DOCSLIB.ORG

GL550 Enterprise Linux Security Administration

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
GL550 Enterprise Linux Security Administration EVALUATION COPY Unauthorized Reproduction or Distribution Enterprise LinuxProhibited Security Administration Student Workbook EVALUATION COPY Unauthorized Reproduction GL550 ENTERPRISE LINUX SECURITY ADMINISTRATION RHEL7 SLES12 or Distribution The contents of this course and all its modules and related materials, including handouts to audience members, are copyright ©2017 Guru Labs L.C. No part of this publication may be stored in a retrieval system, transmitted or reproduced in any way, including, but not limited to, photocopy, photograph, magnetic, electronic or other record, without the prior written permission of Guru Labs. This curriculum contains proprietary information which is for the exclusive use of customers of Guru Labs L.C., and is not to be shared with personnel other than those in attendance at this course. This instructional program, including all material provided herein, is supplied without any guarantees from Guru Labs L.C. Guru Labs L.C. assumes no liability for damages or legal action arising from Prohibited the use or misuse of contents or details contained herein. Photocopying any part of this manual without prior written consent of Guru Labs L.C. is a violation of federal law. This manual should not appear to be a photocopy. If you believe that Guru Labs training materials are being photocopied without permission, please email [email protected] or call 1-801-298-5227. Guru Labs L.C. accepts no liability for any claims, demands, losses, damages, costs or expenses suffered or incurred howsoever arising from or in connection with the use of this courseware. All trademarks are the property of their respective owners. Version: GL550S-R7S12-F05 EVALUATION COPY Unauthorized Reproduction or Distribution Prohibited Table of Contents Chapter 1 EVALUATIONChapter 3 COPY SECURITY CONCEPTS 1 PASSWORD SECURITY AND PAM 1 Basic Security Principles 2 Unix Passwords 2 RHEL7 Default Install 3 Password Aging 3 RHEL7 Firewall Unauthorized 5 Auditing Passwords 5 SLES12 Default Install 6 PAM Overview 6 SUSE Basic Firewall Configuration 7 PAM Module Types 7 SLES12: File Security 8 PAM Order of Processing 8 Minimization – Discovery 9 PAM Control Statements 10 Service Discovery 10 PAM Modules 11 Hardening 12 pam_unix 13 Security Concepts 13 pam_cracklib.so 14 Lab Tasks 15 pam_pwcheck.so 15 1. Removing Packages Using RPM Reproduction 16 pam_env.so 16 2. Firewall Configuration 19 pam_xauth.so 17 3. Process Discovery 23 pam_tally2.so 18 4. Operation of the setuid() and capset() System Calls 25 pam_wheel.so 19 5. Operation of the chroot() System Call 30 pam_limits.so 20 pam_nologin.so 21 Chapter 2 pam_deny.so 22 SCANNING, PROBING, AND MAPPING VULNERABILITIES 1 pam_warn.so 23 The Security Environment 2 pam_securetty.so 24 Stealth Reconnaissance or3 pam_time.so 25 The WHOIS database 4 Distributionpam_access.so 26 Interrogating DNS 5 pam_listfile.so 27 Discovering Hosts 6 pam_lastlog.so 28 Discovering Reachable Services 7 pam_console.so 29 Reconnaissance with SNMP 8 Lab Tasks 31 Discovery of RPC Services 10 1. John the Ripper 32 Enumerating NFS Shares 11 2. Cracklib 36 Nessus/OpenVAS Insecurity Scanner 12 3. Using pam_listfile to Implement Arbitrary ACLs 41 Configuring OpenVAS 13 4. Using pam_limitsProhibited to Restrict Simultaneous Logins 44 Intrusion Detection