retina network security scanner by ajith u kamath 60-564 project

Retina Network Security Scanner

By

Ajith U Kamath

60-564 Project

AGENDA

• Introduction

• Installation procedure

• Features

• Test cases and results

• Points noted during testing

• Conclusion

INTRODUCTION

Importance of Network Security Scanner

Retina Network Security Scanner

INSTALLATION

System Requirements

Download from http://www.eeye.com/html/products/retina/download/index.html

Install

FEATURES – Retina Session

FEATURES (Cont…)

Discover Tab

Discover network machines

Customizable TCP, UDP, and ICMP discovery, OS detection, and general machine information

Retina can also be configured to discover active wireless devices

Additional IP’s with Retina licenses on the network

FEATURES (Cont…)

Target Types

FEATURES (Cont…)

Audit Tab

FEATURES (Cont…)

Modifying the Port Groups

• All Ports

• Discovery Ports

• HTTP Ports

• NetBIOS Ports

• Custom Ports added

FEATURES (Cont…)

Modifying Audit Groups All Audits

SANS20 [All]

SANS20 [Unix]

SANS20 [Windows]

Custom Audit Groups

Remediate Tab Generate reports used in remediation

management

Create customized reports

FEATURES (Cont…)

FEATURES (Cont…)

Configurations pane

Scan Jobs

Results

Report Tab Detailed information gathered by the

scanner

Customized reports

Report can be opened in MS Word or Internet Explorer

FEATURES (Cont…)

Network Configuration

TEST CASES AND RESULTS

Switch -1 Switch -2

137.207.234.57IBM Server

Red Hat Linux

`

137.207.234.119 Dell MachineWindows XP

`

137.207.234.151Windows 2000 Professional

100Mbps link

137.207.234.56IBM ServerWindows Server 2003

TEST CASES AND RESULTS

Test Case One Aim: To scan the ports on the windows

server.

Description: To run the complete scan of all the ports on the windows server.

Test Result: Passed

TEST CASES AND RESULTS

TEST CASES AND RESULTS

Test Case Two Aim: To scan the Red Hat Linux server and

match the result with other security tool.

Description: By comparing the result with other network security tool like GFI LANguard we can actually check whether the result produced by Retina Scanner is proper or it lacks in giving some information.

Test Result: Failed.

TEST CASES AND RESULTSThe result obtained from Retina

TEST CASES AND RESULTSThe result obtained from GFI LANguard

TEST CASES AND RESULTS

Test Case Three Aim: To test whether retina network scanner will detect

the users weak passwords Description: The user account in question could have a

password that is exactly the same as the account name except for it is backwards. Therefore an attacker could easily guess this password and gain access to your system via this account and then further their access into your network.

Test Condition: Created a user account ‘kamath’ with password as ‘htamak’ i.e. opposite to the user login name on 137.207.234.151 machine.

Test Result: Passed

TEST CASES AND RESULTS

TEST CASES AND RESULTS

Test Case Four Aim: To test the windows server 2003 for

CVE-2000-1200.

Description: Windows NT allows remote attackers to list all users in a domain by obtaining the domain security identifier (SID) with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.

Test Result: Passed

TEST CASES AND RESULTS

POINTS NOTED DURING TESTING

The results were not consistent in few test cases. The following diagrams shows while the network is discovered using the software.

POINTS NOTED DURING TESTING

In the following diagram, the Mac address for machine 137.207.234.151 is not displayed.

POINTS NOTED DURING TESTING

When the same machine is discovered again, Mac address is displayed.

POINTS NOTED DURING TESTING

The software was unstable during testing. When the link connecting to the destination went down while the retina was still scanning the machine, scanner hanged. The scanner was not responding for any commands. But the problem could not be reproduced when tested under the same conditions again.

Conclusion

The 2004 Readers' Choice Best Security Scanner award

User friendly interface

Many features included

Could not scan medium risk vulnerabilities when compared to other tools.