Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Instructor’s Manual Materials to Accompany
COMPUTER SECURITY FUNDAMENTALS
CHAPTER 11
NETWORK SCANNING AND VULNERABILITY SCANNING
CHAPTER 11 OBJECTIVES
When students finish reading this chapter, they will be able to:
• Understand and be able to conduct basic system reconnaissance.
• Describe and use several port scanners.
• Understand how to derive useful information about a Web site from internic or the Netcraft Web site.
• Know how to locate information about a system or organization from Internet newsgroup postings.
• Understand the use of vulnerability scanners.
• Use port monitoring utilities.
CHAPTER OVERVIEW
Information is the key to compromising security. It is imperative that you assess your own organization’s
vulnerabilities in this regard. This chapter looks at some commonly used tools for both compromising security
and for a security-conscious network administrator to find and patch vulnerabilities. Students examine a variety of
port scanners as well as vulnerability scanners. It is critical that you know how to use them.
The major sections in this chapter are
2. Tracing the IP Address: How to find and trace network traffic on your target.
4. Social Engineering: How information from employees is discovered without using technology.
5. Scanning Tools: Commonly used and available tools to do port and vulnerability scanning.
CHAPTER OUTLINE
I. Chapter 11 Objectives
II. Introduction
III. Basics of Assessing a System
Patch
Ports
Protect
Policies
Probe
Physical
IV. Securing Computer Systems
Securing an Individual Workstation
Securing a Server
Securing a Network
V. Scanning Your Network
MBSA
NESSUS
VI. Getting Professional Help
VII. Summary
VIII. Test Your Skills
IX. Exercises
X. Projects
KEY TERMS
cracker One who breaks into a system to do something malicious, illegal, or harmful. A hacker with malicious
intent; synonymous with black hat hacker.
dumpster diving The process to search through trash looking for information that might be useful in hacking
(particularly social engineering) or identity theft.
network scanning The process to scan a network looking for vulnerabilities.
ping To send a single ICMP packet to a destination, usually to confirm that the destination can be reached.
port A numerical designation for a connection point on a computer. There are well-defined ports for specific
protocols, such as FTP port 21 and HTTP port 80.
sneaker Someone who attempts to compromise a system to assess its vulnerability.
social engineering Using interpersonal skills to extract information about a computer system and its security.
white hat hackers Hackers who hack only for legal/ethical purposes.
TEACHING NOTES
I. Basic Reconnaissance
Teaching Tips: Students must understand that an IP address will locate a computer on
the network, while a port number will locate an application or service running on that computer.
Teaching Tips: This is important. It may be illegal to run these tools on any system
other than the ones that students own and run. If they are to run these tools on another system, they must
first get permission from the network owners. Stress to students that running these tools at work or at
Troubleshooting: In many networks, these tools may be blocked at the firewall or
II. Using IP Registration Information
Teaching Tips: Have students access Google and type in their name, phone number,
or address. See how much personal information they can collect online on themselves or other classmates.
4
III. Scanning
Teaching Tips: Note that Web sites can be moved or updated without notice. The
PROJECTS/EXERCISES
I. Discussion Questions
A. Discussion Question 1
Does personal information available on the Internet make an employee an easier target
for social engineering?
B. Discussion Question 2
Should tools, such as SATAN, be made available over the Internet for free?
II. Web Projects
A. Web Project 1
Go to Google.com and type in your home phone number in the form 555 555 5555.
What information can you find?
B. Web Project 2
Go to http://netsecurity.about.com/cs/hackertools/a/aafreeportscan.htm and find out
how many free port scanners are available for downloading.
5
C. Web Project 3
Go to Google.com and type in “Chuck Easttom.” Then go to his Web site
http://www.chuckeasttom.com. What information can you find out about the author?
D. Web Project 4
Got to http://www.dumpsterworld.com. See what useful stuff people have found in
dumpsters.
Web Resources
• http://news.netcraft.com The Netcraft Web site, with information about Web servers
• http://www.visualware.com/ The Visualware Web site; it performs a visual trace route on a Web site
• http://www.rawlogic.com/netbrute The Web site for NetBrute, a port scanner that does more than
simply scan for open ports; it also gives you additional information
• http://www.fish.com/satan/mirrors.html A Web site that provides a list of SATAN download sites
• Social engineering Web sites:
• List of port numbers Web sites:
6
• Common search engines for further information:
CHAPTER REVIEW/ANSWERS TO TEST YOUR SKILLS
Multiple Choice
1. When a hacker reviews a network’s potential vulnerabilities, this assessment is referred to as
2. To learn what operating system a Web server is running, what utility would you use?
3. If you find a target web server running Windows NT 4.0, what might this tell you about that system?
4. Which of the following utilities can help you trace an IP address?
5. If you trace to a destination IP from multiple-source IPs and notice that the final few steps are always the
same, what does this tell you?
6. What is the most common goal in social engineering?
7. What is port scanning?
8. Which of the following best describes the value of knowing what ports are open?
9. If a scan determines that all default services are running, what might this finding indicate?
10. What feature of NetCop makes it particularly useful?
11. What application would you guess might be running on a Windows system that had port 118 open?
12. What information do you get from the NetBrute tab of NetBrute?
13. Which scanner can give you information about Windows Registry settings?
14. Which of the following utilities gives you the most information?
15. What should a system administrator do about vulnerabilities found on its system?
Exercises
EXERCISE 3.1: USING NETCOP, EXERCISE 3.2: USING NETBRUTE, EXERCISE 3.3: USING NETCRAFT,
EXERCISE 3.4: USING TRACERT AND NETCRAFT, AND EXERCISE 3.5: USING NETSTAT
3.4, successful students should explain how the information gleaned can be used by hackers.
Projects
PROJECT 3.1: USING CERBERUS INTERNET SCANNER
The Cerberus Internet Scanner provides information that the others do not; therefore successful students note the
PROJECT 3.2: PERFORMING A COMPLETE SCAN OF A SYSTEM
Students can use multiple scanners, getting different information from each. Successful students will not simply
PROJECT 3.3: TRACKING DOWN INFORMATION
The Internet is replete with Web sites that detail how to exploit flaws. In this project, skilled students track down
Case Study
In this case study, students evaluate how well the administrator has assessed her system. Successful students
identify that NetCop shows certain vulnerabilities such as open ports. However, students should also note that
