Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Airborne Networking wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Zero-configuration networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Wireless security wikipedia , lookup
Distributed firewall wikipedia , lookup
Microsoft Security Essentials wikipedia , lookup
GFI LANguard CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard OVERVIEW • Network Security Scanner (N.S.S.) checks network for all potential methods that a hacker might use to attack it. • By analyzing the operating system and the applications running on your network, identifies possible security holes. 12/10/2004 CIS 460 - Oscar Vazquez 2 Scanned Vulnerabilities • Service pack level & security patches – Windows NT/2000/2003/XP – Microsoft Office – Microsoft Exchange Server – Microsoft SQL Server – virus updates or client software deployment • Open shares – administrative and printer shares (C$,D$, ADMIN$) – shows you who has access to the share. • Open ports – Port-scanning engine, allowing you to scan your network – TCP/IP and UDP • Services – Identifies well-known services (www / FTP / telnet / SMTP... ) 12/10/2004 CIS 460 - Oscar Vazquez 3 Scanned Vulnerabilities (Cont…) • Applications – Deploy 3rd party software or patches network-wide – Update custom or non-Microsoft software – Virus updates – Checks for programs that run automatically (potential Trojans) • Key registry entries – Security auditing policies – Start up – Log system • Weak passwords – Maximum password age – Password history – Minimum password length 12/10/2004 CIS 460 - Oscar Vazquez 4 Basic Settings and Use 12/10/2004 CIS 460 - Oscar Vazquez 5 Scanned Results •Nodes by IP •HTML Report •Comparisons Basic Settings and Use 12/10/2004 CIS 460 - Oscar Vazquez 7 HTML Report 12/10/2004 CIS 460 - Oscar Vazquez 8 Basic Settings and Use 12/10/2004 CIS 460 - Oscar Vazquez 9 Basic Settings and Use 12/10/2004 CIS 460 - Oscar Vazquez 10 Practical Demo • LAB Setting – Windows 2000 is installed from scratch on the Target box – LANGUARD app. is installed on Administrator machine – Both PCs are connected to the same network segment • Run on Target NSS Tool just after W 2000 installation – – – – – 12/10/2004 Create a Report Applied parches Applied security policies Shutdown ports and services Password settings CIS 460 - Oscar Vazquez 11 Practical Demo (Cont…) • After complete the OS Hardening – Run NSS Tool on Target machine Again – Create a HTML report 12/10/2004 CIS 460 - Oscar Vazquez 12 Practical Demo Conclusion • The initial operating system installed showed many vulnerabilities. • The computer could be very easy compromised by a hacker. • LANGuard is an excellent tool to test the security level of an entire network of computers. • Lots of vulnerability can easily be fixed updating software applications and the operating system • In addition to maintain the system up-to-date, is mandatory the execution of operating system hardening to customize the security level of the computer according to the level of the preferred functionality. 12/10/2004 CIS 460 - Oscar Vazquez 13 LANGuard Features review… • • • • Network-wide patch management Check for unused user accounts on workstations Audit your network for security vulnerabilities Detect unnecessary shares, open ports & unused user accounts on workstations • Check for and deploy missing security patches & service packs in OS & Office. • Automatically alerts new security holes • Price $495 for 100 IPs, $995 for unlimited IPs. 12/10/2004 CIS 460 - Oscar Vazquez 14 LANGuard Questions…?? 12/10/2004 CIS 460 - Oscar Vazquez 15