Network security ppt presentation and download
- 2. WHAT IS NETWORK RECONNAISSANCE? âą Network reconnaissance helps cybersecurity professionals to identify potential attack vectors that attackers could exploit. By understanding the vulnerabilities in their network or system, organizations can take steps to protect themselves and mitigate the risk of a successful attack.
- 3. THERE ARE TWO MAIN TYPES OF RECONNAISSANCE âą Active reconnaissance With active reconnaissance, hackers interact directly with the computer system and attempt to obtain information through techniques like automated scanning or manual testing and tools like ping and netcat. Active recon is generally faster and more accurate, but riskier because it creates more noise within a system and has a higher chance of being detected. âą passive reconnaissance âą Passive reconnaissance gathers information without directly interacting with systems, using tools such as Wireshark and Shodan and methods such as OS fingerprinting to gain information.
- 4. HOW RECONNAISSANCE WORKS âą Reconnaissance generally follows seven steps: 1.Collect initial information 2.Determine the network range 3.Identify active machines 4.Find access points and open ports 5.Fingerprint the operating system 6.Discover services on ports 7.Map the network
- 5. USING THESE STEPS, AN ATTACKER WILL AIM TO GAIN THE FOLLOWING INFORMATION ABOUT A NETWORK âą File permissions âą Running network services âą OS platform âą Trust relationships âą User account information
- 6. HOW TO PREVENT RECONNAISSANCE âą Organizations can use penetration testing to determine what their network would reveal in the event of a reconnaissance attack. Organizations can outsource the work by hiring security testing professionals to carry out penetration testing, vulnerability assessment, compliance testing, etc. âą During testing, organizations can deploy port scanning tools (which scan large networks and determine which hosts are up) and vulnerability scanners (which find known vulnerabilities in the network). âą SIEM solutions can also detect source IPs that are running a port scanning tool in your network.
- 7. NETWORK RECONNAISSANCE WITH NMAP âą Nmap (Network Mapper) is a powerful open-source tool used for network exploration and security auditing. âą It allows you to discover hosts and services on a computer network, thus creating a "map" of the network's structure.
- 8. KEY FEATURES OF NMAP 1. Host Discovery: Nmap can discover hosts on a network by sending packets and analyzing responses. 2. Port Scanning: It can identify open ports on target systems, which helps in understanding the services running on those systems. 3. Version Detection: Nmap can often determine the versions of software and services running on discovered ports, aiding in vulnerability assessment.
- 9. 1.OS Fingerprinting: It can sometimes guess the operating system running on a target host by analyzing patterns in network packets. 2.Scripting: Nmap supports scripting with Nmap Scripting Engine (NSE), allowing for automated tasks and advanced probing.
- 10. USE CASES OF NMAP ï· Security Audits: Assessing the security posture of a network by identifying open ports and potential vulnerabilities. ï· Network Inventory: Creating an inventory of hosts and services for network management purposes. ï· Penetration Testing: Identifying potential entry points into a network that could be exploited by attackers.
- 11. VULNERABILITY AUDITS WITH OPENVAS âą OpenVAS (Open Vulnerability Assessment System) is a framework of several services and tools offering vulnerability scanning and management. It helps in identifying security issues in target systems and networks. âą Key features of OpenVAS: 1. Vulnerability Scanning: It scans target systems for known vulnerabilities based on a database of signatures. 2. Reporting: OpenVAS provides detailed reports on identified vulnerabilities, including severity levels and potential impacts. 3. Integration: It can integrate with other tools and workflows, enhancing its usability in larger environments. 4. Continuous Monitoring: OpenVAS supports continuous monitoring to detect new vulnerabilities as they emerge.
- 12. USE CASES OF OPENVAS ï· Regular Security Audits: Conducting scheduled scans to ensure ongoing security of systems and networks. ï· Compliance Checking: Verifying compliance with security standards and regulations that mandate vulnerability assessments. ï· Risk Assessment: Assessing the risk posed by identified vulnerabilities and prioritizing remediation efforts.
- 13. INTEGRATION AND WORKFLOW ï· Sequential Usage: Typically, Nmap is used first for initial reconnaissance, identifying hosts and open ports. This information then informs the scope of vulnerability scanning with OpenVAS. ï· Automated Workflows: Both tools support scripting and automation, enabling integration into larger security workflows and environments. ï· Reporting and Remediation: The output from OpenVAS can guide remediation efforts based on the vulnerabilities identified by both tools.