VULNERABILITY ( CYBER SECURITY )

Birla Vishwakarma Mahavidyalaya
ET Department
Under the Guidance :
Prof. Ghanshyam Rathod
ET Department
Prepared By:-
Kashyap Mandaliya (140083112008)
CYBER SECURITY
1www.facebook.com/km5058

My topics.
# Overview of vulnerability scanning.
# Open port service identification.
# Version check
# Traffic probe
# Vulnerability probe
# Examples of vulnerability

OVERVIEW OF VULNERABILITY SCANNING
• WHAT IS A VULNERABILITY SCANNER?

The pictures
below show
the speed of
spread of
this worm
-please note
the times in
the lower left
corner.
http://www.caida.org/outreach/papers/2003/sapphire/sapphire.html

TYPES OF VULNERABILITY SCANNER
1. Network-based scanners
1.1. Port scanners
(Nmap : http://insecure.org/nmap)
1.2. Network vulnerability scanners
(Nessus http://www.nessus.org/nessus/)
1.3. Web server scanners
(Nikto : http://www.cirt.net/code/nikto.html)
1.4. Web application vulnerability scanners
(Paros :- http://parosproxy.org/index.html)
(Acunetix :- http://www.acunetix.com/Acunetix)

2. Host-based scanners
2.1. Host vulnerability scanners
- Microsoft Baseline Security Analyser (MBSA)
(http://www.microsoft.com/technet/security/tools/mbsahome)
- Altiris SecurityExpressions (commercial) :
(http://www.altiris.com/Products/SecurityExpressions.aspx)
3. Database scanners
- Scuba by Imperva Database Vulnerability Scanner:
(http://www.imperva.com/application_defense_center/scuba/default.a
sp)
- Shadow Database Scanner
(http://www.safety-lab.com/en/products/6.html)

1. Updating Frequency and Method of Plug-in Updates
2. Quality versus Quantity of Vulnerabilities Detected
3. Quality of Scanning Reports
→ CHOOSING A VULNERABILITY SCANNER
→ CONS
1. It allows early detection and handling of known
security problems.
2. A new device or even a new system may be
connected to the network without
authorisation.
3. A vulnerability scanner helps to verify the
inventory of all devices on the network.
→PROS
1. Snapshot only.
2. Human judgement is needed. 8www.facebook.com/km5058

OPEN PORT SERVICE IDENTIFICATION
For example a scanner could connect to:
port 1 - to see if tcpmux is running.
port 7 - to see if echo is running.
port 22 - to see if openssh is available.
port 25 - to see if smtp is available.
• If you're interesting in identifying which services use a given port you can look
at the file /etc/services - this has a port number, and an associated service
name.
• nmap also allows you to do more than simply list open ports though.
• Where possible it will identify the version of each identified service which is
running.
• It can also be used to identify the operating system the remote host is running,
by examining the variations the way different network packets are handled.

VERSION CHECK
1) -sV (Version detection)
2) -allports (Don't exclude any ports from
version detection)
3) -version-intensity <intensity> (Set version
scan intensity)
4) -version-all (Try every single probe)
5)- version-trace (Trace version scan activity)

Percentage wise vulnerabilty affection :-

Overall vulnerabilty population
discovered

So as can be seen, there has been on average, approximately 150
security vulnerabilities recorded per month over the last 2 years and
there is nothing to indicate that this trend will reduce in the future.

TRAFFIC PROBE
1) High-Speed Traffic Processing
2) Network Traffic Measurement
3) Network Intrusion Detection

High-Speed Traffic Processing
LAN and MAN have evolved over a considerable time span (the last 30
years) and encompass wired and wireless physical links and speeds from 1
Mb/s to 100 Gb/s.
According to DAG project (Wakaito) :- The total amount of data created
or replicated on the planet in 2010 was over 1 zettabyte (1 zettabyte is
1021 bytes) - that’s 143 GB for each of the 7 billion people on the planet.
This volume of information requires high-speed links between server
farms, cloud storage, and end users to make sure that it can be processed
in a timely and reliable fashion.” It will not be possible to analyse such
huge traffic volumes in the coming 100 GbE network installations with the
current generation of network measurement tools.
FPGA cards (intel 82599, Myri-10G Lanai Z8ES) are still used in
applications which perform in-depth analysis, patter matching, and low-
latency operations, and in 40/100 Gb/s networks.

