SlideShare uma empresa Scribd logo

J_McConnell_LabReconnaissance

Transferir como PPTX, PDF
Juanita McConnell
Juanita McConnell
1 de 19
Introduction to Information Systems Security (IT255P) Performing Reconnaissance and Probing Using Common Tools (2015)
Performing Reconnaissance and Probing Using Common Tools (2015) Juanita M. McConnell Computer Network Systems ITT Technical Institute, Philadelphia, PA 19106 Contact: JMcConnell152@email.itt-tech.edu
Cybercriminals and hackers have a great advantage over Information Technology (IT) Professionals specializing in Security. Unlike IT security experts hackers do not need to study networks and networking protocols in great depth. They typically have to make one clean attack on a network to do damage, i.e. one vulnerability or knowledge of a tool that attacks specific vulnerabilities. Approximately every two years, IT routinely changes to prevent attacks and improve manageability. Patches and updates are performed on computer hardware and software, on the seemingly daily or weekly basis. IT is a field that will forever be on developmental mode. This adversity does not stop thousands of workers from entering the field each year. Similar to police officers, medical professionals, and especially the military who combat hardships on a defensive front everyday, IT experts are committed to protecting liberty, prosperity and assets in our technological world.
When cybercriminals and hackers attempt to attack a network, they engage in what can be described as a 5-step method which includes:  Reconnaissance – Choosing or identifying a target and gathering any available information.  Scanning – Using tools to scan a network and monitoring the connection.  Vulnerability Analysis – Preparing for the attack ~ the when, the where, the how and what to be gained.  Exploitation – The actual attack.  Post-Activities – Gathering and/or distributing data, assets or preparing for additional harmful attacks such as a backdoor to a system.
The focus of this project is Reconnaissance. Reconnaissance is the process in which hackers identify a target and acquire any and all information about the target. They will scan a network to identify Internet Protocol (IP) hosts, open ports, and services, enabled on servers and work stations. In this project, I identify several common programs that hackers use to identify vulnerabilities in a given network. Focus
Learning Objectives and Outcomes 5. Explain how attackers use common network scanning and analysis tools to compromise networks. 1. Explore common network scanning and analysis tools. 2. Perform network reconnaissance and probing on the machines in the Virtual Security Cloud Lab (VSCL). 3. Use Zenmap to perform an Intense scan on a entire subnetwork (172.30.0/24). 4. Create a Fisheye Bubble Chart to explain the relationships between devices on a network.
Common Tools Used to Scan Networks
Wireshark is a protocol analyzer tool, also known as a “packet sniffer.” It is used to aid other programs in capturing Internet Protocol (IP) traffic. Wireshark A packet is the unit of data that is travels from one place to another on the Internet.
• A data analyst will use Wireshark to ping a network and subsequently capture traffic packets using Internet Control Message Protocol (ICMP). • In this screen capture, I was able to show data traffic using a Virtual Student Cloud Environment on network 172.30.0.10. Capturing Traffic Packets on a Network
NetWitness Investigator is an application that allows you to view, analyze, and compare packets captured by Wireshark and other similar traffic monitoring programs. It can recognize and order IP addresses, Web addresses, E-mail addresses, User accounts, and actions such as logins, sendtos, sendfroms, attachments etc. NetWitness Investigator
OpenVAS OpenVAS is a program that performs remote scans and audits of systems like UNIX, network infrastructures. It can also perform network discovery on operating systems, databases, devices, applications, and services running on theses systems. It is furnished with a Greenbone Security Assistant program guide for ease of use.
FileZilla FileZilla is an application that is used to transfer files using File Transfer Protocol (FTP) on remote workstations.
Tftpd64 Tftpd64 is another application that is used to transfer files using File Transfer Protocol (FTP) on remote workstations.
PuTTy PuTTY is another type of file transfer application, terminal emulator, and serial console. PuTTY uses the Secure Shell (SSH) protocol to access remote computer in a secure fashion. The Linux Command terminal shell window is launched upon connection. The following images depict command-line access on the Linux and Cisco terminals and a PuTTY configuration window.
Zenmap Zenmap is program that scans networks and performs a targeted IP subnetwork Intense Scan which identifies what hosts are available on the network including services such as applications (name and version), operating systems (name and version) and what security features are in place including packet filters and fire walls. The image features a ZenMap ping Scan. A host is a system that contains data. Also defined as a computer or electronic device that has, sends, or receives information over the Internet.
Fisheye Bubble Topology Chart of IP Hosts on Network 172.30.0.10. • A bubble chart is a type of graph used to show relationships, by size, of different variables across an XY axis. • A fisheye lens is a tool that can be used to change the shape and orientation of the graph. • A fisheye bubble chart combines the two features. This topology identifies the hosts on network 172.30.0.10 and the level of activity from each host in relation to one another. Activity includes several variables across the XY axis i.e. Web addresses, E-mail addresses, User Accounts, and actions such as logins, sendtos, sendfroms, attachments etc. Network 172.30.0.10 has the greatest threats followed by the networks with yellow circles, followed by the ones with green circles.
Summary There are many programs to use when scanning a network for vulnerabilities. I have identified several applications and programs including WireShark, NetWitness Investigator, OpenVAS, FileZilla, Tftpd64, PuTTy, Zenmap. These programs are used interchangeably to handle different functions of the scanning process. First, WireShark is used to take a detailed picture or scan of a given network. Second, the files that Wireshark has gathered are then analyzed by programs such as NetWitness Investigator to identify vulnerabilities into more easily recognizable terms such as, web addresses, email addresses, users accounts etc. OpenVAS is a program that is able to scan networks from a remote location. Secondary programs such as FileZilla and Tftpd64 are able to transfer files collected by OpenVAS in a secure manner.
Summary continued… PuTTY is another file transfer program that is able work across the board in terms of different operating systems like Windows and various version of Linux. PuTTy uses Linux command terminals and Cisco operating systems to fulfill its versatile capabilities in file transfers. Last but not least is Zenmap, which is a program designed to scan networks revealing specific program names and versions Zenmap is even able to expose precise information about network firewalls! The use of topology charts such as Fisheye charts are an easy tool to use when presenting network findings in a meeting. Identifying common network scanning tools and how to use them is a great start to protecting a network. If at any time a data analyst is able to find vulnerabilities before a cybercriminal or hacker does than, that is a day for a short celebration and boost of energy for the next challenge.
THE END Author Note Juanita M. McConnell, Computer Network Systems, ITT Technical Institute. Juanita McConnell is a student at ITT Technical Institute studying Computer Networking, Computer Infrastructure and Computer Programming. Correspondence concerning this PowerPoint should be addressed to Juanita McConnell, Computer Network Systems, ITT Technical Institute, 105 South 7th St., Suite 100 Philadelphia, PA 19106 Contact: JMcConnell152@email.itt-tech.edu Introduction to Information Systems Security (IT255P) Performing Reconnaissance and Probing Using Common Tools (2015) The information used in this presentation was derived from Lab Assignment Reconnaissance by ITT Technical Institute IT255P course curriculum.

