Security Handbook
- 1. Anthony Hasse IT Security Handbook
- 2. 2 Table of Contents System Scanners Network Scanners Wireless Discovery Packet Analyzer Attacks Defenses Password Cracking Cryptography
- 3. 3 System Scanners Secunia- Scans systemand reports any out of date software. Will auto update most software but some items will require a manual update. This is used to protect your systems against vulnerabilities that could be found in older versions of software. http://secunia.com/vulnerability_scanning/personal/ This easy to use program brings up a report of all the programs on your computer that need to be updated. You simply have to click on the picture and it will update that program to the most recent version
- 4. 4 Microsoft Malicious Software Removal Tool-Scans your computer for any malicious software and removes it. This is a great way to find out if there are any programs running on your system that could be malicious. http://www.microsoft.com/security/pc-security/malware-removal.aspx www.2-spyware.com Shavlik Patch Scanner- Checks the systemto make sure that it has all the current patches. This is necessary for security because the patches are put out to fix vulnerabilities that have been found in previous versions. This should be checked on a regular basis. http://www.shavlik.com/products/protect/ Root-kit Revealer- Scans your systemfor hidden rootkit viruses. A rootkit is used to hide the existence of other viruses and continue to give the attacker administrative privileges.
- 5. 5 http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx MBSA Scanner (Microsoft Baseline Security Analyzer)- This scanner scans your system for security updates and any less secure settings in windows. This scan will let you know if you are using weak passwords, any passwords do not expire, windows firewall is not set up properly, or if you have multiple administrative accounts. This is a good gauge of how well your basic security properties are set up. http://www.microsoft.com/en-us/download/details.aspx?id=7558 This window shows an example of the home screen for the MBSA. It has a simple step by step system to scan your system. As well as a detailed report after the systemhas been scanned www.petri.com Angry IP Scanner- This scans all the ports on your network and gives you a readout of the standing of each port. It will tell you which ports are open and what programs are running on the ports. If there is a program running on a port that you do not recognize you can find out if it is possibly malicious and close that port off. http://angryip.org/download/#windows
- 6. 6 Risk Assessment Tool- This tool is an easy to use program where you can input all the assets of your network and assign a dollar value to the loss expectancy. This program eliminates the need to create a Spreadsheet and input all the calculations and link the columns. It automatically calculates all the information as you input it. Network Scanners Nessus Penetration Scanner- Scans a target machine for a various number of vulnerabilities. This is the most popular scanning tool used in the IT field. Scans for improperly configured systems, default passwords, and open vulnerable ports. http://www.tenable.com/products/nessus hackertarget.com
- 7. 7 Nmap Scanner- used to discover hosts and services on a network. It creates a network map that can be used to determine what systems can be attacked. Nmap creates special packets that it sends to the host and it analyzes the response. http://nmap.org/download.html Network Diagram- Similar to Nmap it creates a diagram of how the target network is set up. Wireless Discovery Netstumbler- A tool that is used to find wireless networks that are broadcasting. It can be used to find areas of poor reception in a wireless network. Netstumbler can also be used to discover rogue access points. Kismet- Kismet is a very robust tool that can be used with wireless networks. First off it can be used to passively detect wireless access points and clients. Doing it passively means that the networks cannot detect it searching for them. It can also be used as an IDS by detecting other sniffing tools that are attempting to discover the network. Kismet can also collect packets from the network and dump them into a file that is readable by a program such as wireshark. Aircrack- Aircrack is another fully functioning wireless tool in that it discovers access points, collects packets and it also has the capabilities of cracking WEP/WPA passwords for wireless networks. Packet Analyzer Wireshark- Wireshark is a packet analyzer. It captures raw packets that are traversing across the network and makes them viewable to the user. The user can analyze the data and can often gain a significant amount of information. Anything from usernames and passwords to credit card information could be seen by analyzing the packets captured by wireshark. Even information that is send over VOIP can be collected and played back. https://www.wireshark.org/download.html
- 8. 8 en.wikipedia.org Attacks CPUHog- CPUHog is a tool that can be opened by a user and will take up the total available usage in a core on the processor. Because most modern PC’s use multiple core processors this tool would not be as detrimental as it once was. Defenses HoneyPot- A honey pot is a systemthat is set up to look appealing to an attacker. These systems are used to distract an attacker from your real system by offering an easier target. The HoneyPot systems are usually set up with many vulnerabilities in order to lure the target into attacking it. https://app.box.com/shared/c1qix05ymg
- 9. 9 HoneyNet- Similar to a HoneyPot a HoneyNet is a fake network that is created to dupe an attacker into thinking they have found an extremely vulnerable network. Password Cracking Cain and Abel- Cain and Abel uses multiple techniques to crack various passwords. You can use a straight brute force attack which will be the most time consuming. You can also use a dictionary attack which Cain and Abel provides a good word list to use. There is also the possiblility to use a Rainbow table attack. Cain and Abel provides a tool to create a rainbow table to use in the attack. http://www.oxid.it/cain.html John the Ripper- John the ripper is a Linux password cracking tool. It can use brute force as well as dictionary attacks against various hashes. There is also a lot of personalization you can use with John the ripper which makes it a very powerful tool. Cryptography True Crypt- TrueCrypt is an on the fly encryption utility. It has the capabilities to create a virtual encrypted disk within a file or encrypt a partition or even the entire storage device. Unfortunately the creators of TrueCrypt announced that it would no longer be maintained. http://truecrypt.sourceforge.net/ AxCrypt- AxCrypt is a security tool that can be used to encrypt files and folders. It uses a password as well as an optional key-file. Once the file is encrypted it changes the thumbnail to the AxCrypt icon providing a nice little layer of security.
- 10. 10 http://www.axantum.com/axcrypt/Downloads.aspx Text Hide- Text Hide is a utility to hide sensitive information inside an image. The program uses the unused space in an image file to store encrypted information. http://www.softpedia.com/get/Security/Encrypting/Text-Hide.shtml