SlideShare une entreprise Scribd logo

Network Management (CEN166) Project Presentation By Matthew Utin

Télécharger en tant que PPTX, PDF
M
Matthew Utin, Dip.IT, BSc (Hons) 1st Class
1  sur  47
Penetration testing the Payland Mining Co. Network and attached workstation’s By Matthew Utin Date:28/01/15
Introduction Why the role of penetration testing for this client? • The company PayLand mining Co, wants to check how secure their network and attached workstations are within their offices. What will be tested? • Wireless access points • The full network. • Attached workstations.
Requirements • Setting up a safe area to pen test • Notification to employees that testing is in progress. • A Linux machine .e.g. kali Linux or Ubuntu Linux, for performing tests. • Penetration testing tools. • Penetration test the Wi-Fi (Outside network) • Penetration test the inner network (Inside network) • Penetration test the workstations (Inside network) • Give information on fixes that can be implemented after the tests have been completed. • Word processing software to write up the end report.
Payland mining Co’s background • Payland mining Co, is the country’s leading export of RARANIUM, diamonds and other precious materials. • Here is a table below, showing the layout of the sites. Site One Site Two Site three • Server • Wap Network • Backup Server e.g. RAID. • Wap Network • Backup server e.g. RAID. • Wap Network • 50 workstations • 10 workstations • Router/Wi-Fi • Router/Wi-Fi • Router/Wi-Fi • 5 workstations
The penetration testing strategy. • The attacker scenario is going to be used to demonstrate what the network and systems can take to be compromised, this will show if the system is secure or not. • So the attacker would start from the outside to gain access to the inner network. As seen from the attack steps in the diagram. 1. Wi-Fi 2. Network 3. Workstation
Risk strategy To cover the risks of, performing a penetration test. For example the network going down after a test is performed. There will be some measures added to prevent any unforeseen circumstances, from occurring. The measures will be shown below: • A message given to the employees of the company that there will be testing on the network at a certain time, so they can prepare for any unsuspecting event that may arise. • Tell the network/system administrators to create a backup of the server before the tests have started.
Penetration testing analysis structure So how will the data be presented after the analysis of the Payland mining Co’s systems and networks has been tested? Payland mining Co will be notified about the network tests and will be given a table of changes that could be made within the network. The main structure that is used is below: • Risk report on vulnerability’s found. • Report on any problems that came up during the testing. • Report on improvements that can be made to the network. • Report on workstation improvements.
Wi-Fi security This penetration test is going to test the wireless access points to see how secure they are using the scenario of what an attacker would do to gain access to the network. The main tools that are going to be used for these sets of test’s are: • Aircrack-ng, this is used in cracking the network and used in the capture of data packets that will then be cracked to gain access to the inner network. • MacChanger, this is used to hide the mac address of the attacker’s machine, this is a must to hide the identity of the attacker.
Wi-Fi security – Mac Changer • The first step is to change the MAC address of the attackers computer e.g. the penetration testing machine, so that it will make the attacker harder to be traced. This is used in the keeping with the attacker scenario. • The next slide will show of a screenshot of the changed MAC address.
Wi-Fi security – Mac Changer Image. [1]. MAC Changer.
Wi-Fi security – Wireless penetration test • As you saw in image [1]. That the MAC address has now been changed, now the wireless tests can begin. • The next stage is to start up and run a program called Aircrack-ng this will be used to collect packets targeted wireless access point. To later be cracked.
Wi-Fi security – Wireless penetration test • As seen in the image [2]. above that the Payland mining .Co’s network, has been found but is using an unsecure encryption algorithm WEP. • The next stage is to try and collect the networks packets and try and brute force the password, using the Aircrack-ng’s own rainbow tables of common passwords. Image. [2]. Aircrack-ng
Wi-Fi security – Wireless penetration test • As seen in the image [3]. above that the Payland mining Co’s Wi-Fi is using a very weak password. Without the use of numbers or higher case letters. Image. [3]. Aircrack-ng cracking
Network security Since gaining access to the network from breaking into the wireless router, the network testing can begin, these tests will be split into two parts, showing the correct steps needed in collecting information about the network and also what sort of data is currently running on it. Test 1 - Network Reconnaissance and Footprinting Test 2 - Network Man-in-the-middle attack (MITMA)
Network security - Network Reconnaissance and Footprinting • The first task that would need to be done is to find out what is currently connected to the network, also is the system secure and all ports locked down. • The tool that is going to be used for this test, is “Zenmap” this is the same as “Nmap” but the GUI version, it is used to scan the network to find information about what is attached, to it and what the connected machines or devices are running on the network.
Network security - Network Reconnaissance and Footprinting As seen from Image [4]. below that Zenmap has been run and has found a number of open ports. • The NetBIOS port is open. • Possible the system is Windows XP SP2. • IP address of a possible target. 172.16.0.105Image. [4]. Showing the Zenmap scan.
Network security - Network Reconnaissance and Footprinting From Image [5]. It has a network location from the router. Image. [5]. Showing the network location.
Network security - Network Reconnaissance and Footprinting The below image [6]. is an overview of the full Zenmap scan, also showing it’s accuracy. Image. [6]. Showing the Zenmap scan overview.
Network security - Network Reconnaissance and Footprinting The below image [7]. is a screenshot of the Payland workstation, that is now the targeted victim. Image. [7]. Screenshot of the workstation. IP: 172.16.0.105. • This shows that Zenmap was correct in defining the system. • Now that a workstation has been found it’s time to start the (MITMA).
Network security - Network Man-in-the-middle attack • The man in the middle attack using ARP Poisoning will be testing how secure the network itself is and is it locked down e.g. using static ARP table enters to stop ARP spoofing on the network, if so this should also be implemented in all connected workstations to prevent this type of attack. • The first step of this attack is to implement SSL striping this will be used to strip the HTTPS on the victim so that it only uses the unsecure HTTP protocol. You can see SSL strip running in Image [8]. Image [8]. Showing SSL Strip running.