Systems 14 5. Using pam_nologin to Restrict Logins 47 Snort Rules 15 6. Using pam_access to Restrict Logins 51 Writing Snort Rules 16 7. su & pam 55 Lab Tasks 17 1. NMAP 18 Chapter 4 2. OpenVAS 22 SECURE NETWORK TIME PROTOCOL (NTP) 1 3. Advanced nmap Options 27 The Importance of Time 2 Hardware and System Clock 3 Time Measurements 5 ii NTP Terms and Definitions 6 Create Master KDC 6 Synchronization Methods 7 Configuring the Master KDC 7 NTP Evolution EVALUATION8 KDC Logging COPY 9 Time Server Hierarchy 9 Kerberos Realm Defaults 11 Operational Modes 10 Specifying [realms] 12 NTP Clients Unauthorized 11 Specifying [domain_realm] 13 Configuring NTP Clients 13 Allow Administrative Access 14 Configuring NTP Servers 15 Create KDC Databases 15 Securing NTP 16 Create Administrators 16 NTP Packet Integrity 18 Install Keys for Services 17 Useful NTP Commands 19 Start Services 18 Lab Tasks 20 Add Host Principals 19 1. Configuring and Securing NTP 21 Add Common Service Principals 20 2. Peering NTP with Multiple Systems 25 Configure Slave KDCs 21 Reproduction Create Principals for Slaves 22 Chapter 5 Define Slaves as KDCs 23 KERBEROS CONCEPTS AND COMPONENTS 1 Copy Configuration to Slaves 24 Common Security Problems 2 Install Principals on Slaves 25 Account Proliferation 3 Synchronization of Database 26 The Kerberos Solution 4 Propagate Data to Slaves 27 Kerberos History 5 Create Stash on Slaves 28 Kerberos Implementations 6 Start Slave Daemons 29 Kerberos Concepts 7 Client Configuration 30 Kerberos Principals or 8 Install krb5.conf on Clients 31 Kerberos Safeguards 9 Client PAM Configuration 32 Kerberos Components 10DistributionInstall Client Host Keys 34 Authentication Process 11 Lab Tasks 35 Identification Types 12 1. Implementing Kerberos 36 Logging In 13 Gaining Privileges 15 Chapter 7 Using Privileges 17 ADMINISTERING AND USING KERBEROS 1 Kerberos Components and the KDC 19 Administrative Tasks 2 Kerberized Services Review 20 Key Tables 3 KDC Server Daemons 21 ManagingProhibited Keytabs 4 Configuration Files 22 Managing Principals 6 Utilities Overview 23 Viewing Principals 7 Adding, Deleting, and Modifying Principals 8 Chapter 6 Principal Policy 9 IMPLEMENTING KERBEROS 1 Overall Goals for Users 10 Plan Topology and Implementation 2 Signing In to Kerberos 11 Kerberos 5 Client Software 3 Ticket types 12 Kerberos 5 Server Software 4 Viewing Tickets 13 Synchronize Clocks 5 Removing Tickets 14 iii Passwords 15 2. File Integrity Checking with AIDE 13 Changing Passwords 16 Giving Others AccessEVALUATION17 Chapter 10 COPY Using Kerberized Services 19 ACCOUNTABILITY WITH KERNEL AUDITD 1 Kerberized FTP 20 Accountability and Auditing 2 Enabling KerberizedUnauthorized Services 21 Simple Session Auditing 3 OpenSSH and Kerberos 23 Simple Process Accounting & Command History 5 Lab Tasks 24 Kernel-Level Auditing 6 1. Using Kerberized Clients 25 Configuring the Audit Daemon 9 2. Forwarding Kerberos Tickets 33 Controlling Kernel Audit System 10 3. OpenSSH with Kerberos 37 Creating Audit Rules 11 4. Wireshark and Kerberos 43 Searching Audit Logs 13 Generating Audit Log Reports 14 Chapter 8 Audit Log Analysis 15 SECURING THE FILESYSTEM Reproduction 1 Lab Tasks 16 Filesystem Mount Options 2 1. Auditing Login/Logout 17 NFS Properties 3 2. Auditing File Access 22 NFS Export Option 4 3. Auditing Command Execution 26 NFSv4 and GSSAPI Auth 5 Implementing NFSv4 6 Chapter 11 Implementing Kerberos with NFS 8 SELINUX 1 GPG – GNU Privacy Guard 10 