hands on network security practical tools methods
play

Hands-On Network Security: Practical Tools & Methods Security - PowerPoint PPT Presentation

Jan 15, 2023 •224 likes •592 views

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Fundamental Tools Roadmap Review of generally useful tools

  1. Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012

  2. Hands-On Network Security Module 1 Fundamental Tools

  3. Roadmap • Review of generally useful tools  Linux (Unix) centric • General overview  Several tools revisited later • There are many, many other useful tools  Some introduced in course modules  Most freely available on the Internet 04/12 cja 2012 3

  4. Tool Basics • less, man • netcat • su, sudo • ps • ifconfig • top • netstat • vmstat • tcpdump • lsof • wireshark, tshark • /proc • tcpreplay • whois • traceroute • nslookup, dig • tcptraceroute • Accounting • nmap/zenmap • Miscellany 04/12 cja 2012 4

  5. less, man • less  Standard paginating tool for Unix/Linux • man  Standard manual page tool for Unix/Linux 04/12 cja 2012 5

  6. su • su id  Change to user id  If no id , change to the superuser (root)  Authenticate by giving new user ’ s password  Starts a command shell with new user ’ s privileges • Invocation  su  su –  Like su, but executes a login shell, which gets the correct command search paths 04/12 cja 2012 6

  7. sudo • sudo command  Run commands as root  Authenticate by giving your own password  Runs command with the root ’ s privileges  Convenience & control  Control who may sudo and what commands they can run  Log operations performed under sudo  Config file /etc/sudoers • Invocation  sudo service network restart  Runs the service command with root privileges  sudo -s  Executes a command shell with root privileges  sudo -i  Like su - , this executes a login shell with root privileges 04/12 cja 2012 7

  8. ifconfig • Get (and set) network interface configuration  IP address and mask  Hardware address  Bytes sent/received/dropped/overrun/… • /sbin/ifconfig [interface] [options] • Useful to discover host ’ s IP address(es) and interface status 04/12 cja 2012 8

  9. netstat • Displays network-related status  Network connections  Routing tables  Interface statistics  Multicast memberships 04/12 cja 2012 9

  10. netstat • /bin/netstat  w/o args, displays open sockets  -a display listening sockets also  -t show active TCP sockets  -u show active UDP sockets  -p show PID and process name  -r display routing tables  -n don ’ t convert host addresses to names 04/12 cja 2012 10

  11. libpcap • Packet capture library • Obtains packets from host platform • Created at LBL • Maintained at www.tcpdump.org  Sources, no binaries  Version 1.2.1 released January 1, 2012 04/12 cja 2012 11

  12. tcpdump • Full-content packet capture and display • Packet input  Directly from network interface  From libpcap-format file • Packet output  To screen  To libpcap-format file • Packet filtering • Version 4.2.1 released January 1, 2012 at www.tcpdump.org 04/12 cja 2012 12

  13. tcpdump • /usr/sbin/tcpdump  -i in listen on interface in  -n don ’ t convert host addresses to names  -X dump packet in hex and ascii  -e dump Ethernet header also  -r fn read from pcap-format file  -w fn write out pcap-format file • Documentation at www.tcpdump.org 04/12 cja 2012 13

  14. wireshark, tshark • Full-content packet capture and display • Built-in protocol dissectors  1,170 protocols and counting (version 1.6.7, released April 6, 2012) • Packet input  Directly from network interface  From libpcap-format file, and many other formats • Packet output  Interactive, screen-oriented • Packet filtering  On capture  On display 04/12 cja 2012 14

  15. wireshark, tshark • Other features  capinfos  dumpcap  editcap  mergecap  text2pcap • http://www.wireshark.org/ 04/12 cja 2012 15

  16. tcpreplay • Sends stored packets to network  Useful for presenting fixed inputs to IDSs • Packet input  From libpcap-format file • Packet output  To network interface • Features  tcpprep – determine client/server packets and prepare cache  tcpreplay – replay pcap files at user-determined speeds  tcprewrite – edit TCP, IP, Layer 2 headers on the fly  tcpbridge – bridge network segments with tcprewrite  tcpcapinfo – pcap file decoder 04/12 cja 2012 16

