Securitytools
Download as PPTX, PDF0 likes870 views
This document provides summaries of various tools that can be used for securing and testing networks. It begins by stating there is no single tool that can meet all needs and the right tool must be selected for the job. Several networking scanning, vulnerability assessment, password recovery, and digital forensic tools are then summarized, including Nmap, Nessus, Cain and Abel, Wireshark, Metasploit, and BackTrack. Methods for securing the network perimeter, assessing vulnerabilities, recovering passwords, and performing other tasks are also outlined. The document provides links to download or get more information about many of the summarized tools.
![USB Switchblade
• Access all stored passwords on a windows computer
– [System info] [Dump SAM] [Dump Product Keys] [Dump LSA
secrets (IE PWs)] [Dump Network PW] [Dump messenger PW]
[Dump URL History]
•
•
•
•
•
Available at http://www.hak5.org/wiki/USB_Switchblade
Plug U3 Drive in any windows XP/2000/2003 computer
Wait about 1 minute
Eject Drive
Go to run on the start menu, then type
x:Documentslogfiles (x = flash drive letter) then press
enter
• Look at username and passwords or start cracking
hashed windows passwords](https://image.slidesharecdn.com/securitytools-131120052645-phpapp01/85/Securitytools-24-320.jpg)
Securitytools
- 1. Great Tools for Securing and Testing Your Network By DR RICHMOND ADEBIAYE, CISSP, CISM Presented at NASA Conference (EOSDIS) NASA Risk Management Conference VII (Environment & Security) January 18-20 2012 GRC Network Security Team
- 2. Outline • Silver Bullet Most Used Tools • CD/USB Security • Perimeter Security • Vulnerability Assessment • Password Recovery • Networking Scanning • Data Rescue and Restoration • Application and Data Base Tools • Encryption Software • Wireless Tools • Virtual Machines • New USB Exploits • Digital Forensic Tools • Backup Software • Tools that Cost but Have Great Value
- 3. No Silver Bullet • No Silver Bullet for network and system testing: – Determine your needs – Finding the right tools – Using the right tool for the job
- 4. My Most Used Tools: • Google (Get Google Hacking book) – The Google Hacking Database (GHDB) • • SuperScan 4 – Network Scanner find open ports (I prefer version 3) • • (the Swiss Army knife) Crack passwords crack VOIP and so much more • http://www.oxid.it/cain.html NMap – (Scanning and Foot printing) • • http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/ resources/proddesc/superscan.htm Cain and Abel – • http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index http://insecure.org/nmap/download.html Nessus – (Great system wide Vulnerability scanner) • http://www.nessus.org/download/
- 5. Cain and Abel Local Passwords
- 6. Nessus Summary Tenable Nessus Security Report Start Time: Sun Nov 05 13:46:11 2006 Finish Time: Sun Nov 05 14:16:16 2006 192.168.22.0/255.255.255.0 192.168.22.1 192.168.22.8 192.168.22.10 192.168.22.11 192.168.22.15 192.168.22.80 192.168.22.81 192.168.22.100 192.168.22.161 192.168.22.166 2 Open Ports, 6 Notes, 1 Warnings, 1 Holes. 7 Open Ports, 13 Notes, 1 Warnings, 1 Holes. 5 Open Ports, 9 Notes, 0 Warnings, 1 Holes. 5 Open Ports, 9 Notes, 0 Warnings, 1 Holes. 7 Open Ports, 22 Notes, 0 Warnings, 0 Holes. 5 Open Ports, 7 Notes, 0 Warnings, 0 Holes. 6 Open Ports, 12 Notes, 1 Warnings, 1 Holes. 5 Open Ports, 7 Notes, 0 Warnings, 0 Holes. 5 Open Ports, 12 Notes, 2 Warnings, 1 Holes. 3 Open Ports, 4 Notes, 2 Warnings, 1 Holes.
