network security fundamentals
play

Network Security Fundamentals Security Training Course Dr. Charles - PowerPoint PPT Presentation

May 07, 2023 •25 likes •235 views

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 8 Scanning Topics Scanning fundamentals Nessus installation & examination 04/13

  1. Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013

  2. Network Security Fundamentals Module 8 Scanning

  3. Topics • Scanning fundamentals • Nessus installation & examination 04/13 cja 2013 3

  4. Scanning Fundamentals

  5. Scanning • Purpose: Examine host(s) from the network  What ports are open  What services are running  What flaws exist in those services  What type of OS is running  What kind of filtering is in place 04/13 cja 2013 5

  6. Scanning • Modus operandi :  Phase 1: determine all hosts in specified range  Phase 2: interrogate open ports on each host identified in Phase 1 • Uses:  Attack tool  Reconnaissance  Defensive tool  Where are the security risks? 04/13 cja 2013 6

  7. Scanners • Commercial  eEye Retina  ISS  … • Open source  Nessus  Nmap  … 04/13 cja 2013 7

  8. Nessus Installation and Examination

  9. Nessus • Was open-source, GPL  … Nessus 3.0 closed-source  … Nessus 4.0 plugins not free • Client/server architecture  Server placed on host(s) in network  UNIX/Linux, AIX, Mac OS X  Client connects to server(s), runs test  Web client • Strong authentication  SSL 04/13 cja 2013 9

  10. Install Nessus • Download Nessus from http://www.tenable.com/products/nessus • Register scanner  Nessus no longer ships with any plugins  HomeFeed vs. ProfessionalFeed  http://www.nessus.org/register/ • Start the nessusd server • Browse to https://localhost.localdomain:8834 • Create nessusd account • Get the plugins  This will consume about twenty minutes • Nessus is pre-installed in the virtual lab environment 04/13 cja 2013 10

  11. Run Nessus • sudo nessusd start • Browse to https://localhost.localdomain:8834  Port opened after plugins have been processed • Understand certificate issues • Login to nessusd account • Add a policy: select plugins (checks to perform) • Add a scan: select targets (networks) • Start test! 04/13 cja 2013 11

  12. Nessus login 04/13 cja 2013 12

  13. Add a policy 04/13 cja 2013 13

  14. Settings 04/13 cja 2013 14

  15. Add a scan 04/13 cja 2013 15

  16. Launch a scan 04/13 cja 2013 16

  17. Running a scan 04/13 cja 2013 17

  18. Scan finished 04/13 cja 2013 18

  19. Examine results • Browse report • Three severity levels  Low - informational  Medium - possible vulnerability  High - verified vulnerability • Detail pane gives descriptions, suggested fixes, CVE numbers, references and links 04/13 cja 2013 19

  20. Scan results 04/13 cja 2013 20

  21. Additional Features • Filter  Select which vulnerabilities to show  Select by plugin, vulnerability text, host, port, protocol, severity 04/13 cja 2013 21

Recommend

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 7 Intrusion Detection Topics Fundamentals Network IDS Snort Host-based IDS

1.03k views • 72 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case study: Linux iptables

778 views • 46 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 9 Linux Security & Logging Linux Security Real-World Linux Security RHEL

739 views • 41 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength & Cracking Roadmap Password Authentication How Passwords are

512 views • 32 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 5 Viruses & Worms, Botnets, Todays Threats Viruses & Worms Viruses Program

693 views • 31 slides
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define Access Controls List the four Access Control Models Describe logical Access Control Methods Explain the

128 views • 8 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Installing the Lab Environment Virtual Lab Environment Student-supplied hosts IA32-compatible The more CPU(s) and

261 views • 8 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Introduction Introduction Welcome to the course! Instructor: Dr. Charles J. Antonelli

209 views • 10 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A

Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A

Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A Message From Our Sponsors Computer Security Fundamentals Fundamentals System/Network Security, crypto How do things work Why How to

824 views • 26 slides
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used Describe the components of

569 views • 7 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case

881 views • 51 slides
Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security: Private Communication in a Public World [Chap. 2-8] Charles Kaufman, Mike Speciner, Radia

697 views • 59 slides
Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir Northeastern University noubir@ccs.neu.edu Cryptography: Theory and Practice, Douglas Stinson, Chapman & Hall/CRC Network Security: Private

711 views • 56 slides
1 Terminology Security services: Authentication, confidentiality, integrity,

1 Terminology Security services: Authentication, confidentiality, integrity,

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security: Private Communication in a Public World [Chap. 2-8] Charles Kaufman, Mike Speciner, Radia

454 views • 20 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Security Fundamentals for Educational Leaders Steve Palmer K-12 Information Systems Security

Security Fundamentals for Educational Leaders Steve Palmer K-12 Information Systems Security

Security Fundamentals for Educational Leaders Steve Palmer K-12 Information Systems Security Analyst EduTech User Awareness Preparing our Digital Citizens for the Future The Numbers State of North Dakota has over 530 schools All connecting

432 views • 22 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides

More recommend