Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for...
-
Upload
elizabeth-brown -
Category
Documents
-
view
217 -
download
1
Transcript of Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for...
![Page 1: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/1.jpg)
Presentation_ID © 1999, Cisco Systems, Inc. Cisco Security Consulting
Assessing your Network for Vulnerabilities
Assessing your Network for Vulnerabilities
Danny Rodriguez
Network Security Engineer
![Page 2: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/2.jpg)
2Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
AgendaAgenda
• Why assess your Network?
• Define Assessment goals
• Assessment Methodology
• Break
• Common vulnerabilities
• Recent vulnerabilities
![Page 3: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/3.jpg)
3Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Why Assess your Network?Why Assess your Network?
• Fear of “CNN” moment
• Mandated by management
• Determine risk to Intrusion
• Measure effectiveness of safeguards
![Page 4: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/4.jpg)
4Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Why Assess your Network? (Cont.)
Why Assess your Network? (Cont.)
• To accurately map your network
• To identify vulnerabilities and countermeasures
• ...
![Page 5: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/5.jpg)
5Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Define Assessment goalsDefine Assessment goals
• What do you want to accomplish?
• Test effectiveness of current safeguards
• Measure staffs ability to detect and respond
• Discover vulnerabilities present
• Determine risk to Denial-of-Service
![Page 6: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/6.jpg)
Presentation_ID © 1999, Cisco Systems, Inc. Cisco Security Consulting
Assessment MethodologyAssessment Methodology
![Page 7: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/7.jpg)
7Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
SPA = External, Dial, Internal Analysis
SPA = External, Dial, Internal Analysis
WAN
Internet
Enterprise Network
External IP Assessment
Internal Network Assessment
External Dial Assessment
![Page 8: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/8.jpg)
8Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Dial MethodologyDial Methodology
• Discovery
– Dial phone numbers provided
– During normal business hours
– During off hours (weekends, nights)
– Identify phone numbers with carriers
![Page 9: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/9.jpg)
9Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Dial Methodology(Cont.)Dial Methodology(Cont.)
• Carrier Analysis
– Determine type of connected device
• router, PC, phone switch
– Determine type of remote control software
• pcAnywhere, ReachOut
![Page 10: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/10.jpg)
10Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Dial Methodology(Cont.)Dial Methodology(Cont.)
• Penetration
– Test authentication
• Digital lines often overlooked (ISDN, DSL)
![Page 11: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/11.jpg)
11Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Network Assessment Network Assessment
• Network Mapping
– Host and Service discovery
• Targeting
– Identifying potential vulnerabilities
• Exploitation
– Confirm potential vulnerabilities
![Page 12: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/12.jpg)
12Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Network MappingNetwork Mapping
• Build registered map
– Public info
• Whois database (InterNIC, ARIN)
• DNS High Zone transfers
![Page 13: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/13.jpg)
13Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Network Mapping (Cont.)Network Mapping (Cont.)
• Build electronic map
–“Live” hosts and active services
• ICMP Sweeps
• Port scans
– well know ports
– “blind” (not responding to ICMP)
![Page 14: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/14.jpg)
14Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Network Mapping (Cont.)Network Mapping (Cont.)