Recomendados

Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensicsSreekanth Narendran
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 

Recomendados

Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensicsSreekanth Narendran
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
Ch14 Desktop Protection
Ch14 Desktop ProtectionCh14 Desktop Protection
Ch14 Desktop Protectionphanleson
 
Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
Detecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsDetecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsCSCJournals
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systemsijsrd.com
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Deris Stiawan
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsVenkata Sreeram
 
Network security
Network security Network security
Network securityVikas Jagtap
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Firewalls
FirewallsFirewalls
FirewallsShreya Singireddy
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkOkehie Collins
 
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
 
Botnets' networks
Botnets' networksBotnets' networks
Botnets' networksBederna Zsolt
 
Intrusion prevention systems
Intrusion prevention systemsIntrusion prevention systems
Intrusion prevention systemssamis
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...International Journal of Engineering Inventions www.ijeijournal.com
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)Wail Hassan
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptxImXaib
 

Mais conteúdo relacionado

Mais procurados

Ch14 Desktop Protection
Ch14 Desktop ProtectionCh14 Desktop Protection
Ch14 Desktop Protectionphanleson
 
Detecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsDetecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsCSCJournals
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systemsijsrd.com
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Deris Stiawan
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsVenkata Sreeram
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkOkehie Collins
 
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
 
Intrusion prevention systems
Intrusion prevention systemsIntrusion prevention systems
Intrusion prevention systemssamis
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 

Mais procurados (20)

Ch14 Desktop Protection
Ch14 Desktop ProtectionCh14 Desktop Protection
Ch14 Desktop Protection
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Detecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsDetecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection Systems
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systems
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System
 
Combating cyber security through forensic investigation tools
Combating cyber security through forensic investigation toolsCombating cyber security through forensic investigation tools
Combating cyber security through forensic investigation tools
 
Network security
Network security Network security
Network security
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
Firewalls
FirewallsFirewalls
Firewalls
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
 
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
 
Botnets' networks
Botnets' networksBotnets' networks
Botnets' networks
 
Intrusion prevention systems
Intrusion prevention systemsIntrusion prevention systems
Intrusion prevention systems
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data Mining
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 