  17. tcpreplay • Canonical invocation  tcpreplay -i eth0 sample.pcap • Options:  -t as fast as possible  -M rate send at this rate (Mbps)  -p # send this number of packets per second  -x m send mtimes as fast  … • http://tcpreplay.synfin.net/ • Some packets are not meant to be replayed 04/12 cja 2012 17

  18. traceroute • Uses TTL field in IP packet to map a network packet ’ s path from source to destination host • Generates a serial list of routers between source and destination • Depends on ICMP messages  If ICMP is blocked at the border, this won ’ t work • Maintained at http://www-nrg.ee.lbl.gov/ftp.html 04/12 cja 2012 18

  19. tcptraceroute • Uses TCP SYN packets instead of ICMP or UDP echo  Originally developed & maintained at http://michael.toren.net/code/tcptraceroute/  Now inactive  Better to use a modern traceroute ’ s –T option 04/12 cja 2012 19

  20. nmap/zenmap • Network mapping tool  Version 5.50 released January, 2011 • Really a network scanner • Swiss army knife • Two-step process  Identifies hosts on specified network segment(s)  Scans specified ports on each host • Read the man page thoroughly  Especially for limitations … • Zenmap is a GUI for nmap • Generally under-appreciated 04/12 cja 2012 20

  21. nmap • nmap  subnet e.g. 141.211.244.0/26  -n don ’ t map addresses to names  -sS TCP SYN port scan  -sT TCP connect port scan  -sU UDP port scan  -sV detect service verions  -s… several more advanced scans  -O use fingerprinting to guess remote OS  -T manually set scan rate  -p range range of ports to scan  … many more • Maintained at http://www.insecure.org/nmap/ 04/12 cja 2012 21

  22. netcat • TCP/UDP utility  http://nc110.sourceforge.net/ … the original, from 1996  http://netcat.sourceforge.net/ … the portable version • Another, older, swiss army knife • Features  Send and receive TCP/UDP  Listen on arbitrary ports  TCP proxies  Shell-script clients & servers • Read the man page thoroughly • Generally under-appreciated 04/12 cja 2012 22

  23. ps • Process status utility • Features  Standard & custom process status listings  Resource utilization summaries • Read the man page thoroughly 04/12 cja 2012 23

  24. ps • ps  (none) show your processes  ax show all processes  l show your processes, long format  u show your processes, user format  v show your processes, virtual memory format  -l show your processes, long format  -f show your processes, full format  -F show your processes, extra full format  -H show your processes, tree format  -Lm show all processes, with threads  … many more 04/12 cja 2012 24

  25. top • Display Linux tasks • Features  Dynamic process listings  Ordered by specified resource  System utilization summaries  An interactive interface for process manipulation  An extensive interactive interface for configuration • Read the man page thoroughly 04/12 cja 2012 25

  26. top • top  (none) show summary and process stats, updated every 3 secs  -d n … every n secs  -u user … stats for user user only • Interactive commands  1 toggle between aggregate and individual CPU stats  k kill a process  O change sort order  r renice a process  u show stats for specified user  h interactive help  … many more 04/12 cja 2012 26

  27. vmstat • Report virtual memory statistics • Reports  Processes running  Physical memory usage  Swap space I/O  Block I/O  System interrupts and context switches  CPU utilization  … all in 80 characters 04/12 cja 2012 27

  28. vmstat • vmstat  (none) show status  n show status every n seconds  -a show active/inactive instead of buffered/cached  -f # fork() system calls since boot  -m show kernel memory management stats (slabinfo) 04/12 cja 2012 28

  29. lsof • List open files  Created for U NIX to find running processes preventing filesystem unmounts  Many additional Linux features • For each process, shows  Root and current directories  Mapped shared memory libraries  Open file names, descriptors, major/minor/inode numbers  Open sockets, states, peer names  Mapped shared memory libraries 04/12 cja 2012 29

  30. lsof • lsof  (none) shows open files for all devices for all processes  -p pid shows open files for process pid  -u user shows open files for user name or uid user  /dev/sdx shows open files for device /dev/sdx  /path/file shows process that have /path/file open  -i @host shows processes connected to host host  … many more 04/12 cja 2012 30

  31. /proc • File-system view of userland • Features  Global system status  Per-process status • Much more detail than e.g. ps • Official interface for system information • Addresses a long-standing need in U NIX 04/12 cja 2012 31

Recommend

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case

881 views • 51 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap Password

750 views • 31 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Introduction Introduction Welcome to the course! Instructor: Dr.

