator rights!
Review and unselect as appropriate
24
Scanning Steps (cont)
Adding account information to scans
25
Scanning Steps (cont)
Make sure that SmartScan enabled Common
Settings/NT Logon Sessions
26
Scanning Steps (cont)
Enter IP address(es) to scan
27
Scanning Steps (cont)
Almost ready to start scanning!
Did you send out an message to the owners of the
machines being scanned?
28
Scanning Steps (cont)
Run Scan!
Time to complete scan can range from minutes to
an hours
  • Number and type of vulnerabilities chosen
  • Firewalling

29
Scanning Steps (cont)
30
Scanning Steps (cont)
Generate Report!
31
Scanning Steps (cont)
Can choose any past scan session
Stored in SQL database
32
Scanning Steps (cont)
Different formats available
33
Scanning Steps (cont)
Sample report entry
34
Scanning Steps (cont)
Report issues
  • False positives
  • Machine location and owner?

35
Case Studies
Examples of scanner use at UW-Madison?
  • Ad hoc scans
  • Self scans
  • Centralized scans
  • Web form scan requests

36
Case Studies (cont)
Ad hoc scans
  • DoIT Security does scans upon campus request
  • Useful in determining status of compromised
    machine

37
Case Studies (cont)
Self scans
  • Purchased a site license for Internet Scanner
  • Campus can request license keys via web form

38
Case Studies (cont)
Centralized scanning
We started a process in which we scan the campus
networks for well-known higher risk exposures
(100 items).
A best effort and supplemental service
Process consists of
  • Automated scanning
  • Identifying machine contacts
  • Emailing results

39
Case Studies (cont)
Review automated scanning
Scanning engine is Internet Scanner
Controlling linux machine
  • Issues scans to engines
  • Stores results

Middleware bridges scan engine and linux machine
Provided by security staff at Indiana
itso_at_indiana.edu
Explain by building
40
Case Studies (cont)
41
Case Studies (cont)
42
Case Studies (cont)
43
Case Studies (cont)
44
Case Studies (cont)
45
Case Studies (cont)
46
Case Studies (cont)
47
Case Studies (cont)
48
Case Studies (cont)
49
Case Studies (cont)
50
Case Studies (cont)
51
Case Studies (cont)
52
Case Studies (cont)
53
Case Studies (cont)
Controller automatically ran scans between
8am-3pm M-F
  • Ran in blocks of approximately 128 hosts
  • Took two weeks to complete

54
Case Studies (cont)
Get results out to campus!
Need contact information
Campus Whois database
55
Case Studies (cont)
Once had contact information we emailed alerts
56
Case Studies (cont)
Lessons learned?
  • Assisted to have procedure posted

57
Case Studies (cont)
Lessons learned?
  • Not perfect at identifying machines

dhcp, open network jacks, etc
  • False positives
  • Testing before scans was good!

Dictionary attacks lockout some machines
58
Case Studies (cont)
Web form scan requests
Built for WiscNet
Nessus scan engine
Results sent via email to the recipient
59
Case Studies (cont)
Nessus WiscNet Scan Request Form
60
Case Studies (cont)
Example email sent back to requestor
61
Case Studies (cont)
Future plans
  • Increased centralized scan frequency
  • Offer Internet Scanner and Nessus scans via web
    forms

62
Wrap-up
  • Background of vulnerability scanners
  • Scanning steps
  • Scanning case studies

Questions?
Write a Comment
User Comments (0)
About PowerShow.com