Network security - Network Man-in-the-middle attack • Now the tool Ettercap, is used to start the Arp poisoning on the network and sniff the data from the Payland Co network. Image [10]. Arp poisoning has been started on the workstation. IP: 172.16.0.105. Image [9]. Is showing the Ettercap running on wlan0.
Network security - Network Man-in-the-middle attack • Now that the (MITMA), has started. The data from the Ettercap needs to be put in to a more readable form. As Ettercap only outputs the data to the terminal. To put the data in a more readable form the tool Xplico is used by collecting the data from Ettercap. Image [11]. Creating a session on Xplico to capture the data sent from Ettercap.
Network security - Network Man-in-the-middle attack • As you can see from image [12]. That Xplico has been started. It will now be waiting for some incoming data packets. Image [12]. Awaiting data packets.
Network security - Network Man-in-the-middle attack • Now the Payland Mining Co’s workstation .e.g. the victim machine is started to create data by doing a quick web search. Image [13]. Workstation performing a web search.
Network security - Network Man-in-the-middle attack • As seen in image [14]. Xplico has now started to receive data from the Ettercap captured session, as seen on the previous slide that showed a simple web search. Image [14]. Showing collected Data.
Network security - Network Man-in-the-middle attack • This is the image tab within Xplico, that is showing the images that were searched from the Payland workstation. Image [15]. Showing image collected Data.
Network security - Network Man-in-the-middle attack • The two images below show the different types of network data that can be filtered and collected by Ettercap, this can then be used to get more information of the activity on the Payland workstation. Image [16]. Showing UR’L’s that were searched. Image [17]. Showing the workstations connections.
Network security - Network Man-in-the-middle attack • So what has been found in this test? • The network has no static ARP table set up. This would of prevented Arp Poisoning. • There is no user software set up. Which shows any network unwanted activity is happening and letting the user know something is wrong.
Workstation (System) security • The next stage is to test the workstation, now there is gained access to the network from breaking into the Wi-Fi router. • This will be done by testing out some known exploits on the windows XP SP2 system, the tool that is going to be used to perform this is called “Metasploit” this tool will execute exploits on the windows system from its vast attack library. • The exploit that is going to be tested to gain access to the system, is called “MS08-067” this Vulnerability allows remote code execution and also works on Windows XP Service Pack 3. If it has not been manually patched by the system owner. To view more information about this exploit view reference [34] and [35].
Workstation (System) security • This is a screenshot of the Payland mining Co's workstation, as you can see that there is a file that is named “Important document.txt” that the user has left on the desktop. This is unsafe the data is also unencrypted. Image [18]. Workstation desktop.
Workstation (System) security • Now lets start a penetration test on the system to see if it is manually patched for the “MS08-067” this Vulnerability. This will be done by starting up the tool Metasploit and using the exploit. Image [19]. Metasploit starting up.
Workstation (System) security • As seen from the bottom image that Metasploit was successful in executing its payload and gaining assess to the system! Image [20]. Metasploit executed its payload on the workstation. IP Address: 172.16.0.105. • Now let’s find that unsecure file and read it’s data.
Workstation (System) security • As you can see that important document.txt has been found. To view the contents of this file, you would have to use the windows type command. • But this only works if the file name has no spaces, to get around this the windows “ren” command was used e.g. rename. To change the name to one word e.g. “importantdocument.txt”. As Linux had a problem reading in the double quotes “” when using the type command. Image [21]. File found. Image [22]. File contents.
Workstation (System) security • Now the attacker can be given full system privileges and can then read the system processes as seen in the images below. Image [23]. Getting full system privileges. Image [24]. System processes.
Workstation (System) security The end results of the system tests. • The system is not fully patched and updated. System is vulnerable. • No anti-virus program running on the system. • No software firewall running • Discontinued operating system. • Storing sensitive files on the user desktop. Also unencrypted.
Results – Wi-Fi security Type Of Tests Performed Results Recommended Fix Wi-Fi security 1. Wireless cracking Test (1)  Poor encryption algorithm e.g. the use of WEP. [32].  A very weak password. Without the use of numbers or higher case letters.  Use a more secure encrypting algorithm. [15].  Could use a radius server for login details.
Results – Network security Type Of Tests Performed Results Recommended Fix Network security 1. Network Reconnaissance and Foot printing 1. Network Man-in-the- middle attack (Test) Test (1)  Un-updated and patched system. Running windows XP SP2.  The Net bios port is open also some other ports, this is unsecure and could be exploited in a hacking attempt. Test (2)  The network has no static ARP table set up.  There is no user software set up, that shows any network unwanted activity is happening letting the user know something is wrong  No firewall running on the system or network.  Lock down un-used ports.  Could use some sort of ARP Gard that analyses live network traffic. [23].  Could do with some firewall protection. [10].  Could also use a VPN to tunnel a secure internet connection, to encapsulate and encrypt all of the network data.
Results – Workstation (System) security Type Of Tests Performed Results Recommended Fix Workstation (System) security 1. Exploiting system Vulnerability’s Test (1)  The system is not patched or updated.  Using an out of date operating system.  No anti-virus running.  The system needs to be fully patched and updated.  Needs an anti-virus program running on the system.  The system needs a software firewall. [7].  The operating system needs an update to a newer version of windows.  Taking up a user policy so private data is secure .e.g. not storing sensitive files on the user desktop.  Taking up ISO 27001 certification. [36].
Any Questions?
Log File.