- 7. My Most Used Tools 2: • Ethereal or Wireshark – (packet sniffers Use to find passwords going across network) • SSL Passwords are often sent in clear text before logging on – http://www.wireshark.org/download.html » • Metasploit – (Hacking made very easy) • • http://www.metasploit.com/ BackTrack or UBCD4WIN Boot CD – (Cleaning infected PC’s or ultimate hacking environment will run from USB) • http://www.remote-exploit.org/index.php/BackTrack_Downloads – • http://www.ubcd4win.com/downloads.htm Read notify – (―registered‖ email) • • http://www.ethereal.com/download.html http://www.readnotify.com/ Virtual Machine for pen testing – (Leaves ―no‖ trace)
- 8. Security Testing Boot CD/USB: • Bart PE or UBCD4WIN – http://www.bartpe.com – http://www.ubcd4win.com • Back Track (one of the more powerful cracking network auditing packages) – http://www.remoteexploit.org • Other Linux CD – Trinity Rescue Kit (recover/repair dead Windows or Linux systems) • http://trinityhome.org/Home/index.php?wpid=28&fr ont_id=12 – KNOPPIX (recover/repair dead systems and several security tools) • http://www.knoppix.net/
- 10. BackTrack
- 11. Secure Your Perimeter: • DNS-stuff and DNS-reports • http://www.dnsstuff.com http://www.dnsreports.com – Are you blacklisted? – Test your e-mail system – Check your HTML code for errors – • (Also use WIN HTTrack for offline testing) • Shields UP and Leak test – https://www.grc.com/x/ne.dll?rh1dkyd2 – http://grc.com/default.htm • Other Firewall checkers – www.firewallcheck.com
- 12. Tools to Assess Vulnerability • Nessus(vulnerability scanners) – http://www.nessus.org • Snort (IDS - intrusion detection system) – http://www.snort.org • Metasploit Framework (vulnerability exploitation tools) Use with great caution and have permission – http://www.metasploit.com/projects/Frame work/
- 13. Password Recovery Tools: • Fgdump (Mass password auditing for Windows) – http://foofus.net/fizzgig/fgdump • Cain and Abel (password cracker and so much more….) – http://www.oxid.it/cain.htnl • John The Ripper (password crackers) – http://www.openwall.org/john/ • RainbowCrack : An Innovative Password Hash Cracker tool that makes use of a large-scale time-memory trade-off. – http://www.rainbowcrack.com/downloads/?PHPSESSI D=776fc0bb788953e190cf415e60c781a5
- 14. Change/Discover Win Passwords • Windows Password recovery - Can retrieve forgotten admin and users' passwords in minutes. Safest possible option, does not write anything to hard drive. • Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator's password. • John the Ripper - Good boot floppy with cracking capabilities. • Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults. • Austrumi - Bootable CD for recovering passwords and other cool tools.
- 15. Networking Scanning • MS Baseline Analyzer – http://www.microsoft.com/downloads/details.aspx?FamilyId=4B4ABA06-B5F9-4DAD-BE9D7B51EC2E5AC9&displaylang=en • The Dude (Great mapper and traffic analyzer) – http://www.mikrotik.com/thedude.php • Getif (Network SNMP discovery and exploit tool) – http://www.wtcs.org/snmp4tpc/getif.htm • SoftPerfect Network Scanner – http://www.softperfect.com/ • HPing2 (Packet assembler/analyzer) – http://www.hping.org • Netcat (TCP/IP Swiss Army Knife) – http://netcat.sourceforge.net • TCPDump (packet sniffers) Linux or Windump for windows – • http://www.tcpdump.org and http://www.winpcap.org/windump/ LanSpy (local, Domain, NetBios, and much more) – http://www.lantricks.com/
- 16. File Rescue and Restoration: • Zero Assumption Digital Image rescue • http://www.z-a-recovery.com/digital-imagerecovery.htm • Restoration File recovery – http://www.snapfiles.com/get/restoration.html • Free undelete – http://www.pcfacile.com/download/recupero_eliminazione_dati/drive_resc ue/ • Effective File Search : Find data inside of files or data bases – http://www.sowsoft.com/search.htm
- 17. Discover & Securely Delete Important Information: • Windows and Office Key finder/Encrypting – Win KeyFinder (also encrypts the keys) • http://www.winkeyfinder.tk/ – ProduKey (also finds SQL server key) • http://www.nirsoft.net • Secure Delete software – Secure Delete • http://www.objmedia.demon.co.uk/freeSoftware/secureDelete.html • DUMPSEC — (Dump all of the registry and share permissions) – http://www.somarsoft.com/ • Win Finger Print (Scans for Windows shares, enumerates usernames, groups, sids and much more ) – http://winfingerprint.sourceforge.net