DAC vs. MAC 2 File Encryption with OpenSSL 12 Shortcomings of Traditional Unix Security 4 File Encryption With encfs 13or AppArmor 5 Linux Unified Key Setup (LUKS) 14 SELinux Goals 6 Lab Tasks 16 DistributionSELinux Evolution 7 1. Securing Filesystems 17 SELinux Modes 8 2. Securing NFS 20 Gathering SELinux Information 10 3. Implementing NFSv4 24 SELinux Virtual Filesystem 11 4. File Encryption with GPG 31 SELinux Contexts 12 5. File Encryption With OpenSSL 34 Managing Contexts 14 6. LUKS-on-disk format Encrypted Filesystem 37 The SELinux Policy 16 Choosing an SELinux Policy 17 Chapter 9 Policy LayoutProhibited 19 AIDE 1 Tuning and Adapting Policy 21 Host Intrusion Detection Systems 2 Booleans 22 Using RPM as a HIDS 4 Permissive Domains 24 Introduction to AIDE 5 Managing File Context Database 25 AIDE Installation 6 Managing Port Contexts 26 AIDE Policies 7 SELinux Policy Tools 27 AIDE Usage 8 Examining Policy 29 Lab Tasks 9 SELinux Troubleshooting 32 1. File Integrity Checking with RPM 10 SELinux Troubleshooting Continued 34 iv Lab Tasks 36 Advanced Authentication 7 1. Exploring SELinux Modes 37 Ident-based Authentication 8 2. Exploring AppArmorEVALUATION Modes [S12] 43 Lab Tasks COPY 9 3. SELinux Contexts in Action [R7] 47 1. Configure PostgreSQL 10 4. Exploring AppArmor [S12] 52 2. PostgreSQL with TLS 14 5. Managing SELinuxUnauthorized Booleans [R7] 57 3. PostgreSQL with Kerberos Authentication 17 6. Creating Policy with Audit2allow [R7] 62 4. Securing PostgreSQL with Web Based Applications 20 7. Creating & Compiling Policy from Source [R7] 69 Appendix A Chapter 12 SECURING EMAIL SYSTEMS 1 SECURING APACHE 1 SMTP Implementations 2 Apache Overview 2 Security Considerations 3 httpd.conf – Server Settings 3 chrooting Postfix 4 Configuring CGI 5 Email with GSSAPI/Kerberos Auth 5 Turning Off Unneeded Modules Reproduction 6 Lab Tasks 6 Delegating Administration 7 1. Postfix In a Change Root Environment 7 Apache Access Controls (mod_access) 8 HTTP User Authentication 10 Standard Auth Modules 11 HTTP Digest Authentication 12 TLS Using mod_ssl.so 13 Authentication via SQL 15 Authentication via LDAP 17 Authentication via Kerberos or18 Scrubbing HTTP Headers 19 Metering HTTP Bandwidth 20Distribution Lab Tasks 21 1. Hardening Apache by Minimizing Loaded Modules 23 2. Scrubbing Apache & PHP Version Headers 27 3. Protecting Web Content [R7] 31 4. Protecting Web Content [S12] 35 5. Using the suexec Mechanism 39 6. Create a TLS CA key pair 45 7. Using SSL CA Certificates with Apache 47 Prohibited 8. Enable Apache SSL Client Certificate Authentication 54 9. Enabling SSO in Apache with mod_auth_kerb 59 Chapter 13 SECURING POSTGRESQL 1 PostgreSQL Overview 2 PostgreSQL Default Config 3 Configuring TLS 4 Client Authentication Basics 5 v Typographic ConventionsEVALUATION COPY The fonts, layout, and typographic conventions of this book have been carefully chosen to increase readability. Please take a moment to familiarize yourself withUnauthorized them. A Warning and Solution A common problem with computer training and reference materials is the confusion of the numbers "zero" and "one" with the letters "oh" and 0The number OThe letter "ell". To avoid this confusion, this book uses a fixed-width font that makes "zero". "oh". each letter and number distinct. Typefaces Used and Their Meanings Reproduction The following typeface conventions have been followed in this book: fixed-width normal ) Used to denote file names and directories.
