mis 5211.001 week 6 site:
TRANSCRIPT
![Page 1: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/1.jpg)
INTRO TO ETHICAL HACKING
MIS 5211.001Week 6
Site: http://community.mis.temple.edu/mis5211sec001f14
/
![Page 2: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/2.jpg)
MIS 5211.001 2
Career Fair
Received the following note:
![Page 3: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/3.jpg)
MIS 5211.001 3
Tonight's Plan
News from ISC2 and ASIS Conference In the news Nessus Next Week
![Page 4: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/4.jpg)
MIS 5211.001 4
In The News
Submitted http://
defensesystems.com/articles/2014/08/15/drones-can-hack-wifi-networks.aspx
http://www.fool.com/investing/general/2014/09/28/home-depot-vs-target-diy-centers-data-breach-was-w.aspx
http://www.scmagazine.com/reports-suggest-home-depot-was-hit-by-the-mozart-malware/article/373976/
http://www.forbes.com/sites/patrickmoorhead/2014/09/29/hewlett-packard-designates-printing-a-first-class-iot-security-platform/
![Page 5: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/5.jpg)
MIS 5211.001 5
In The News
More Bash
http://bits.blogs.nytimes.com/2014/09/26/companies-rush-to-fix-shellshock-software-bug-as-hackers-launch-thousands-of-attacks/?_php=true&_type=blogs&_r=0
https://access.redhat.com/announcements/1210053
http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html
http://www.itnews.com/exploits-vulnerabilities/84263/six-key-defenses-against-shellshock-attacks?source=ITNEWSNLE_nlt_itndaily_2014-09-30
![Page 6: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/6.jpg)
MIS 5211.001 6
In The News
More http://www.joystiq.com/2014/09/30/hackers-c
harged-with-xbox-one-valve-call-of-duty-data-theft/
http://www.ehackingnews.com/2014/09/data-breach-at-tripadvisors-viator.html
http://www.darkreading.com/application-security/how-a-major-bank-hacked-its-java-security/d/d-id/1316216?
http://www.waratek.com/Waratek/media/SiteMedia/Documentation/DataSheet-Waratek-Application-Security-vs-3.pdf
http://www.businessweek.com/news/2014-09-29/supervalu-finds-separate-data-breach-in-computer-network
![Page 7: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/7.jpg)
MIS 5211.001 7
In The News
More http://
www.informationweek.com/cloud/software-as-a-service/amazon-reboots-cloud-servers-xen-bug-blamed/d/d-id/1316093
![Page 8: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/8.jpg)
MIS 5211.001 8
In The News
What I noted http://arstechnica.com/apple/2014/09/apple-p
atches-shellshock-bash-bug-in-os-x-10-9-10-8-and-10-7/
https://threatpost.com/fbi-to-open-up-malware-investigator-portal-to-external-researchers/108590
http://www.dailydot.com/politics/tor-mozilla-firefox/
![Page 9: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/9.jpg)
MIS 5211.001 9
Nessus
Started in 1998 as an open source security scanning tool
Changed to a close sourced tool in 2005, but has remained “free” for personal use.
Surveys by sectools.org indicate Nessus remains the most popular vulnerability scanners
Not installed with Kali
![Page 10: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/10.jpg)
MIS 5211.001 10
The Nessus Server
Four basic parts to the Nessus server: Nessus-core Nessus-libraries Libnasl Nessus-plugins
![Page 11: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/11.jpg)
Plugins
Plugins are the scripts that perform the vulnerability tests.
NASL – This is the Nessus Attack Scripting Language which can be used to write your own plugins.
![Page 12: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/12.jpg)
Defining Targets
Hosts Server.domain.edu 172.21.1.2
Subnet 192.168.100.0
Address range 192.168.1.1-192.168.1.10
![Page 13: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/13.jpg)
Vulnerability Scanning
Scanning methods: Safe Destructive
Service recognition – Will determine what service is actually running on a particular port.
Handle multiple services – Will test a service if it appears on more then one port.
Will test multiple systems at the same time.
![Page 14: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/14.jpg)
Viewing Reports
Nessus will indicate the threat level for services or vulnerabilities it detects: Critical High Medium Low Informational
Description of vulnerability Risk factor CVE number
![Page 15: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/15.jpg)
Common Vulnerabilities and Exposures
CVE created by http://www.cve.mitre.org/ Attempting to standardize the names for
vulnerabilities. CVE search engine at http://icat.nist.gov/
![Page 16: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/16.jpg)
MIS 5211.001 16
Options
![Page 17: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/17.jpg)
MIS 5211.001 17
Options
http://www.tenable.com/products/nessus/select-your-operating-system
![Page 18: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/18.jpg)
MIS 5211.001 18
Nessus Sponsored Training
![Page 19: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/19.jpg)
MIS 5211.001 19
Certification Options
https://store.tenable.com/index.php?main_page=index&cPath=2
![Page 20: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/20.jpg)
MIS 5211.001 20
Architecture
Nessus is built on a classic client/server model.
