Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital...
-
Upload
theresa-howard -
Category
Documents
-
view
214 -
download
1
Transcript of Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital...
![Page 1: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/1.jpg)
Vulnerability AssessmentUsing SAINT
Jane Lemmer
Information Security Specialist
World Wide Digital Security, Inc.
![Page 2: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/2.jpg)
June 16, 1999 2
Outline
The Problem
The First Solution
The Second Solution
Other Uses for SAINT
What’s Next
Conclusions
![Page 3: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/3.jpg)
June 16, 1999 3
The Problem
Large network 7 Class B subnets, over 20 Class C subnets
No central management
Some resistance to “outsiders”
How do we do a vulnerability assessment?
![Page 4: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/4.jpg)
June 16, 1999 4
The First Solution
The Scanning Tool
The Scanning Method
Results
Problems
Lessons Learned
![Page 5: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/5.jpg)
June 16, 1999 5
The First Solution
Conducted a comparison of several network based vulnerability assessment tools
Internet Security Scanner Kane Security Analyst SATAN Nessus, and a few others
The Scanning Tool
![Page 6: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/6.jpg)
June 16, 1999 6
The First Solution
Chose SATAN, with COAST extensions free fairly easy to use sufficient for providing a first look at overall
network vulnerability
The Scanning Tool
![Page 7: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/7.jpg)
June 16, 1999 7
The First Solution
The Scanning Method
![Page 8: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/8.jpg)
June 16, 1999 8
The First Solution
Results
Lasted three weeks
Approximately 20,000 potential hosts interrogated
Found about 5,000 hosts with services
Inexpensive (almost automatic)
![Page 9: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/9.jpg)
June 16, 1999 9
The First Solution
Took almost a month to process the results into a useable format
Missed many hosts (DHCP, hosts not in DNS, especially Linux boxes)
Organizational problems (results not getting to the right people)
Scapegoats for a host of network problems
Problems
![Page 10: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/10.jpg)
June 16, 1999 10
The First Solution
DNS method is not finding all the hosts
SATAN is not current
Report generation takes too long
We need the following: a new scanning tool a new scanning method a new reporting method
Lessons Learned
![Page 11: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/11.jpg)
June 16, 1999 11
The Second Solution
The Scanning Tool
The Scanning Method
Results
Problems
Lessons Learned
![Page 12: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/12.jpg)
June 16, 1999 12
The Second Solution
An updated version of SATAN Added many new tests Added a new attack level Changed how vulnerable services are categorized Works in firewalled environments Identifies Windows boxes Developed extensive tutorials for each vulnerable service Developed an in-house tool to help with reports
The Scanning Tool
![Page 13: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/13.jpg)
June 16, 1999 13
The Second Solution
The three “r” services (rlogin, rshell, rexec) Vulnerable CGIs IMAP vulnerabilities SMB open shares Back Orifice and NetBus ToolTalk Vulnerable DNS servers rpc.statd service UDP echo and/or chargen IRC chat relays
The Scanning Tool
![Page 14: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/14.jpg)
June 16, 1999 14
The Second Solution
The Scanning Method
![Page 15: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/15.jpg)
June 16, 1999 15
The Second Solution
Results
Lasted two months
Almost 500,000 potential hosts interrogated
Found many more hosts approximately 7,000 boxes with services approximately 4,000 boxes with no services almost 8,000 Windows boxes
More costly (labor intensive)
![Page 16: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/16.jpg)
June 16, 1999 16
The Second Solution
Scanning takes longer
Difficult to compare results with previous scan
Organizational problems (results still not getting to the right people)
Caused some problems with NT boxes
Still a scapegoat for network problems
Problems
![Page 17: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/17.jpg)
June 16, 1999 17
The Second Solution
New method finds more hosts but takes longer
SAINT needs to be continually updated
Scanning can help improve the tool
Still need to work on reporting results
Lessons Learned
![Page 18: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/18.jpg)
June 16, 1999 18
Other Uses for SAINT
SAINT gathers a lot of information that is not reported
used to produce a list of UNIX hosts by OS type used to identify web servers used to identify routers
Quick scans of a host or subnet
![Page 19: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/19.jpg)
June 16, 1999 19
Other Uses for SAINT
Investigating Incidents
![Page 20: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/20.jpg)
June 16, 1999 20
What’s Next
Continue using SAINT for large scans
Supplement SAINT with more robust tools
Scans have led to development of an IRT defining policy defining standard security configurations helping users secure hosts developing centralized site for security information
![Page 21: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/21.jpg)
June 16, 1999 21
Conclusions
SAINT is a useful tool for scanning large networks
Results give a good first look at how vulnerable you are
SAINT must be continually updated better OS typing better reporting method to compare scan results
![Page 22: Vulnerability Assessment Using SAINT Jane Lemmer Information Security Specialist World Wide Digital Security, Inc. lemmerj@wwdsi.com.](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649f455503460f94c67837/html5/thumbnails/22.jpg)
June 16, 1999 22
Contact Information
World Wide Digital Security, Inc.
11260 Roger Bacon Drive, Suite 400
Reston, VA 20910 USA
PHONE: +1 703 742-6604
FAX: +1 703 742-6605
http://www.wwdsi.com