• Map of record
– Customer provided information
• Network topos
– Including ISP information
• Registered domain names
• Hosted web sites
![Page 15: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/15.jpg)
15Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
TargetingTargeting
• Banner analysis
– Host (login)
– Service (smtp, pop, http)
• Port correlation
• Identify potential vulnerabilities
![Page 16: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/16.jpg)
16Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
ExploitationExploitation
• Automated confirmation tools
• Manual confirmation
– “Mind” in the middle
• Secondary exploitation
– “Launch pad”
![Page 17: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/17.jpg)
Presentation_ID © 1999, Cisco Systems, Inc. Cisco Security Consulting
BreakBreak
![Page 18: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/18.jpg)
Presentation_ID © 1999, Cisco Systems, Inc. Cisco Security Consulting
Common Vulnerabilities
Common Vulnerabilities
![Page 19: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/19.jpg)
19Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Common vulnerabilitiesCommon vulnerabilities
• Passwords
• Dial-up
• Network Infrastructure
• Host based
• Service based
– HTTP, SMTP, FTP
![Page 20: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/20.jpg)
20Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
PasswordsPasswords
• Clear-Text
• “Null” passwords
• “Joe” passwords
• Weak passwords
![Page 21: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/21.jpg)
21Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
PasswordsPasswords
• No required length
• No aging
• No history
• Same password used for different access levels
![Page 22: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/22.jpg)
22Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Password RecommendationsPassword Recommendations
• Use encrypted passwords
• Develop a password policy
– Require a password
– Require a minimum length
• 7 alphanumeric
– Implement password history and aging
![Page 23: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/23.jpg)
23Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Passwords Recommendations (Cont.)
Passwords Recommendations (Cont.)
• Develop a password policy
– Require unique passwords be used for different levels of access
• “Crack” passwords routinely
– L0phtCrack and John the Ripper
![Page 24: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/24.jpg)
24Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Dial-upDial-up
• Unauthorized modems
• Poor authentication mechanism
• No logging
• Digital lines often not analyzed
![Page 25: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/25.jpg)
25Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Dial-up RecommendationsDial-up Recommendations
• Have strict policies and procedures
• Centralize modem pool
• Implement proper authentication mechanism
• Adequate logging
• Include Digital lines in assessment
![Page 26: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/26.jpg)
26Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Network InfrastructureNetwork Infrastructure
• Unfiltered network traffic
• Remote management not restricted
• Susceptible to “sniffers”
• Susceptible to session hijacking
![Page 27: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/27.jpg)
27Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Network InfrastructureNetwork Infrastructure
• Guessable SNMP community strings
– public, private, system, read, write
• Extranet connections
– vendors, partners
• No logging
![Page 28: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/28.jpg)
28Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Network Infrastructure: Recommendations
Network Infrastructure: Recommendations
• Determine what network traffic should be allowed IN and OUT (policy)
• Restrict remote access only to authorized management workstations
• Determine if encryption is an option
• Implement a switched network
![Page 29: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/29.jpg)
29Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Network Infrastructure: Recommendations (Cont.)
Network Infrastructure: Recommendations (Cont.)
• Adequate logging
– Log to external device (syslog)
• Use “good” snmp community strings
• Designate SNMP host servers
• Identify and properly segment extranet connections
![Page 30: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/30.jpg)
30Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Host basedHost based
• Unnecessary Services
• Incorrect file permissions
• Trust relationships
• Log files not reviewed
• No logging
![Page 31: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/31.jpg)
31Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Windows Windows
• Accessible shares to “Everyone”
• No logging
– Disabled by default in Windows NT
• WinNT NTFS not being utilized
• Domain Admin and Local Admin password the same
![Page 32: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/32.jpg)
32Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Windows (Cont.) Windows (Cont.)
• Anonymous user connection
• Ability for any user to submit a “AT” job
• Access to backup SAM file
• Misconfigured domain trust relationship
![Page 33: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/33.jpg)
33Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Windows RecommendationsWindows Recommendations
• Apply latest service packs, where applicable
• Adequate logging
• Set correct file permissions
– shares
– sensitive system files
• backup SAM
![Page 34: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/34.jpg)
34Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Windows Recommendations (Cont.)
Windows Recommendations (Cont.)
• Format WinNT system as NTFS
• Use different passwords for Domain Admin and Local Admin accounts
• Implement registry edits for:
Anonymous user connection
AT job submission
• Properly design NT domain Trusts
![Page 35: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/35.jpg)
35Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
UnixUnix
• Incorrect file permissions
• Log files not reviewed
• Unnecessary services
R-services: rsh, rlogin, rexec
echo, discard, finger, rpc
![Page 36: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/36.jpg)
36Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Unix (Cont.)Unix (Cont.)