678 views • 10 slides
Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University

Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University

Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu G. Noubir Tools 1 1 Lesson Outcomes: you need to be able to Describe and discuss the various security threats to

1.04k views • 39 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Extrae & Paraver Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for most of the hands on from the web site https://tools.bsc.es/tools-hands-on. No binaries are provided, but you can follow the

633 views • 24 slides
Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for

Clustering Hands-On tools@bsc.es 2018 Copy files for the hands-on You can download the material for most of the hands on from the web site https://tools.bsc.es/tools-hands-on. Clustering has to be executed on a Linux machine. > ls

389 views • 6 slides
Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

www.liberouter.org Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST Regional Symposium for Europe Security Tools as a Service Flow monitoring overview Flow monitoring extended by application layer

1.99k views • 184 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

693 views • 45 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Roadmap Day 1: Why SELinux? Overview of SELinux Using SELinux SELinux Permissive Domains Day

1.71k views • 60 slides
Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter

Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter

Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu Counter Hack Reloaded, Ed Skoudis, 2005, Prentice-Hall. Threats to Communication Networks Security was an add-on to many network

456 views • 10 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security Consultant Agenda Social Engineering Methodology Attacks & Techniques Demos Tools of the trade Prevention Methods and Advice

502 views • 27 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 02/13 cja 2013 2 02/13 cja 2013 3 Introduction Welcome to the course! Instructor: Dr. Charles J.

1.24k views • 55 slides
Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli

Hands-on SELinux: A Practical Introduction Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 03/12 cja 2012 2 03/12 cja 2012 3 Introduction Welcome to the course! Instructor: Dr. Charles J.

753 views • 53 slides
Supervisor: Joe Klemencic Computing Division-Network Security Fermi National Accelerator

Supervisor: Joe Klemencic Computing Division-Network Security Fermi National Accelerator

Supervisor: Joe Klemencic Computing Division-Network Security Fermi National Accelerator Laboratory, Batavia, IL 60510 OUTLINE Introduction Objective Relevance Tools & Methods Results Four different cases

369 views • 18 slides
Using Game Theory To Solve Network Security A brief survey by Willie Cohen Network Security

Using Game Theory To Solve Network Security A brief survey by Willie Cohen Network Security

Using Game Theory To Solve Network Security A brief survey by Willie Cohen Network Security Overview By default networks are very insecure Connected to the open internet There are a number of well known methods for securing a

659 views • 21 slides
The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI vallentin@icir.org Bro Workshop 2011 NCSA, Champaign-Urbana, IL Tools of the Trade Basic Toolbox 1. awk 2. head/tail 3. sort 4. uniq 5. bro-cut 2 / 9

627 views • 41 slides
The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI vallentin@icir.org Bro Workshop 2011 NCSA, Champaign-Urbana, IL Tools of the Trade Basic Toolbox 1. awk 2. head/tail 3. sort 4. uniq 5. bro-cut 2 / 9

128 views • 9 slides
Introduction to Network Security Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Security Chapter 5 Physical Network Layer Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Lower Layer Security Physical Layer Overview Common attack methods Ethernet

966 views • 40 slides
INF 111 / CSE 121: Software Tools and Methods Software Tools and Methods Lecture Notes for

INF 111 / CSE 121: Software Tools and Methods Software Tools and Methods Lecture Notes for

INF 111 / CSE 121: Software Tools and Methods Software Tools and Methods Lecture Notes for Summer, 2008 Michele Rousseau Lecture Note 10 Effort Estimation Announcements Assignment #3 is due on Monday Quiz #3 regrades are due today

647 views • 21 slides
Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web applications Marco Rocchetto REsearch Group in I nformation S ecurity Department of Computer Science University of Verona, Italy Verona, May 8, 2015

731 views • 62 slides

More recommend