The server portion may reside on a separate machine, or on the same machine as the client
The client is the interface that you will interact with to execute scans
![Page 21: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/21.jpg)
MIS 5211.001 21
Getting Nessus
Download from Tenable Security http://www.tenable.com/products/nessus/select-y
our-operating-system Before installing, go to registration page
and get the activation code http://www.tenable.com/products/nessus-home
Run the MSI package and follow the prompts
Install will also install PCAP and then take you to the registration page.
Enter activation code and follow the prompts to get updates and plugins
![Page 22: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/22.jpg)
MIS 5211.001 22
Documentation
Documentation for Nessus is available here: http://
static.tenable.com/documentation/nessus_4.2_user_guide.pdf
You will also get a link to this location during the install.
![Page 23: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/23.jpg)
MIS 5211.001 23
AV and Firewalls
You will need to turn off Anti-Virus and Firewall in order to get an effective scan or you will see this:
Before you do this, disconnect from any and all networks.
You will likely still get some blocking as AV doesn’t like to give up.
![Page 24: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/24.jpg)
MIS 5211.001 24
Location
Nessus is installed here:
![Page 25: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/25.jpg)
MIS 5211.001 25
Getting Started
You should end up looking at web page hosted from your machine.
Book mark the page to save time getting back
URL will look like this: https://localhost:8834/html5.html
![Page 26: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/26.jpg)
MIS 5211.001 26
SSL Warning
When you first go to site, you will need to click on continue to the website.:
![Page 27: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/27.jpg)
MIS 5211.001 27
Logging In
Start
![Page 28: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/28.jpg)
MIS 5211.001 28
Policies
Scans are based on policies, you will need to create that first.
![Page 29: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/29.jpg)
MIS 5211.001 29
Policies 2
Next
![Page 30: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/30.jpg)
MIS 5211.001 30
Policies 3
![Page 31: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/31.jpg)
MIS 5211.001 31
There are many more options
![Page 32: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/32.jpg)
MIS 5211.001 32
Creating A Scan
![Page 33: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/33.jpg)
MIS 5211.001 33
Scheduling A Scan
![Page 34: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/34.jpg)
MIS 5211.001 34
Scan Status
Once your scan has started you will see a status field like this:
![Page 35: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/35.jpg)
MIS 5211.001 35
Scan Status
Once completed you will get the following notification:
![Page 36: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/36.jpg)
MIS 5211.001 36
Output From First Scan
![Page 37: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/37.jpg)
MIS 5211.001 37
Clicking on scan gives details
![Page 38: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/38.jpg)
MIS 5211.001 38
Continuing to drill down
![Page 39: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/39.jpg)
MIS 5211.001 39
Good Information
Important to note:
Also
![Page 40: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/40.jpg)
MIS 5211.001 40
Criticality
Note on criticality The “Critical” risk
factor is without any mitigating controls being taken in to account
Vulnerabilities need to be evaluated in context
![Page 41: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/41.jpg)
MIS 5211.001 41
More on Results
These results were obtained, even though Anti-Virus continued blocking multiple techniques.
Consider setting up a scanning machine without any AV or Host Firewall.
![Page 42: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/42.jpg)
MIS 5211.001 42
Organizing Scans
In short order you will gather a large collection of scans
Use the built in folder system to move scans off of the main page
![Page 43: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/43.jpg)
MIS 5211.001 43
Don’t Forget the Info
![Page 44: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/44.jpg)
MIS 5211.001 44
Info Vulnerabilities
The least significant vulnerabilities are classified as “Info” or informational.
These are often very useful in understanding details of the asset being scanned.
![Page 45: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/45.jpg)
MIS 5211.001 45
For Instance
![Page 46: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/46.jpg)
MIS 5211.001 46
Next Week
Mid-Term Will cover weeks 1-5. Will not include
information from tonight Questions will come from the presentation
material Exam will be multiple choice
NetCatPotentially Batch Scripting
![Page 47: MIS 5211.001 Week 6 Site:](https://reader033.vdocuments.net/reader033/viewer/2022052603/56649e875503460f94b8b6ed/html5/thumbnails/47.jpg)
MIS 5211.001 47
Questions
?