References [1]. CHIANG, J.T., J.J. HAAS, YIH-CHUN HU, P.R. KUMAR and J. CHOI, 2009. Fundamental Limits on Secure Clock Synchronization and Man-In-The-Middle Detection in Fixed Wireless Networks. INFOCOM 2009, IEEE, 1962-1970. [2]. GLASS, S.M., V. MUTHUKKUMARASAMY and M. PORTMANN, 2009. Detecting Man-in-the- Middle and Wormhole Attacks in Wireless Mesh Networks. Advanced Information Networking and Applications, 2009.AINA '09.International Conference on, 530-538. [3]. TRABELSI, Z. and K. SHUAIB, 2006. NIS04-4: Man in the Middle Intrusion Detection. Global Telecommunications Conference, 2006.GLOBECOM '06.IEEE, 1-6. [4]. ATAULLAH, M. and N. CHAUHAN, 2012. ES-ARP: An efficient and secure Address Resolution Protocol. Electrical, Electronics and Computer Science (SCEECS), 2012 IEEE Students' Conference on, 1-5. [5]. SALIM, H., Z. LI, H. TU and Z. GUO, 2012. Preventing ARP Spoofing Attacks through Gratuitous Decision Packet. Distributed Computing and Applications to Business, Engineering & Science (DCABES), 2012 11th International Symposium on, 295-300.
References [6]. PANDEY, P., 2013. Prevention of ARP spoofing: A probe packet based technique. Advance Computing Conference (IACC), 2013 IEEE 3rd International, 147-153. [7]. GUANGJIA, S. and J. ZHENZHOU, 2013. Review of Address Resolution Process Attacks and Prevention Research. Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2013 Third International Conference on, 994-998. [8]. CALLEGATI, F., W. CERRONI and M. RAMILLI, 2009. Man-in-the-Middle Attack to the HTTPS Protocol. Security & Privacy, IEEE 7(1), 78-81. [9]. JANBEGLOU, M., M. ZAMANI and S. IBRAHIM, 2010. Redirecting network traffic toward a fake DNS server on a LAN. Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on 2, 429-433. [10]. BELENGUER, J. and C.T. CALAFATE, 2007. A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments. Emerging Security Information, Systems, and Technologies, 2007.SecureWare 2007.The International Conference on, 122-127. [11]. FAYYAZ, F. and H. RASHEED, 2012. Using JPCAP to Prevent Man-in-the-Middle Attacks in a Local Area Network Environment. Potentials, IEEE 31(4), 35-37.
References [12]. KIRAVUO, T., M. SARELA and J. MANNER, 2013. A Survey of Ethernet LAN Security. Communications Surveys & Tutorials, IEEE 15(3), 1477-1491. [13]. MOHAMMED, L.A. and B. ISSAC, 2005. DoS attacks and defence mechanisms in wireless networks. Mobile Technology, Applications and Systems, 2005 2nd International Conference on, 8 pp.-8. [14]. KOWALSKI, M.B., K.D. BERTOLINO and S. BASAGNI, 2006. Hack Boston: Monitoring Wireless Security Awareness in an Urban Setting. Electrical and Computer Engineering, 2006.CCECE '06.Canadian Conference on, 1308-1311. [15]. ZHANG, L., J. YU, Z. DENG and R. ZHANG, 2012. The security analysis of WPA encryption in wireless network. Consumer Electronics, Communications and Networks (CECNet), 2012 2nd International Conference on, 1563-1567. [16]. HUNT, R. and S. ZEADALLY, 2012. Network Forensics: An Analysis of Techniques, Tools, and Trends. Computer 45(12), 36-43. [17]. GHANEM, W.A.H.M. and B. BELATON, 2013. Improving accuracy of applications fingerprinting on local networks using NMAP-AMAP-ETTERCAP as a hybrid framework. Control System, Computing and Engineering (ICCSCE), 2013 IEEE International Conference on, 403-407.
References [18]. KOCHER, J.E. and D.P. GILLIAM, 2005. Self-port scanning tool: providing a more secure computing environment through the use of proactive port scanning. Enabling Technologies: Infrastructure for Collaborative Enterprise, 2005.14th IEEE International Workshops on, 139-143. [19]. LIMMANEEWICHID, P. and W. LILAKIATSAKUN, 2011. The cryptographic trailer based authentication scheme for ARP. Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2011 8th International Conference on, 280-283. [20]. FAN, H., Y. DONG, M. YU and L. TUNG, 2013. Security Threats against the Communication Networks for Traffic Control Systems. Systems, Man, and Cybernetics (SMC), 2013 IEEE International Conference on, 4783-4788. [21]. BIN, M.N., K.A. JALIL and J.-.A. MANAN, 2012. An enhanced remote authentication scheme to mitigate man-in-the-browser attacks. Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on, 271-276. [22]. YANG, Y., K. MCLAUGHLIN, T. LITTLER, S. SEZER, G.I. EUL, Z.Q. YAO, B. PRANGGONO and H.F. WANG, 2012. Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in Smart Grid SCADA systems. Sustainable Power Generation and Supply (SUPERGEN 2012), International Conference on, 1-8.
References [23]. SHIKHA, V. KAUSHIK and S. GAUTAM, 2013. Wireless LAN (WLAN) spoofing detection methods - Analysis and the victim Silent case. Signal Processing and Communication (ICSC), 2013 International Conference on, 155-160. [24]. Aircrack-ng.org, (2014). Aircrack-ng. [online] Available at: http://www.aircrack-ng.org/ [Accessed 30 Oct. 2014]. [25]. Nmap.org, (2014). Nmap - Free Security Scanner For Network Exploration & Security Audits. [online] Available at: http://nmap.org/ [Accessed 30 Oct. 2014]. [26]. Kali.org, (2014). Kali Linux is an open source project that is maintained and funded by Offensive Security. [online] Available at: http://www.kali.org/ [Accessed 30 Oct. 2014]. [27]. Linux.com, (2012). Linux.com | The source for Linux information. [online] Available at: http://www.linux.com/ [Accessed 30 Oct. 2014]. [28]. Lifehacker UK, (2012). How to Crack a Wi-Fi Network's WPA Password with Reaver. [online] Available at: http://www.lifehacker.co.uk/2012/01/09/crack-wi-fi-networks-wpa-password-reaver [Accessed 30 Oct. 2014].
References [29]. Pen-testing.sans.org, (2013). SANS Penetration Testing | Nmap Cheat Sheet 1.0 | SANS Institute. [online] Available at: http://pen-testing.sans.org/blog/pen-testing/2013/10/08/nmap- cheat-sheet-1-0 [Accessed 30 Oct. 2014]. [30]. Dalziel, H. (2013). Top ten penetration testing tools. [online] Concise-courses.com. Available at: http://www.concise-courses.com/security/top-ten-pentesting-tools/ [Accessed 30 Oct. 2014]. [31]. IFSEC Global, (2012). Negligent WiFi Brits at serious risk of ID theft - IFSEC Global. [online] Available at: http://www.ifsecglobal.com/negligent-wifi-brits-at-serious-risk-of-id-theft/ [Accessed 25 Jan. 2015]. [32]. Jackson, M. (2013). Study Finds 36% of WiFi Hotspots in London are Completely Unsecured - ISPreview UK. [online] Ispreview.co.uk. Available at: http://www.ispreview.co.uk/index.php/2013/08/study-finds-36-wifi-hotspots-london-completely- unsecured.html [Accessed 25 Jan. 2015]. [33]. Graphs.net, (2014). Graphs, Infographics. [online] Available at: http://graphs.net/wifi- stats.html [Accessed 25 Jan. 2015].https://wiki.archlinux.org/index.php/MAC_address_spoofing
References [34]. Technet.microsoft.com, (2008). Microsoft Security Bulletin MS08-067 - Critical. [online] Available at: https://technet.microsoft.com/en-us/library/security/ms08-067.aspx [Accessed 25 Jan. 2015]. [35]. Rapid7.com, (2014). CVE-2008-4250 MS08-067 Microsoft Server Service Relative Path Stack Corruption | Rapid7. [online] Available at: http://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi [Accessed 25 Jan. 2015]. [36]. Iso.org, (2014). 'ISO 27001 - Information Security Management'. [online] Available at: http://www.iso.org/iso/home/standards/management-standards/iso27001.htm, [Accessed 18 Feb. 2015].