• setuid programs
• Misconfigured NFS servers
• Trust relationships
• World readable password file
• Access to X-Windows*
![Page 37: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/37.jpg)
37Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Unix RecommendationsUnix Recommendations
• Implement system auditing tools
– tripwire, logcheck
• Implement host based access control
– tcpwrappers
• Replace R-services with SSH implementation
![Page 38: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/38.jpg)
38Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Unix Recommendations (Cont.)
Unix Recommendations (Cont.)
• Identify and remove setuid programs that are not needed
– $find / -perm -4000 -print
• Implement proper NFS access controls
– Host and file permissions
![Page 39: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/39.jpg)
39Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Unix Recommendations (Cont.)
Unix Recommendations (Cont.)
• Determine need for trust relationships
• Enforce X-Windows access control
• Implement shadow passwords
– pwconv
![Page 40: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/40.jpg)
40Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
NovellNovell
• Accounts with “Null” password
• Access to management tools
– RCONSOLE
– NWAMDIN, SYSCON
![Page 41: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/41.jpg)
41Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Novell (Cont.)Novell (Cont.)
• Access to SYSTEM and ETC file systems
• Weak RCONSOLE passwords
• No logging
![Page 42: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/42.jpg)
42Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Novell RecommendationsNovell Recommendations
• Require passwords
• Restrict access to system files and management tools
• Determine need for RCONSOLE
![Page 43: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/43.jpg)
43Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Novell Recommendations (Cont.)
Novell Recommendations (Cont.)
• Implement encrypted RCONSOLE password mechanism
• Choose “good” RCONSOLE password
• Adequate logging
![Page 44: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/44.jpg)
44Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Common Service Vulnerabilities
Common Service Vulnerabilities
• HTTP (Web)
– Apache, Netscape, MS IIS
• SMTP (Mail)
– Sendmail, MS Exchange
• FTP
– wu-ftp, ProFTP, MS FTP
![Page 45: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/45.jpg)
45Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
HTTP Vulnerabilities HTTP Vulnerabilities
• Access to cgi-bin, scripts directory
• Sample scripts
• PUT Method
• Buffer overflow
– MS IIS
![Page 46: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/46.jpg)
46Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
SMTP Vulnerabilities SMTP Vulnerabilities
• Mail Relay
• SPAM
• Old sendmail versions
– remote “root” exploit
![Page 47: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/47.jpg)
47Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
FTP VulnerabilitiesFTP Vulnerabilities
• Anonymous FTP
– Read/Write permissions incorrect
• Misconfigured “root” directory
– Allows access to entire file system
• Ability to perform “bounce” port scan
![Page 48: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/48.jpg)
48Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Recent VulnerabilitiesRecent Vulnerabilities
• Windows
– MS IIS (DoS attack)
– MS Office ODBC
• Linux
– crond, libtermcap, wu-ftpd
![Page 49: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/49.jpg)
49Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsultingCisco Security Consulting
Recent Vulnerabilities (Cont.)Recent Vulnerabilities (Cont.)
• Solaris
– Calendar program (rpc.cmsd)
• HTTP
– cgi script allowed access to HotMail accounts
![Page 50: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/50.jpg)
Presentation_ID © 1999, Cisco Systems, Inc. Cisco Security Consulting
QuestionsQuestions
![Page 51: Presentation _ID © 1999, Cisco Systems, Inc. Cisco Security Consulting Assessing your Network for Vulnerabilities Danny Rodriguez Network Security Engineer.](https://reader038.fdocuments.us/reader038/viewer/2022103005/56649d895503460f94a6e914/html5/thumbnails/51.jpg)
51Presentation_ID © 1999, Cisco Systems, Inc. www.cisco.com/go/securityconsulting