Load more

Recommended publications
  • Red Hat Enterprise Linux 3 Security Guide
    Red Hat Enterprise Linux 3 Security Guide Red Hat Enterprise Linux 3: Security Guide Copyright © 2003 by Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA rhel-sg(EN)-3-Print-RHI (2003-07-25T17:12) Copyright © 2003 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder. Red Hat, Red Hat Network, the Red Hat "Shadow Man" logo, RPM, Maximum RPM, the RPM logo, Linux Library, PowerTools, Linux Undercover, RHmember, RHmember More, Rough Cuts, Rawhide and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc. in the United States and other countries. Linux is a registered trademark of Linus Torvalds. Motif and UNIX are registered trademarks of The Open Group. XFree86 is a trademark of The XFree86 Project, Inc, and is pending registration. Intel and Pentium are registered trademarks of Intel Corporation. Itanium and Celeron are trademarks of Intel Corporation. AMD, Opteron, Athlon, Duron, and K6 are registered trademarks of Advanced Micro Devices, Inc.
    [Show full text]
  • Design and Implementation of Port Scanner and Sniffer
    DESIGN AND IMPLEMENTATION OF PORT SCANNER AND SNIFFER 1Snehal Dhabarde, 2Reshma Zade,3Nayan Paraswar, 4Samruddhi Sonak, Department of Information Technology, Rajiv Gandhi College of Engineering and Research Nagpur Email:[email protected],[email protected],3nayanparaswar [email protected],[email protected] Abstract: A port scanner is a piece of software Port scanning has different legitimate uses that it designed to search a network host for open performs in a system. It can be used to send a ports. The only way to track open ports is by request to connect to the aimed computer and using a port scanner, and the most accurate note the ports that responds or appears to open. port scanner will be an online port scan. This Port scanning is also used to configure project aims at the creation of a applications for network security to inform the comprehensive application, which can be used administrators in case they detect some at corporate environments. The port scanner connections across a wide range of ports from a and sniffer software is as simple as possible so single host. Port scanning may involve all of the that it can be configured even by a 65,535 ports or only the ports that are well- nontechnical person. This is often used by known to provide services vulnerable to different administrators to check the security of their security related exploits. If a port on a remote networks and by hackers to compromise it. host is open for incoming connection requests The main objective of this project is to scan and you send it a SYN packet, the remote host the various ports within a specified range.
    [Show full text]
  • Nmap Tutorial 1/10 2004-10-10 Lätt Redigerad Av Jan-Erik Jonsson
    NMap tutorial 1/10 2004-10-10 Lätt redigerad av Jan-Erik Jonsson Basic Scan Types [-sT, -sS] TCP connect() Scans [-sT] SYN Stealth Scanning [-sS] FIN, Null and Xmas Tree Scans [- sF, -sN, -sX] Ping Scanning [-sP] UDP Scans [-sU] IP Protocol Scans [-sO] Idle Scanning [-sI] ACK Scan [-sA] Window Scan, RPC Scan, List Scan [-sW, -sR, -sL] Timing And Hiding Scans Timing Decoys FTP Bounce Turning Pings Off Fragmenting Idle Scanning http://www.security-forums.com/forum/viewtopic.php?t=7872 NMAP - A Stealth Port Scanner by Andrew J. Bennieston 1 INTRODUCTION ................................................................................................................................................. 2 2 DISCLAIMER...................................................................................................................................................... 2 3 BASIC SCAN TYPES [-ST, -SS] ........................................................................................................................... 2 3.1 TCP connect() Scans [-sT]........................................................................................................................ 2 3.2 SYN Stealth Scanning [-sS]....................................................................................................................... 2 4 FIN, NULL AND XMAS TREE SCANS [-SF, -SN, -SX] ......................................................................................... 3 5 PING SCANNING [-SP] ......................................................................................................................................