Recommandé

Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
Joseph Bugeja
 
Danger of Proxy ARP in IX environment
Danger of Proxy ARP in IX environmentDanger of Proxy ARP in IX environment
Danger of Proxy ARP in IX environment
Maksym Tulyuk
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
 
Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018
Mender.io
 

Recommandé

Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
Joseph Bugeja
 
Danger of Proxy ARP in IX environment
Danger of Proxy ARP in IX environmentDanger of Proxy ARP in IX environment
Danger of Proxy ARP in IX environment
Maksym Tulyuk
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
 
Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018
Mender.io
 
Free OpManager training Part 3 - Monitoring Network Performance and Network Maps
Free OpManager training Part 3 - Monitoring Network Performance and Network MapsFree OpManager training Part 3 - Monitoring Network Performance and Network Maps
Free OpManager training Part 3 - Monitoring Network Performance and Network Maps
ManageEngine, Zoho Corporation
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installation
networkershome
 
U Plug, We Play - NED Summit. Cork, Ireland
U Plug, We Play - NED Summit. Cork, IrelandU Plug, We Play - NED Summit. Cork, Ireland
U Plug, We Play - NED Summit. Cork, Ireland
DTM Security
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
Chong-Kuan Chen
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
Adetunji Adeoje
 
Black Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware AnalysisBlack Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware Analysis
Brian Baskin
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
Sam Bowne
 
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
ManageEngine, Zoho Corporation
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 
The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security
Filip Waeytens
 
Network scanning
Network scanningNetwork scanning
Network scanning
oceanofwebs
 
Firewall
FirewallFirewall
Firewall
Mohanasundaram Nattudurai
 
Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3
ManageEngine, Zoho Corporation
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Sam Bowne
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
Cal Leeming
 
Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)
Piyush Upadhyay
 
Рабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC LabРабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC Lab
UC2
 
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionCNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
Sam Bowne
 
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
ManageEngine, Zoho Corporation
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
Asep Sopyan
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET Journal
 

Contenu connexe

Tendances

2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
Chong-Kuan Chen
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 

Tendances (20)

Free OpManager training Part 3 - Monitoring Network Performance and Network Maps
Free OpManager training Part 3 - Monitoring Network Performance and Network MapsFree OpManager training Part 3 - Monitoring Network Performance and Network Maps
Free OpManager training Part 3 - Monitoring Network Performance and Network Maps
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installation
 