- 18. Application and Data Base Tools • N-Stealth – an effective HTTP Security Scanner – https://secure.nstalker.com/ • WINHTTrack – Website copier • http://www.httrack.com/page/2/en/index.html • SQLRecon (SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations) – http://www.sqlsecurity.com/Tools/FreeTools/tabid/ 65/Default.aspx • Absinthe (Tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.) – http://www.0x90.org/releases/absinthe/index.php
- 19. AppDetective • AppDetective discovers database applications and assesses their security strength • AppDetective assess two primary application tiers application / middleware, and back-end databases through a single interface • AppDetective locates, examines, reports, and fixes security holes and misconfigurations • www.appsecinc.com/products/appdetective/ mssql • Cost $900
- 20. Encryption Software: • Hard drive or Jump Drives – True Crypt for cross platform encryption with lots of options • http://www.truecrypt.org/downloads.php – Dekart its free version is very simple to use paid version has more options • http://www.dekart.com/free_download/ – http://www.dekart.com/ • Email or messaging – PGP for encrypting email • http://www.pgp.com/downloads/index.html
- 21. Wireless Tools: • Aircrack : The fastest available WEP/WPA cracking tool Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP or WPA 1 or 2 – The suite includes • • • • airodump (an 802.11 packet capture program) aireplay (an 802.11 packet injection program) aircrack (static WEP and WPA-PSK cracking) airdecap (decrypts WEP/WPA capture files) – http://www.aircrack-ng.org/doku.php#download • Net Stumbler (finds wireless networks works well) – http://wwww.netsumbler.com • Kismet (wireless tools or packet sniffers) – http://wwww.kismetwireless.net
- 22. Virtual Machines • Xen for Linux – http://www.xensource.com/download/ • VM server or VM workstation for booting Part Pe ISO’s or Remote Exploit – http://www.vmware.com/products/server/ • MS Virtual Server (slower but very easy to use) – http://www.microsoft.com/windowsserversystem/v irtualserver/software/privacy.mspx • VM’s can be used to run auditing applications that typically would require a dedicated server
- 23. Network Toolbox U3 • • • • • • • • • • • • • • Analyzers Network monitors Traffic Generators Network Scanners IDS Network Utilities Network Clients Secure Clients SNMP Web Auditing Tools Password revealers System Tools Supplementary tools (Dos prompt, Unix shell, etc..) – http://www.cacetech.com/products/toolkit. htm
- 24. USB Switchblade • Access all stored passwords on a windows computer – [System info] [Dump SAM] [Dump Product Keys] [Dump LSA secrets (IE PWs)] [Dump Network PW] [Dump messenger PW] [Dump URL History] • • • • • Available at http://www.hak5.org/wiki/USB_Switchblade Plug U3 Drive in any windows XP/2000/2003 computer Wait about 1 minute Eject Drive Go to run on the start menu, then type x:Documentslogfiles (x = flash drive letter) then press enter • Look at username and passwords or start cracking hashed windows passwords
- 25. Digital Forensic Tools • The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (digital forensic tools) – http://www.sleuthkit.org/ • Boot CD – UBCD4WIN • http://www.ubcd4win.com – BACKTRACK • http://www.remoteexploit.org
- 26. Backup Software • SyncBack – http://www.snapfiles.com/get/SyncBack.html – Secure: Encrypt a zip file with a 256-bit AES encryption – Copy Open Files (XP/2003) – Compression: You can compress an unlimited size, and an unlimited number of files. (Paid) – Performance & Throttling limit bandwidth usage, (Paid) – FTP and Email :Backup or sync files with an FTP server. Auto email the results of your backup – Overview PPT on my web site • http://www.es-es.net/
- 27. Tools That Cost But Have Great Value: • • • • • • • • • Spy Dynamics Web Inspect QualysGuard EtherPeek Netscan tools Pro (250.00 full network forensic reporting and incident handling) LanGuard Network Scanner AppDetective (Data base scanner and security testing software) Air Magnet (one of the best WIFI analyzers and rouge blocking) RFprotect Mobile Core Impact (complete vulnerability scanning and reporting) • WinHex– (Complete file inspection and recovery even if corrupt ) Forensics and data recovery
- 28. Q&A • Resources are available at – Files and suggestions • http://www.es-es.net/9.html – Security and Information Assurance Links • http://www.es-es.net/6.html – PPT for this and VM Security • http://www.es-es.net/3.html • Best Step by Step Security Videos Free – http://www.irongeek.com • Shameless plug – Virtual Server Security Presentation – Thursday 9:30AM Location: Salon 7 – Resources available @ http://www.es-es.net