    [Show full text]
  • Surveying Port Scans and Their Detection Methodologies
    Surveying Port Scans and Their Detection Methodologies Monowar H Bhuyan1, D K Bhattacharyya1 and J K Kalita2 1Department of Computer Science & Engineering Tezpur University Napaam, Tezpur, Assam, India 2Department of Computer Science University of Colorado at Colorado Springs CO 80933-7150, USA Email: mhb,dkb @tezu.ernet.in, [email protected] { } Scanning of ports on a computer occurs frequently on the Internet. An attacker performs port scans of IP addresses to find vulnerable hosts to compromise. However, it is also useful for system administrators and other network defenders to detect port scans as possible preliminaries to more serious attacks. It is a very difficult task to recognize instances of malicious port scanning. In general, a port scan may be an instance of a scan by attackers or an instance of a scan by network defenders. In this survey, we present research and development trends in this area. Our presentation includes a discussion of common port scan attacks. We provide a comparison of port scan methods based on type, mode of detection, mechanism used for detection, and other characteristics. This survey also reports on the available datasets and evaluation criteria for port scan detection approaches. Keywords: TCP/IP, UDP, OS fingerprinting, coordinated scanning Received 21 May 2010; revised 23 August 2010 1. INTRODUCTION similar, except that a positive response from the target results in further communication to determine whether The Internet is a complex entity comprised of diverse the target is vulnerable to a particular exploit. As can networks, users, and resources. Most users are oblivious be found in [3], most attacks are preceded by some form to the design of the Internet and its components and of scanning activity, particularly vulnerability scanning.
    [Show full text]
  • Evaluation of Network Port Scanning Tools
    Evaluation of Network Port Scanning Tools Nazar El-Nazeer and Kevin Daimi Department of Mathematics, Computer Science and Software Engineering University of Detroit Mercy, 4001 McNichols Road, Detroit, MI 48221 {elnazen, daimikj}@udmercy.edu ABSTRACT implies protecting data and information from attacks during their transmission from the source to destination. Attackers can detect the vulnerabilities in networks and Neglecting network port scans could result in possibly pose enormous threats in these situations. To unavoidable consequences. Network attackers prevent problems, cryptology provides the most continuously monitor and check communication ports promising measures to deter, prevent, detect, and correct looking for any open port. To protect computers and security violations. networks, computers need to be safeguarded against applications that aren't required by any function To protect computer networks, a number of protection currently in use. To accomplish this, the available ports tasks need to be implemented. These tasks are needed and the applications utilizing them should be to enforce the security for wireless network, electronic determined. This paper attempts to evaluate eight port mail, IP, and at the transport level. Furthermore, these scanning tools based on fifteen criterions. The criteria tasks should efficiently deal with intruders and were reached after fully testing each tool. The malicious software [23]. outcomes of the evaluation process are discussed. Internet and web are tremendously vulnerable to various Keywords attacks. Therefore securing web services is a critical requirement. In particular, security at the transport layer Network Security, Evaluation Criteria, Network must never be overlooked. The subdivision of the Security Tools, Network Port Scanning Internet by the transport layer presents ample outcomes both in the way in which business is performed on the network and with regard to the vulnerability caused by I.
    [Show full text]
  • Internet-Facing Plcs - a New Back Orifice
    Internet-facing PLCs - A New Back Orifice Johannes Klick, Stephan Lau, Daniel Marzin, Jan-Ole Malchow, Volker Roth Freie Universität Berlin - Secure Identity Research Group <firstname>.<lastname>@fu-berlin.de Abstract—Industrial control systems (ICS) are integral com- The approach we take is to turn PLCs into gateways (we ponents of production and control processes. Our modern infras- focus on Siemens PLCs). This is enabled by a notorious lack tructure heavily relies on them. Unfortunately, from a security of proper means of authentication in PLCs. A knowledgeable perspective, thousands of PLCs are deployed in an Internet-facing adversary with access to a PLC can download and upload code fashion. Security features are largely absent in PLCs. If they are to it, as long as the code consists of MC7 bytecode, which is the present then they are often ignored or disabled because security native form of PLC code. We explored the runtime environment is often at odds with operations. As a consequence, it is often possible to load arbitrary code onto an Internet-facing PLC. of PLCs and found that it is possible to implement several Besides being a grave problem in its own right, it is possible network services using uploaded MC7 code. In particular, we to leverage PLCs as network gateways into production networks implemented and perhaps even the corporate IT network. In this paper, we analyze and discuss this threat vector and we demonstrate • a SNMP scanner for Siemens PLCs, and that exploiting it is feasible. For demonstration purposes, we • developed a prototypical port scanner and a SOCKS proxy that a fully fledged SOCKS proxy for Siemens PLCs runs in a PLC.