U Plug, We Play - NED Summit. Cork, Ireland
U Plug, We Play - NED Summit. Cork, IrelandU Plug, We Play - NED Summit. Cork, Ireland
U Plug, We Play - NED Summit. Cork, Ireland
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
Black Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware AnalysisBlack Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware Analysis
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
 
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Firewall
FirewallFirewall
Firewall
 
Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
 
Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)
 
Рабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC LabРабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC Lab
 
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionCNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
 
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
 

Similaire à Network Management (CEN166) Project Presentation By Matthew Utin

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
Karen Oliver
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1
Florin D. Tanasache
 
network monitoring system ppt
network monitoring system pptnetwork monitoring system ppt
network monitoring system ppt
ashutosh rai
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 

Similaire à Network Management (CEN166) Project Presentation By Matthew Utin (20)

Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit Framework
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit framework
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Identify and resolve network problems
Identify and resolve network problemsIdentify and resolve network problems
Identify and resolve network problems
 
Sec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brownSec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brown
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training Sample
 
Network Security VMs Project.pdf
Network Security VMs Project.pdfNetwork Security VMs Project.pdf
Network Security VMs Project.pdf
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1
 
Network Monitoring System ppt.pdf
Network Monitoring System ppt.pdfNetwork Monitoring System ppt.pdf
Network Monitoring System ppt.pdf
 
network monitoring system ppt
network monitoring system pptnetwork monitoring system ppt
network monitoring system ppt
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
International Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics EngineeringInternational Conference On Electrical and Electronics Engineering
International Conference On Electrical and Electronics Engineering
 
Wi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationWi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu Exploitation
 
PrismTech Integrated Communications Systems Modeling
PrismTech Integrated Communications Systems ModelingPrismTech Integrated Communications Systems Modeling
PrismTech Integrated Communications Systems Modeling
 
Netw200 final joshua_brown
Netw200 final joshua_brownNetw200 final joshua_brown
Netw200 final joshua_brown
 
Ceh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffersCeh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffers
 