Network Traffic Measurement
1) Full packet traces.
2) Flow statistics provide information from
Internet Protocol (IP).
3) Volume statistics are provided by most
network appliances for network
management.

Network Intrusion Detection
• The signature-based approach inspects
the evaluated content.
• Anomaly-based detection.
• Stateful protocol analysis.

VULNERABILTY PROBE
• Some security bugs can’t be identified without sending a payload
that exploits a suspected vulnerability.
• An easy-to-understand example of a vulnerability probe is an HTML
injection check for a web application. Imagine a web app that has a
search box for users to find text within its pages.
HTML EXAMPLE :-
<div id="search"><span class="results">Results for '<xss>'...</span>

EXAMPLE OF VULNERABILTY
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[512];
if (argc > 1)
strcpy(buffer,argv[1]) };
Minimalist vulnerable program.
Compile the program with the following command :
$ gcc -o vulnerable main.c

Czech National Research and Education Network
(CESNET) habilitation thesis presents research on :-
(i) Hardware-accelerated traffic processing
in high-speed networks.
(ii) Flow-based traffic measurement and analysis in large-
scale net-works
(iii) Network behavior analysis and anomaly detection
(iv) Traffic analysis of embedded network devices.

Important Note : please carefully review the
relevant terms and conditions before registering on
any website, as well as downloading and installing any
software. In addition, please note that running a
scanner tool can carry its own inherent risks (e.g. in the
case of denial of service scans, you may crash a
vulnerable server). It is necessary to plan and perform
the scanning carefully. Prior arrangement or
notification, such as management approval and/or
legal clearance has to be obtained. For obvious
reasons, never scan any network that is not your own.

REFERENCES
1.“Cyberpunk: Outlaws and hackers on the computer frontier”, published
by Simon & Schuster, (1991)
2. The spread of SQL Slammer -
(http://www.caida.org/outreach/papers/2003/sapphire/sapphire.html)
3. Script Kiddie tools http://www.landfield.com/isn/mail- archive/2001/Feb/0131.html
4. Examples of Malicious URL’s -http://www.theorygroup.com/Archive/Unisog/2002/msg00851.html
5. Example of a site offering Security Vulnerability notification service.
http://securitytracker.com/server/info?1245+learn/endusers.html
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
6. Site that provides information on numbers of vulnerabilities released.
http://www.securitystats.com/reports/Symantec-
Internet_Security_Threat_Report_vIII.20030201.pdf
7. Example of a company providing policy compliance tools. www.symantec.com
8. Examples of companies providing Vulnerability Scanners. www.nessus.org &
• http://www.saintcorporation.com/products/saint_engine.html
9. Example of a patch released by Microsoft.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/sec urity/bulletin/ms03-007.asp)
10. Examples of Nessus reports http://www.nessus.org/report/10_163_155_6/index.html
11. SANS / FBI top 20 list of vulnerabilities http://www.sans.org/top20/
12. RFC 2518 http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2518.html
13. Where to find port numbers defined http://www.iana.org/assignments/port-numbers
14.Auditors Guide to CyberSecurity Vulnerabilty and Penetration Testing.
Edgescan-Stats-Report
ibm_cyber_security_intelligenc_20450

THANK YOU

VULNERABILITY ( CYBER SECURITY )

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (13)

Semelhante a VULNERABILITY ( CYBER SECURITY )

Semelhante a VULNERABILITY ( CYBER SECURITY ) (20)

Último

Último (20)

VULNERABILITY ( CYBER SECURITY )