ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 2

1
ORGANISATIONAL SYSTEMS SECURITYUnit 15 Lecture 2

• NETWORK ANALYSIS SOFTWARE

2
Learning Objectives

• EXAMPLES OF NETWORK ANALYSIS SOFTWARE
• Ettercap
• Wireshark (Ethereal)
• NMap
• Angry IP Scanner

3
Ettercap(Primary ARP Poisoning Tool)

• Can intercept traffic on a network segment
• Can capture passwords conduct Man in the Middle
  attacks
• Filters data packets by IP addresses or MAC
  addresses
• ARP poisoning (MIM) between victims hosts
• OS fingerprinting of victims Killing of
  connections
• Passive scanning of hosts information
• Find other poisoners on the network

4
WIRESHARK (Ethereal)

• Free packet sniffer application
• Protocol scanner looking at data packets
• Used in the detection of Keyloggers
• See all traffic passed over a network or outgoing
  traffic from a computer
• Network Troubleshooting Analysis

5
NMAP

• Network Security Scanner
• Deep probe scanner to reveal information about a
  device
• Creates a map of the network computers
  services
• Can discover passive services not advertised
• Port Scanning O/S detection of network devices
• Audit the security of a computer or network

6
ANGRY IP SCANNER

• Fast visual scanner looking at a large range of
  IP addresses
• Can check TCP ports during scan
• Can also display NetBios and device information

7
Internal External Threats
Internal Threats External Threats
Use of Scanners Virus Attacks
Man in the Middle attacks Trojan Horses
Magic Disk tactics Worms
Keylogging Hacking via Piggybacking, Tunnels Probes
Forging Data
Phishing Identity Theft
8
Unauthorised Access Internal Threats

• Scanners
• Establish what methods may be used to attack a
  system
• Scan a range of IP addresses active or passive
  (can map to a domain name)
• Check TCP ports open closed
• Deep Probe Useful information about any device
• Wireless Systems scanner establish access
  points within range (Retina Network Security
  Scanner)