Nmap
NmapNmap
Nmap
 

Network Management (CEN166) Project Presentation By Matthew Utin

  • 1. Penetration testing the Payland Mining Co. Network and attached workstation’s By Matthew Utin Date:28/01/15
  • 2. Introduction Why the role of penetration testing for this client? • The company PayLand mining Co, wants to check how secure their network and attached workstations are within their offices. What will be tested? • Wireless access points • The full network. • Attached workstations.
  • 3. Requirements • Setting up a safe area to pen test • Notification to employees that testing is in progress. • A Linux machine .e.g. kali Linux or Ubuntu Linux, for performing tests. • Penetration testing tools. • Penetration test the Wi-Fi (Outside network) • Penetration test the inner network (Inside network) • Penetration test the workstations (Inside network) • Give information on fixes that can be implemented after the tests have been completed. • Word processing software to write up the end report.
  • 4. Payland mining Co’s background • Payland mining Co, is the country’s leading export of RARANIUM, diamonds and other precious materials. • Here is a table below, showing the layout of the sites. Site One Site Two Site three • Server • Wap Network • Backup Server e.g. RAID. • Wap Network • Backup server e.g. RAID. • Wap Network • 50 workstations • 10 workstations • Router/Wi-Fi • Router/Wi-Fi • Router/Wi-Fi • 5 workstations
  • 5. The penetration testing strategy. • The attacker scenario is going to be used to demonstrate what the network and systems can take to be compromised, this will show if the system is secure or not. • So the attacker would start from the outside to gain access to the inner network. As seen from the attack steps in the diagram. 1. Wi-Fi 2. Network 3. Workstation
  • 6. Risk strategy To cover the risks of, performing a penetration test. For example the network going down after a test is performed. There will be some measures added to prevent any unforeseen circumstances, from occurring. The measures will be shown below: • A message given to the employees of the company that there will be testing on the network at a certain time, so they can prepare for any unsuspecting event that may arise. • Tell the network/system administrators to create a backup of the server before the tests have started.
  • 7. Penetration testing analysis structure So how will the data be presented after the analysis of the Payland mining Co’s systems and networks has been tested? Payland mining Co will be notified about the network tests and will be given a table of changes that could be made within the network. The main structure that is used is below: • Risk report on vulnerability’s found. • Report on any problems that came up during the testing. • Report on improvements that can be made to the network. • Report on workstation improvements.
  • 8. Wi-Fi security This penetration test is going to test the wireless access points to see how secure they are using the scenario of what an attacker would do to gain access to the network. The main tools that are going to be used for these sets of test’s are: • Aircrack-ng, this is used in cracking the network and used in the capture of data packets that will then be cracked to gain access to the inner network. • MacChanger, this is used to hide the mac address of the attacker’s machine, this is a must to hide the identity of the attacker.
  • 9. Wi-Fi security – Mac Changer • The first step is to change the MAC address of the attackers computer e.g. the penetration testing machine, so that it will make the attacker harder to be traced. This is used in the keeping with the attacker scenario. • The next slide will show of a screenshot of the changed MAC address.
  • 10. Wi-Fi security – Mac Changer Image. [1]. MAC Changer.
  • 11. Wi-Fi security – Wireless penetration test • As you saw in image [1]. That the MAC address has now been changed, now the wireless tests can begin. • The next stage is to start up and run a program called Aircrack-ng this will be used to collect packets targeted wireless access point. To later be cracked.
  • 12. Wi-Fi security – Wireless penetration test • As seen in the image [2]. above that the Payland mining .Co’s network, has been found but is using an unsecure encryption algorithm WEP. • The next stage is to try and collect the networks packets and try and brute force the password, using the Aircrack-ng’s own rainbow tables of common passwords. Image. [2]. Aircrack-ng
  • 13. Wi-Fi security – Wireless penetration test • As seen in the image [3]. above that the Payland mining Co’s Wi-Fi is using a very weak password. Without the use of numbers or higher case letters. Image. [3]. Aircrack-ng cracking
  • 14. Network security Since gaining access to the network from breaking into the wireless router, the network testing can begin, these tests will be split into two parts, showing the correct steps needed in collecting information about the network and also what sort of data is currently running on it. Test 1 - Network Reconnaissance and Footprinting Test 2 - Network Man-in-the-middle attack (MITMA)
  • 15. Network security - Network Reconnaissance and Footprinting • The first task that would need to be done is to find out what is currently connected to the network, also is the system secure and all ports locked down. • The tool that is going to be used for this test, is “Zenmap” this is the same as “Nmap” but the GUI version, it is used to scan the network to find information about what is attached, to it and what the connected machines or devices are running on the network.
  • 16. Network security - Network Reconnaissance and Footprinting As seen from Image [4]. below that Zenmap has been run and has found a number of open ports. • The NetBIOS port is open. • Possible the system is Windows XP SP2. • IP address of a possible target. 172.16.0.105Image. [4]. Showing the Zenmap scan.
  • 17. Network security - Network Reconnaissance and Footprinting From Image [5]. It has a network location from the router. Image. [5]. Showing the network location.
  • 18. Network security - Network Reconnaissance and Footprinting The below image [6]. is an overview of the full Zenmap scan, also showing it’s accuracy. Image. [6]. Showing the Zenmap scan overview.
  • 19. Network security - Network Reconnaissance and Footprinting The below image [7]. is a screenshot of the Payland workstation, that is now the targeted victim. Image. [7]. Screenshot of the workstation. IP: 172.16.0.105. • This shows that Zenmap was correct in defining the system. • Now that a workstation has been found it’s time to start the (MITMA).
  • 20. Network security - Network Man-in-the-middle attack • The man in the middle attack using ARP Poisoning will be testing how secure the network itself is and is it locked down e.g. using static ARP table enters to stop ARP spoofing on the network, if so this should also be implemented in all connected workstations to prevent this type of attack. • The first step of this attack is to implement SSL striping this will be used to strip the HTTPS on the victim so that it only uses the unsecure HTTP protocol. You can see SSL strip running in Image [8]. Image [8]. Showing SSL Strip running.