    [Show full text]
  • NMAP - a Stealth Port Scanner
    NMAP - A Stealth Port Scanner Andrew J. Bennieston http://www.nmap-tutorial.com Contents 1 Introduction 4 2 Disclaimer 4 3 Basic Scan Types [-sT, -sS] 4 3.1 TCP connect() Scan [-sT] . 4 3.2 SYN Stealth Scan [-sS] . 5 4 FIN, Null and Xmas Tree Scans [-sF, -sN, -sX] 6 5 Ping Scan [-sP] 7 6 UDP Scan [-sU] 8 7 IP Protocol Scans [-sO] 8 8 Idle Scanning [-sI] 9 9 Version Detection [-sV] 10 10 ACK Scan [-sA] 10 11 Window Scan, RPC Scan, List Scan [-sW, -sR, -sL] 11 12 Timing and Hiding Scans 11 12.1 Timing . 11 12.2 Decoys . 11 12.3 FTP Bounce . 12 12.4 Turning Off Ping . 12 12.5 Fragmenting . 12 12.6 Idle Scanning . 13 13 OS Fingerprinting 13 14 Outputting Logs 13 15 Other Nmap Options 13 15.1 IPv6 . 13 15.2 Verbose Mode . 13 15.3 Resuming . 13 15.4 Reading Targets From A File . 14 15.5 Fast Scan . 14 15.6 Time-To-Live . 14 2 16 Typical Scanning Session 14 17 Frequently Asked Questions 18 17.1 I tried a scan and it appeared in firewall logs or alerts. What else can I do to help hide my scan? . 18 17.2 NMAP seems to have stopped, or my scan is taking a very long while. Why is this? . 19 17.3 Will -sN -sX and -sF work against any host, or just Windows hosts? 20 17.4 How do I find a dummy host for the Idle Scan (-sI)? . 20 17.5 What does ”Host seems down.
    [Show full text]
  • Network Fingerprint and Exploitation
    Contents Introduction .................................................................................................................................................. 1 Identifying Network Targets ......................................................................................................................... 1 Identifying the Hooked Browser’s Internal IP ............................................................................................... 1 Gateway-Finder using python script ............................................................................................................. 5 Identifying the Hooked Browser’s Subnet .................................................................................................... 9 Ping Sweeping ............................................................................................................................................. 12 Ping Sweeping using java ............................................................................................................................ 16 Port Scanning .............................................................................................................................................. 19 Bypassing Port banning ............................................................................................................................... 20 Scan network Port using the IMG Tag ........................................................................................................ 24 Distributed Port Scanning .........................................................................................................................
    [Show full text]
  • A Descriptive Study of Active Scanning & Reconnaissance Tools
    IARJSET ISSN (Online) 2393-8021 ISSN (Print) 2394-1588 International Advanced Research Journal in Science, Engineering and Technology Vol. 3, Issue 4, April 2016 A Descriptive study of Active Scanning & Reconnaissance tools Manjit Kaur1, Gurpreet Kaur2, Er. Gurjot Singh3 Post Graduate, P.G. Department of Computer Science & Applications, K.M.V., Jalandhar, Punjab, India 1,2 Asstt. Prof., P.G. Department of Computer Science & Applications, K.M.V., Jalandhar, Punjab, India 3 Abstract: Scanning is a skilled of pinpointing active and communicable system via internet. It makes use of assorted approaches such as operating system identification and port scanning to be aware of various services which are solicited by the system. It offers us information concerning the TCP/UDP services which are active on each discovered system, architecture of the system, type of operating system etc. Today, there is a constant increase in the number of automated scanners which further provides a path for the successful set up of attacks. A part scanner is a piece of software framed to rummage a network for open ports. This is commonly used by administrators to keep an eye on the security of their networks and by hackers to compromise it. Programs make use of ports to see and acknowledge the out of doors world. Viruses now have inbuilt port scanners that rummage the internet searching for unsuspecting computers with open ports, when they discover them, they cripple our software or worse, stay hidden and report our secret activity and subject matter to another system. In this paper, we have studied the detailing of ports, relative services running on particular ports and also extend the critical subject matter concerning port scanning tools.
