Netwrok Vulnerability
-
Upload
seema-kotalwar -
Category
Documents
-
view
221 -
download
0
Transcript of Netwrok Vulnerability
-
7/27/2019 Netwrok Vulnerability
1/14
NETWORK
VULNERABILITY
SCANNING
By:-
Prachee Ratnaparkhi
MSc-II, Roll.No. 17
-
7/27/2019 Netwrok Vulnerability
2/14
CONTENTS
Vulnerability Assessment
Vulnerability Scanning
Types of Vulnerability Scanning
Tools used
-
7/27/2019 Netwrok Vulnerability
3/14
VULNERABILITY ASSESSMENT
A comprehensive check of the physical weaknesses in computers &
networks as well as in work practices and procedures.
WHAT IT DOES.???
Identifies potential risks and many exposures
Develops strategies for dealing with them
To protect your networkTo learn strengths and weaknesses
To protect your commercial information
To comply with data security standards.
-
7/27/2019 Netwrok Vulnerability
4/14
VULNERABILITY SCANNING
Vulnerability scanning can be used by individuals or network administrators
for security purposes, or it can be used by hackers attempting to gain
unauthorized access to computer systems.
Helps you to secure your own network or it can be used by the bad guys to
identify weaknesses in your system to mount an attack against.
The idea is foryouto use these tools to identify and fix these
weaknesses before the bad guys use them against you.The goal of running a vulnerability scanner is to identify devices on your
network that are open to known vulnerabilities. Different scanners
accomplish this goal through different means. Some work better than others.
-
7/27/2019 Netwrok Vulnerability
5/14
TYPES OF VULNERABILITY
SCANNERS
Port Scanner: Probes a server or host for open portsNetwork Enumerator: A computer program used to retrieve information aboutusers and groups on networked computers
Network Vulnerability Scanner: A system that proactively scans for networkvulnerabilities
Web Application Security Scanner: A program that communicates with a Webapplication to find potential vulnerabilities within the application or its architecture
Computer Worm: A type of self-replicated computer malware, which can be usedto find out vulnerabilities
Common Gateway Interface (CGI) Scanner: An automated security program thatscans Web servers and application software for vulnerabilities
-
7/27/2019 Netwrok Vulnerability
6/14
TOOLS USED
AVAILABLE VULNERABILTIY SCANNERS:
Nessus
Nmap
Gui Lan Guard
COMMERCIAL VULNERABILITY SCANNER packages:
ISS Internet Scanner (http://www.iss.net)
eEye Retina (http://www.eeye.com)
Qualys Guard (http://www.qualys.com)
Matta Colossus (http://www.trustmatta.com)
SAINT Scanner
(http://www.saintcorporation.com/solutions/vulnerabilityScan.html)
-
7/27/2019 Netwrok Vulnerability
7/14
NESSUS: STEP 1.
-
7/27/2019 Netwrok Vulnerability
8/14
STEP 2.
-
7/27/2019 Netwrok Vulnerability
9/14
STEP 3.
-
7/27/2019 Netwrok Vulnerability
10/14
STEP 4.
-
7/27/2019 Netwrok Vulnerability
11/14
STEP 5.
-
7/27/2019 Netwrok Vulnerability
12/14
STEP 6.
-
7/27/2019 Netwrok Vulnerability
13/14
NESSUS reports are still in controversy, and further
research on its acceptability is still going on ..
Another alternative which an intruder would use in
finding out the open ports, is that of NMAP Lets see it
LIVE..!!!!!!
-
7/27/2019 Netwrok Vulnerability
14/14
REFERENCES:
1. http://www.techopedia.com/definition/4160/vulnerability-scanning
2. http://netsecurity.about.com/cs/hackertools/a/aa030404.htm
3. http://www.saintcorporation.com/solutions/vulnerabilityScan.html
4. Network Security Assessment, Second Edition by Chris McNab
THANK YOU