  • 21. Network security - Network Man-in-the-middle attack • Now the tool Ettercap, is used to start the Arp poisoning on the network and sniff the data from the Payland Co network. Image [10]. Arp poisoning has been started on the workstation. IP: 172.16.0.105. Image [9]. Is showing the Ettercap running on wlan0.
  • 22. Network security - Network Man-in-the-middle attack • Now that the (MITMA), has started. The data from the Ettercap needs to be put in to a more readable form. As Ettercap only outputs the data to the terminal. To put the data in a more readable form the tool Xplico is used by collecting the data from Ettercap. Image [11]. Creating a session on Xplico to capture the data sent from Ettercap.
  • 23. Network security - Network Man-in-the-middle attack • As you can see from image [12]. That Xplico has been started. It will now be waiting for some incoming data packets. Image [12]. Awaiting data packets.
  • 24. Network security - Network Man-in-the-middle attack • Now the Payland Mining Co’s workstation .e.g. the victim machine is started to create data by doing a quick web search. Image [13]. Workstation performing a web search.
  • 25. Network security - Network Man-in-the-middle attack • As seen in image [14]. Xplico has now started to receive data from the Ettercap captured session, as seen on the previous slide that showed a simple web search. Image [14]. Showing collected Data.
  • 26. Network security - Network Man-in-the-middle attack • This is the image tab within Xplico, that is showing the images that were searched from the Payland workstation. Image [15]. Showing image collected Data.
  • 27. Network security - Network Man-in-the-middle attack • The two images below show the different types of network data that can be filtered and collected by Ettercap, this can then be used to get more information of the activity on the Payland workstation. Image [16]. Showing UR’L’s that were searched. Image [17]. Showing the workstations connections.
  • 28. Network security - Network Man-in-the-middle attack • So what has been found in this test? • The network has no static ARP table set up. This would of prevented Arp Poisoning. • There is no user software set up. Which shows any network unwanted activity is happening and letting the user know something is wrong.
  • 29. Workstation (System) security • The next stage is to test the workstation, now there is gained access to the network from breaking into the Wi-Fi router. • This will be done by testing out some known exploits on the windows XP SP2 system, the tool that is going to be used to perform this is called “Metasploit” this tool will execute exploits on the windows system from its vast attack library. • The exploit that is going to be tested to gain access to the system, is called “MS08-067” this Vulnerability allows remote code execution and also works on Windows XP Service Pack 3. If it has not been manually patched by the system owner. To view more information about this exploit view reference [34] and [35].
  • 30. Workstation (System) security • This is a screenshot of the Payland mining Co's workstation, as you can see that there is a file that is named “Important document.txt” that the user has left on the desktop. This is unsafe the data is also unencrypted. Image [18]. Workstation desktop.
  • 31. Workstation (System) security • Now lets start a penetration test on the system to see if it is manually patched for the “MS08-067” this Vulnerability. This will be done by starting up the tool Metasploit and using the exploit. Image [19]. Metasploit starting up.
  • 32. Workstation (System) security • As seen from the bottom image that Metasploit was successful in executing its payload and gaining assess to the system! Image [20]. Metasploit executed its payload on the workstation. IP Address: 172.16.0.105. • Now let’s find that unsecure file and read it’s data.
  • 33. Workstation (System) security • As you can see that important document.txt has been found. To view the contents of this file, you would have to use the windows type command. • But this only works if the file name has no spaces, to get around this the windows “ren” command was used e.g. rename. To change the name to one word e.g. “importantdocument.txt”. As Linux had a problem reading in the double quotes “” when using the type command. Image [21]. File found. Image [22]. File contents.
  • 34. Workstation (System) security • Now the attacker can be given full system privileges and can then read the system processes as seen in the images below. Image [23]. Getting full system privileges. Image [24]. System processes.
  • 35. Workstation (System) security The end results of the system tests. • The system is not fully patched and updated. System is vulnerable. • No anti-virus program running on the system. • No software firewall running • Discontinued operating system. • Storing sensitive files on the user desktop. Also unencrypted.
  • 36. Results – Wi-Fi security Type Of Tests Performed Results Recommended Fix Wi-Fi security 1. Wireless cracking Test (1)  Poor encryption algorithm e.g. the use of WEP. [32].  A very weak password. Without the use of numbers or higher case letters.  Use a more secure encrypting algorithm. [15].  Could use a radius server for login details.
  • 37. Results – Network security Type Of Tests Performed Results Recommended Fix Network security 1. Network Reconnaissance and Foot printing 1. Network Man-in-the- middle attack (Test) Test (1)  Un-updated and patched system. Running windows XP SP2.  The Net bios port is open also some other ports, this is unsecure and could be exploited in a hacking attempt. Test (2)  The network has no static ARP table set up.  There is no user software set up, that shows any network unwanted activity is happening letting the user know something is wrong  No firewall running on the system or network.  Lock down un-used ports.  Could use some sort of ARP Gard that analyses live network traffic. [23].  Could do with some firewall protection. [10].  Could also use a VPN to tunnel a secure internet connection, to encapsulate and encrypt all of the network data.
  • 38. Results – Workstation (System) security Type Of Tests Performed Results Recommended Fix Workstation (System) security 1. Exploiting system Vulnerability’s Test (1)  The system is not patched or updated.  Using an out of date operating system.  No anti-virus running.  The system needs to be fully patched and updated.  Needs an anti-virus program running on the system.  The system needs a software firewall. [7].  The operating system needs an update to a newer version of windows.  Taking up a user policy so private data is secure .e.g. not storing sensitive files on the user desktop.  Taking up ISO 27001 certification. [36].