Semelhante a J_McConnell_LabReconnaissance

Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)Wail Hassan
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptxImXaib
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control AddressAngie Lee
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...IJCNCJournal
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...IJORCS
 
IRJET- Comparative Study on Network Monitoring Tools of Nagios Versus Hyp...
IRJET- Comparative Study on Network Monitoring Tools of Nagios Versus Hyp...IRJET- Comparative Study on Network Monitoring Tools of Nagios Versus Hyp...
IRJET- Comparative Study on Network Monitoring Tools of Nagios Versus Hyp...IRJET Journal
 
Topic Since information extracted from router or switch interfaces.docx
Topic Since information extracted from router or switch interfaces.docxTopic Since information extracted from router or switch interfaces.docx
Topic Since information extracted from router or switch interfaces.docxjuliennehar
 
Packet Forging over LAN
Packet Forging over LANPacket Forging over LAN
Packet Forging over LANABHIJEET SINGH
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxwillcoxjanay
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 

Semelhante a J_McConnell_LabReconnaissance (20)

Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptx
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
IRJET- Comparative Study on Network Monitoring Tools of Nagios Versus Hyp...
IRJET- Comparative Study on Network Monitoring Tools of Nagios Versus Hyp...IRJET- Comparative Study on Network Monitoring Tools of Nagios Versus Hyp...
IRJET- Comparative Study on Network Monitoring Tools of Nagios Versus Hyp...
 
Assingment 5 - ENSA
Assingment 5 - ENSAAssingment 5 - ENSA
Assingment 5 - ENSA
 
Topic Since information extracted from router or switch interfaces.docx
Topic Since information extracted from router or switch interfaces.docxTopic Since information extracted from router or switch interfaces.docx
Topic Since information extracted from router or switch interfaces.docx
 
Packet Forging over LAN
Packet Forging over LANPacket Forging over LAN
Packet Forging over LAN
 
Forensic tools
Forensic toolsForensic tools
Forensic tools
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
169
169169
169
 