    [Show full text]
  • Port Scanning Port Scanning
    Internet Security ECOM 5347 lab 2 Port Scanning Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem run many services that listen at certain ports. A service is a program that waits inside a loop for a request message from a client, and acts on the request. By port scanning, one discovers which ports are available (i.e., being listened to by a service). Essentially, a port scan consists of sending a message to each port, one at a time and examining the response received. If the port is in use, it can then be probed further for weakness. Port Scanning is one of the most popular among the reconnaissance techniques attackers use. Port Scanning Terms: Port Numbers: Both UDP and TCP use source and destination port numbers in their packets; the source and destination IP addresses are provided by the underlying IP. Port numbers are an abstraction manufactured by the network layer of the operating system in accordance with the TCP/IP standards These are 16-bit unsigned numbers. The port numbers are divided into three ranges: 1- Well Known Ports (from 0 through 1023) 2- Registered Ports (from 1024 through 49151) 3- Dynamic and/or Private Ports (from 49152 through 65535). 13 Internet Security ECOM 5347 lab 2 Port Scanning Sockets: A socket is an abstraction, similar to a file descriptor, constructed by socket(). A socket so constructed is bound to an IP address and port number via the bind() call.
    [Show full text]
  • Port Scanning Using Nmap
    © 2017 IJEDR | Volume 5, Issue 4 | ISSN: 2321-9939 Port scanning using Nmap 1Mamta Bhavsar, 2Dr. Priyanka Sharma, 3Manish Gokani 1 Student, 2Head Of Department, 3CEO, F1 Network Security 1,2 Department of Cyber Security, Raksha Shakti University, Ahmedabad (Gujarat) 3F1 Network Security, Vadodara (Gujarat) ________________________________________________________________________________________________________ Abstract— Anyone who wants to enter into cyber security domain or hacking world they all started with the port scanning. As we all know that Port is an endpoint of the communication where data enters into and go out from computer it is the first point that attacker or security administrator looking for. Port scanning is one of the most popular exploration techniques attacker used to discover services they can break into. Essentially, a port scan consists of sending a message to each port, one at time. The kind of response received indicates whether the port is open to exploit or not. Nmap is a security scanner used to discover open ports and services running on that port in a computer network. Index Terms— Nmap, Port Scanning, Network Scanning ________________________________________________________________________________________________________ I. Introduction A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services associated with that port. Port scanning is a favourite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Nmap is a free, open source tool that is available under the GNU General Public License as published by the Free Software Foundation. It is most often used by network administrators and IT security professionals or Hackers to scan enterprise networks, looking for live hosts, specific services, or specific operating systems.
    [Show full text]
  • Scan Strategy Guide
    Tenable Scan Strategy Tenable Professional Services Last Revised: May 07, 2021 Table of Contents Introduction 3 Network Assessment 4 Network Topology 5 Scan Target Identification 7 Customer Requirements 9 Tenable Resource Allocation 10 Scanning Methodology 11 Active Scan Schedule Options 12 Scan Policy Configuration 13 Host Discovery 14 Vulnerability Scan 16 External Vulnerability Scan 17 Compliance Checks 18 Scan Policy Settings 19 Related Documents 22 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Introduction The purpose of this document is to describe scan strategies that Tenable Professional Services Con- sultants recommend for their various customer environments. This document focuses on Tenable.io and Tenable.sc active scans that utilize Nessus. Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are - 3 - trademarks of their respective owners. Network Assessment The scan strategy that Tenable® recommends depends on several factors: l Network Topology l Scan Target Identification l Customer Requirements l Tenable Resource Allocation Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable,Inc.
    [Show full text]