  • 41. References [1]. CHIANG, J.T., J.J. HAAS, YIH-CHUN HU, P.R. KUMAR and J. CHOI, 2009. Fundamental Limits on Secure Clock Synchronization and Man-In-The-Middle Detection in Fixed Wireless Networks. INFOCOM 2009, IEEE, 1962-1970. [2]. GLASS, S.M., V. MUTHUKKUMARASAMY and M. PORTMANN, 2009. Detecting Man-in-the- Middle and Wormhole Attacks in Wireless Mesh Networks. Advanced Information Networking and Applications, 2009.AINA '09.International Conference on, 530-538. [3]. TRABELSI, Z. and K. SHUAIB, 2006. NIS04-4: Man in the Middle Intrusion Detection. Global Telecommunications Conference, 2006.GLOBECOM '06.IEEE, 1-6. [4]. ATAULLAH, M. and N. CHAUHAN, 2012. ES-ARP: An efficient and secure Address Resolution Protocol. Electrical, Electronics and Computer Science (SCEECS), 2012 IEEE Students' Conference on, 1-5. [5]. SALIM, H., Z. LI, H. TU and Z. GUO, 2012. Preventing ARP Spoofing Attacks through Gratuitous Decision Packet. Distributed Computing and Applications to Business, Engineering & Science (DCABES), 2012 11th International Symposium on, 295-300.
  • 42. References [6]. PANDEY, P., 2013. Prevention of ARP spoofing: A probe packet based technique. Advance Computing Conference (IACC), 2013 IEEE 3rd International, 147-153. [7]. GUANGJIA, S. and J. ZHENZHOU, 2013. Review of Address Resolution Process Attacks and Prevention Research. Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2013 Third International Conference on, 994-998. [8]. CALLEGATI, F., W. CERRONI and M. RAMILLI, 2009. Man-in-the-Middle Attack to the HTTPS Protocol. Security & Privacy, IEEE 7(1), 78-81. [9]. JANBEGLOU, M., M. ZAMANI and S. IBRAHIM, 2010. Redirecting network traffic toward a fake DNS server on a LAN. Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on 2, 429-433. [10]. BELENGUER, J. and C.T. CALAFATE, 2007. A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments. Emerging Security Information, Systems, and Technologies, 2007.SecureWare 2007.The International Conference on, 122-127. [11]. FAYYAZ, F. and H. RASHEED, 2012. Using JPCAP to Prevent Man-in-the-Middle Attacks in a Local Area Network Environment. Potentials, IEEE 31(4), 35-37.
  • 43. References [12]. KIRAVUO, T., M. SARELA and J. MANNER, 2013. A Survey of Ethernet LAN Security. Communications Surveys & Tutorials, IEEE 15(3), 1477-1491. [13]. MOHAMMED, L.A. and B. ISSAC, 2005. DoS attacks and defence mechanisms in wireless networks. Mobile Technology, Applications and Systems, 2005 2nd International Conference on, 8 pp.-8. [14]. KOWALSKI, M.B., K.D. BERTOLINO and S. BASAGNI, 2006. Hack Boston: Monitoring Wireless Security Awareness in an Urban Setting. Electrical and Computer Engineering, 2006.CCECE '06.Canadian Conference on, 1308-1311. [15]. ZHANG, L., J. YU, Z. DENG and R. ZHANG, 2012. The security analysis of WPA encryption in wireless network. Consumer Electronics, Communications and Networks (CECNet), 2012 2nd International Conference on, 1563-1567. [16]. HUNT, R. and S. ZEADALLY, 2012. Network Forensics: An Analysis of Techniques, Tools, and Trends. Computer 45(12), 36-43. [17]. GHANEM, W.A.H.M. and B. BELATON, 2013. Improving accuracy of applications fingerprinting on local networks using NMAP-AMAP-ETTERCAP as a hybrid framework. Control System, Computing and Engineering (ICCSCE), 2013 IEEE International Conference on, 403-407.
  • 44. References [18]. KOCHER, J.E. and D.P. GILLIAM, 2005. Self-port scanning tool: providing a more secure computing environment through the use of proactive port scanning. Enabling Technologies: Infrastructure for Collaborative Enterprise, 2005.14th IEEE International Workshops on, 139-143. [19]. LIMMANEEWICHID, P. and W. LILAKIATSAKUN, 2011. The cryptographic trailer based authentication scheme for ARP. Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2011 8th International Conference on, 280-283. [20]. FAN, H., Y. DONG, M. YU and L. TUNG, 2013. Security Threats against the Communication Networks for Traffic Control Systems. Systems, Man, and Cybernetics (SMC), 2013 IEEE International Conference on, 4783-4788. [21]. BIN, M.N., K.A. JALIL and J.-.A. MANAN, 2012. An enhanced remote authentication scheme to mitigate man-in-the-browser attacks. Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on, 271-276. [22]. YANG, Y., K. MCLAUGHLIN, T. LITTLER, S. SEZER, G.I. EUL, Z.Q. YAO, B. PRANGGONO and H.F. WANG, 2012. Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in Smart Grid SCADA systems. Sustainable Power Generation and Supply (SUPERGEN 2012), International Conference on, 1-8.
  • 45. References [23]. SHIKHA, V. KAUSHIK and S. GAUTAM, 2013. Wireless LAN (WLAN) spoofing detection methods - Analysis and the victim Silent case. Signal Processing and Communication (ICSC), 2013 International Conference on, 155-160. [24]. Aircrack-ng.org, (2014). Aircrack-ng. [online] Available at: http://www.aircrack-ng.org/ [Accessed 30 Oct. 2014]. [25]. Nmap.org, (2014). Nmap - Free Security Scanner For Network Exploration & Security Audits. [online] Available at: http://nmap.org/ [Accessed 30 Oct. 2014]. [26]. Kali.org, (2014). Kali Linux is an open source project that is maintained and funded by Offensive Security. [online] Available at: http://www.kali.org/ [Accessed 30 Oct. 2014]. [27]. Linux.com, (2012). Linux.com | The source for Linux information. [online] Available at: http://www.linux.com/ [Accessed 30 Oct. 2014]. [28]. Lifehacker UK, (2012). How to Crack a Wi-Fi Network's WPA Password with Reaver. [online] Available at: http://www.lifehacker.co.uk/2012/01/09/crack-wi-fi-networks-wpa-password-reaver [Accessed 30 Oct. 2014].
  • 46. References [29]. Pen-testing.sans.org, (2013). SANS Penetration Testing | Nmap Cheat Sheet 1.0 | SANS Institute. [online] Available at: http://pen-testing.sans.org/blog/pen-testing/2013/10/08/nmap- cheat-sheet-1-0 [Accessed 30 Oct. 2014]. [30]. Dalziel, H. (2013). Top ten penetration testing tools. [online] Concise-courses.com. Available at: http://www.concise-courses.com/security/top-ten-pentesting-tools/ [Accessed 30 Oct. 2014]. [31]. IFSEC Global, (2012). Negligent WiFi Brits at serious risk of ID theft - IFSEC Global. [online] Available at: http://www.ifsecglobal.com/negligent-wifi-brits-at-serious-risk-of-id-theft/ [Accessed 25 Jan. 2015]. [32]. Jackson, M. (2013). Study Finds 36% of WiFi Hotspots in London are Completely Unsecured - ISPreview UK. [online] Ispreview.co.uk. Available at: http://www.ispreview.co.uk/index.php/2013/08/study-finds-36-wifi-hotspots-london-completely- unsecured.html [Accessed 25 Jan. 2015]. [33]. Graphs.net, (2014). Graphs, Infographics. [online] Available at: http://graphs.net/wifi- stats.html [Accessed 25 Jan. 2015].https://wiki.archlinux.org/index.php/MAC_address_spoofing
  • 47. References [34]. Technet.microsoft.com, (2008). Microsoft Security Bulletin MS08-067 - Critical. [online] Available at: https://technet.microsoft.com/en-us/library/security/ms08-067.aspx [Accessed 25 Jan. 2015]. [35]. Rapid7.com, (2014). CVE-2008-4250 MS08-067 Microsoft Server Service Relative Path Stack Corruption | Rapid7. [online] Available at: http://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi [Accessed 25 Jan. 2015]. [36]. Iso.org, (2014). 'ISO 27001 - Information Security Management'. [online] Available at: http://www.iso.org/iso/home/standards/management-standards/iso27001.htm, [Accessed 18 Feb. 2015].