Networking Chapter 11 Instructors Manual Materials Accompany Computer Security Fundamentals Network Scanning And Vulnerability

Unlock access to all the studying documents.

View Full Document

Instructor’s Manual Materials to Accompany

COMPUTER SECURITY FUNDAMENTALS

CHAPTER 11

NETWORK SCANNING AND VULNERABILITY SCANNING

CHAPTER 11 OBJECTIVES

When students finish reading this chapter, they will be able to:

• Understand and be able to conduct basic system reconnaissance.

• Describe and use several port scanners.

• Understand how to derive useful information about a Web site from internic or the Netcraft Web site.

• Know how to locate information about a system or organization from Internet newsgroup postings.

• Understand the use of vulnerability scanners.

• Use port monitoring utilities.

CHAPTER OVERVIEW

Information is the key to compromising security. It is imperative that you assess your own organization’s

vulnerabilities in this regard. This chapter looks at some commonly used tools for both compromising security

and for a security-conscious network administrator to find and patch vulnerabilities. Students examine a variety of

port scanners as well as vulnerability scanners. It is critical that you know how to use them.

The major sections in this chapter are

2. Tracing the IP Address: How to find and trace network traffic on your target.

4. Social Engineering: How information from employees is discovered without using technology.

5. Scanning Tools: Commonly used and available tools to do port and vulnerability scanning.

CHAPTER OUTLINE

I. Chapter 11 Objectives

II. Introduction

III. Basics of Assessing a System

Patch

Ports

Protect

Policies

Probe

Physical

IV. Securing Computer Systems

Securing an Individual Workstation

Securing a Server

Securing a Network

V. Scanning Your Network

MBSA

NESSUS

VI. Getting Professional Help

VII. Summary

VIII. Test Your Skills

IX. Exercises

X. Projects

KEY TERMS

cracker One who breaks into a system to do something malicious, illegal, or harmful. A hacker with malicious

intent; synonymous with black hat hacker.

dumpster diving The process to search through trash looking for information that might be useful in hacking

(particularly social engineering) or identity theft.

network scanning The process to scan a network looking for vulnerabilities.

ping To send a single ICMP packet to a destination, usually to confirm that the destination can be reached.

port A numerical designation for a connection point on a computer. There are well-defined ports for specific

protocols, such as FTP port 21 and HTTP port 80.

sneaker Someone who attempts to compromise a system to assess its vulnerability.

social engineering Using interpersonal skills to extract information about a computer system and its security.

white hat hackers Hackers who hack only for legal/ethical purposes.

TEACHING NOTES

I. Basic Reconnaissance

Teaching Tips: Students must understand that an IP address will locate a computer on

the network, while a port number will locate an application or service running on that computer.

Teaching Tips: This is important. It may be illegal to run these tools on any system

other than the ones that students own and run. If they are to run these tools on another system, they must

first get permission from the network owners. Stress to students that running these tools at work or at

Troubleshooting: In many networks, these tools may be blocked at the firewall or

II. Using IP Registration Information

Teaching Tips: Have students access Google and type in their name, phone number,

or address. See how much personal information they can collect online on themselves or other classmates.

III. Scanning

Teaching Tips: Note that Web sites can be moved or updated without notice. The

PROJECTS/EXERCISES

I. Discussion Questions

A. Discussion Question 1

Does personal information available on the Internet make an employee an easier target

for social engineering?

B. Discussion Question 2

Should tools, such as SATAN, be made available over the Internet for free?

II. Web Projects

A. Web Project 1

Go to Google.com and type in your home phone number in the form 555 555 5555.

What information can you find?

B. Web Project 2

Go to http://netsecurity.about.com/cs/hackertools/a/aafreeportscan.htm and find out

how many free port scanners are available for downloading.

C. Web Project 3

Go to Google.com and type in “Chuck Easttom.” Then go to his Web site

http://www.chuckeasttom.com. What information can you find out about the author?

D. Web Project 4

Got to http://www.dumpsterworld.com. See what useful stuff people have found in

dumpsters.

Web Resources

• http://news.netcraft.com The Netcraft Web site, with information about Web servers

• http://www.visualware.com/ The Visualware Web site; it performs a visual trace route on a Web site

• http://www.rawlogic.com/netbrute The Web site for NetBrute, a port scanner that does more than

simply scan for open ports; it also gives you additional information

• http://www.fish.com/satan/mirrors.html A Web site that provides a list of SATAN download sites

• Social engineering Web sites:

• List of port numbers Web sites:

• Common search engines for further information:

CHAPTER REVIEW/ANSWERS TO TEST YOUR SKILLS

Multiple Choice

1. When a hacker reviews a network’s potential vulnerabilities, this assessment is referred to as

2. To learn what operating system a Web server is running, what utility would you use?

3. If you find a target web server running Windows NT 4.0, what might this tell you about that system?

4. Which of the following utilities can help you trace an IP address?

5. If you trace to a destination IP from multiple-source IPs and notice that the final few steps are always the

same, what does this tell you?

6. What is the most common goal in social engineering?

7. What is port scanning?

8. Which of the following best describes the value of knowing what ports are open?

9. If a scan determines that all default services are running, what might this finding indicate?

10. What feature of NetCop makes it particularly useful?

11. What application would you guess might be running on a Windows system that had port 118 open?

12. What information do you get from the NetBrute tab of NetBrute?

13. Which scanner can give you information about Windows Registry settings?

14. Which of the following utilities gives you the most information?

15. What should a system administrator do about vulnerabilities found on its system?

Exercises

EXERCISE 3.1: USING NETCOP, EXERCISE 3.2: USING NETBRUTE, EXERCISE 3.3: USING NETCRAFT,

EXERCISE 3.4: USING TRACERT AND NETCRAFT, AND EXERCISE 3.5: USING NETSTAT

3.4, successful students should explain how the information gleaned can be used by hackers.

Projects

PROJECT 3.1: USING CERBERUS INTERNET SCANNER

The Cerberus Internet Scanner provides information that the others do not; therefore successful students note the

PROJECT 3.2: PERFORMING A COMPLETE SCAN OF A SYSTEM

Students can use multiple scanners, getting different information from each. Successful students will not simply

PROJECT 3.3: TRACKING DOWN INFORMATION

The Internet is replete with Web sites that detail how to exploit flaws. In this project, skilled students track down

Case Study

In this case study, students evaluate how well the administrator has assessed her system. Successful students

identify that NetCop shows certain vulnerabilities such as open ports. However, students should also note that