J_McConnell_LabReconnaissance

  • 1. Introduction to Information Systems Security (IT255P) Performing Reconnaissance and Probing Using Common Tools (2015)
  • 2. Performing Reconnaissance and Probing Using Common Tools (2015) Juanita M. McConnell Computer Network Systems ITT Technical Institute, Philadelphia, PA 19106 Contact: JMcConnell152@email.itt-tech.edu
  • 3. Cybercriminals and hackers have a great advantage over Information Technology (IT) Professionals specializing in Security. Unlike IT security experts hackers do not need to study networks and networking protocols in great depth. They typically have to make one clean attack on a network to do damage, i.e. one vulnerability or knowledge of a tool that attacks specific vulnerabilities. Approximately every two years, IT routinely changes to prevent attacks and improve manageability. Patches and updates are performed on computer hardware and software, on the seemingly daily or weekly basis. IT is a field that will forever be on developmental mode. This adversity does not stop thousands of workers from entering the field each year. Similar to police officers, medical professionals, and especially the military who combat hardships on a defensive front everyday, IT experts are committed to protecting liberty, prosperity and assets in our technological world.
  • 4. When cybercriminals and hackers attempt to attack a network, they engage in what can be described as a 5-step method which includes:  Reconnaissance – Choosing or identifying a target and gathering any available information.  Scanning – Using tools to scan a network and monitoring the connection.  Vulnerability Analysis – Preparing for the attack ~ the when, the where, the how and what to be gained.  Exploitation – The actual attack.  Post-Activities – Gathering and/or distributing data, assets or preparing for additional harmful attacks such as a backdoor to a system.
  • 5. The focus of this project is Reconnaissance. Reconnaissance is the process in which hackers identify a target and acquire any and all information about the target. They will scan a network to identify Internet Protocol (IP) hosts, open ports, and services, enabled on servers and work stations. In this project, I identify several common programs that hackers use to identify vulnerabilities in a given network. Focus
  • 6. Learning Objectives and Outcomes 5. Explain how attackers use common network scanning and analysis tools to compromise networks. 1. Explore common network scanning and analysis tools. 2. Perform network reconnaissance and probing on the machines in the Virtual Security Cloud Lab (VSCL). 3. Use Zenmap to perform an Intense scan on a entire subnetwork (172.30.0/24). 4. Create a Fisheye Bubble Chart to explain the relationships between devices on a network.
  • 7. Common Tools Used to Scan Networks
  • 8. Wireshark is a protocol analyzer tool, also known as a “packet sniffer.” It is used to aid other programs in capturing Internet Protocol (IP) traffic. Wireshark A packet is the unit of data that is travels from one place to another on the Internet.
  • 9. • A data analyst will use Wireshark to ping a network and subsequently capture traffic packets using Internet Control Message Protocol (ICMP). • In this screen capture, I was able to show data traffic using a Virtual Student Cloud Environment on network 172.30.0.10. Capturing Traffic Packets on a Network
  • 10. NetWitness Investigator is an application that allows you to view, analyze, and compare packets captured by Wireshark and other similar traffic monitoring programs. It can recognize and order IP addresses, Web addresses, E-mail addresses, User accounts, and actions such as logins, sendtos, sendfroms, attachments etc. NetWitness Investigator
  • 11. OpenVAS OpenVAS is a program that performs remote scans and audits of systems like UNIX, network infrastructures. It can also perform network discovery on operating systems, databases, devices, applications, and services running on theses systems. It is furnished with a Greenbone Security Assistant program guide for ease of use.
  • 12. FileZilla FileZilla is an application that is used to transfer files using File Transfer Protocol (FTP) on remote workstations.
  • 13. Tftpd64 Tftpd64 is another application that is used to transfer files using File Transfer Protocol (FTP) on remote workstations.
  • 14. PuTTy PuTTY is another type of file transfer application, terminal emulator, and serial console. PuTTY uses the Secure Shell (SSH) protocol to access remote computer in a secure fashion. The Linux Command terminal shell window is launched upon connection. The following images depict command-line access on the Linux and Cisco terminals and a PuTTY configuration window.
  • 15. Zenmap Zenmap is program that scans networks and performs a targeted IP subnetwork Intense Scan which identifies what hosts are available on the network including services such as applications (name and version), operating systems (name and version) and what security features are in place including packet filters and fire walls. The image features a ZenMap ping Scan. A host is a system that contains data. Also defined as a computer or electronic device that has, sends, or receives information over the Internet.
  • 16. Fisheye Bubble Topology Chart of IP Hosts on Network 172.30.0.10. • A bubble chart is a type of graph used to show relationships, by size, of different variables across an XY axis. • A fisheye lens is a tool that can be used to change the shape and orientation of the graph. • A fisheye bubble chart combines the two features. This topology identifies the hosts on network 172.30.0.10 and the level of activity from each host in relation to one another. Activity includes several variables across the XY axis i.e. Web addresses, E-mail addresses, User Accounts, and actions such as logins, sendtos, sendfroms, attachments etc. Network 172.30.0.10 has the greatest threats followed by the networks with yellow circles, followed by the ones with green circles.
  • 17. Summary There are many programs to use when scanning a network for vulnerabilities. I have identified several applications and programs including WireShark, NetWitness Investigator, OpenVAS, FileZilla, Tftpd64, PuTTy, Zenmap. These programs are used interchangeably to handle different functions of the scanning process. First, WireShark is used to take a detailed picture or scan of a given network. Second, the files that Wireshark has gathered are then analyzed by programs such as NetWitness Investigator to identify vulnerabilities into more easily recognizable terms such as, web addresses, email addresses, users accounts etc. OpenVAS is a program that is able to scan networks from a remote location. Secondary programs such as FileZilla and Tftpd64 are able to transfer files collected by OpenVAS in a secure manner.
  • 18. Summary continued… PuTTY is another file transfer program that is able work across the board in terms of different operating systems like Windows and various version of Linux. PuTTy uses Linux command terminals and Cisco operating systems to fulfill its versatile capabilities in file transfers. Last but not least is Zenmap, which is a program designed to scan networks revealing specific program names and versions Zenmap is even able to expose precise information about network firewalls! The use of topology charts such as Fisheye charts are an easy tool to use when presenting network findings in a meeting. Identifying common network scanning tools and how to use them is a great start to protecting a network. If at any time a data analyst is able to find vulnerabilities before a cybercriminal or hacker does than, that is a day for a short celebration and boost of energy for the next challenge.
  • 19. THE END Author Note Juanita M. McConnell, Computer Network Systems, ITT Technical Institute. Juanita McConnell is a student at ITT Technical Institute studying Computer Networking, Computer Infrastructure and Computer Programming. Correspondence concerning this PowerPoint should be addressed to Juanita McConnell, Computer Network Systems, ITT Technical Institute, 105 South 7th St., Suite 100 Philadelphia, PA 19106 Contact: JMcConnell152@email.itt-tech.edu Introduction to Information Systems Security (IT255P) Performing Reconnaissance and Probing Using Common Tools (2015) The information used in this presentation was derived from Lab Assignment Reconnaissance by ITT Technical Institute IT255P course curriculum.