Add to collection(s) Add to saved
  1. No category
Uploaded by hallocomeon

Workshop+3+-+Performing+Security+Assessments+-+Copy

advertisement 
21/05/2021
Access organizational security with reconnaissance tools
Lesson 3
Explain security concerns with general vulnerability types
Performing Security Assessments
Summarize vulnerability scanning techniques
Explain penetration testing concepts
1
Topic 3A
Assess Organizational Security with Network
Reconnaissance Tools
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
2
2
Syllabus Objectives Covered
• 4.1 Given a scenario, use the appropriate tool to assess organizational
security
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
3
3
1
21/05/2021
ipconfig, ping, and arp
• Footprinting the network layout and rogue system detection
• ipconfig/ifconfig/ip
•
Report the local IP configuration
•
•
Test connectivity with a host
Use a ping sweep to detect live hosts on a subnet
•
•
•
Address Resolution Protocol (ARP) cache
Shows IP to Media Access Control (MAC) address mapping
Detect spoofing (validate MAC of default gateway)
• ping
• arp
Screenshot used
with permission
from Microsoft.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
4
4
route and traceroute
• route
•
•
•
Show the local routing table
Identify default route and local subnet
Check for suspicious entries
• tracert/traceroute
•
Test the path to a remote host
• pathping/mtr
•
Measure latency
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
5
5
IP Scanners and Nmap
• Host discovery
•
Test whether host in
IP range responds to
probes
• Port scan
•
Test whether TCP or
UDP port allows
connections
Screenshot used with permission from nmap.org.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
6
6
2
21/05/2021
Service Discovery and Nmap
identify operation system and services
• Service discovery
•
Scan custom TCP/UDP
port ranges
• Service and version
detection
•
•
•
•
•
Fingerprinting each port
Protocol
Application/version
OS type
Device type
Screenshot used with permission from nmap.org.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
7
7
netstat and nslookup
• netstat
•
•
•
Report port status on local machine
Switches to filter by protocol
Display process name or PID that opened port
• nslookup and dig
•
•
Query name servers
Zone transfers
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
8
8
Other Reconnaissance and Discovery Tools
• theHarvester
•
Collate open source intelligence (OSINT)
• dnsenum
•
dnsenum, provide more detail information
Collate DNS hosting information, name records, and IP schemas
• scanless
•
scanning hosts by third party
Collate results from third-party port scanning sites
• curl
•
Craft and submit protocol requests
curl: command line for performing data transfer or protocols,
• Nessus
•
Perform automated vulnerability scanning
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Nessus: cross check with automated tool, including solutions
9
9
3
21/05/2021
Packet Capture and tcpdump
Packet analysis (focus on frames) vs Protocol analyzes (what packets u are sending)
• Packet analysis versus protocol analysis
• Sniffer—tool for capturing network frames
•
•
•
•
Use software to interact with host network driver (libpcap/winpcap)
Mirrored ports/switched port analyzer (SPAN)
Use a test access port (TAP) device to read frames from network media
Placement of sensors
tcpdump (command line)
• tcpdump
•
•
•
Write to pcap
Read from pcap
Filters
tcpdump -i eth0 "src host 10.1.0.100 and
(dst port 53 or dst port 80)"
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
10
10
Packet Analysis and Wireshark
• Output panes
•
•
•
Packet list
Packet details (headers and fields)
Packet bytes (hex and ASCII)
• Capture and display filters
• Coloring rules
• Follow TCP Stream
Screenshot used with permission from wireshark.org.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
11
11
Packet Injection and Replay
• Packet injection
•
•
Crafting spoofed packets
Dsniff, Ettercap, Scapy
hping: similar to ping command
• hping
•
•
•
Host/port detection and firewall testing
Traceroute
Denial of service (DoS)
• tcpreplay
•
•
tepreplay: replay suspicious traffic
Stream a packet capture through an interface
Sandbox analysis and intrusion detection testing
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
12
12
4
21/05/2021
Exploitation Frameworks
• Simulate adversary tools for
exploitation and backdoor access
• Metasploit
•
•
•
Modules to exploit known code
vulnerabilities
Couple exploit module with payload
Obfuscate code to evade detection
• Sn1Per
•
•
Penetration test reporting and
evidence gathering
Run automated suites of tests
• Other frameworks
•
Screenshot used with permission from metasploit.com
Linux, embedded, browser,
web/mobile app, cloud, ….
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
13
13
Netcat
• Simple tool capable of very
wide range of network tasks
• Port scanning and
fingerprinting
• Command prompt listener
over arbitrary port
• File transfer over arbitrary
port
echo "head" | nc 10.1.0.1 -v 80
nc -l -p 666 -e cmd.exe
type accounts.sql | nc
10.1.0.192 6666
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
14
14
Organizational Security with Network Reconnaissance
Tools
Review Activity
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
15
15
5
21/05/2021
Assisted Labs
• Scanning and Identifying Network Nodes
• Intercepting and Interpreting Network Traffic with Packet
Sniffing Tools
Lab Activity
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
16
16
Topic 3B
Explain Security Concerns with General Vulnerability
Types
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
17
17
Syllabus Objectives Covered
• 1.6 Explain the security concerns associated with various types of
vulnerabilities
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
18
18
6
21/05/2021
Software Vulnerabilities and Patch Management
• Exploits for faults in software code
• Applications
•
•
Different impacts and exploit scenarios
Client versus server apps
• Operating system (OS)
•
Obtain high level privileges
• Firmware
•
•
PC firmware
Network appliances and Internet of Things devices
• Improper or weak patch management
•
•
Undocumented assets
Failed updates and removed patches
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
19
19
Zero-day and Legacy Platform Vulnerabilities
• Zero-day
•
•
•
Vulnerability is unknown to the vendor
Threat actor develops an exploit for which there is no patch
Likely to be used against high value targets
• Legacy platform
•
Vendor no longer releases security patches
Legacy platform: outdated platform
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
20
20
Weak Host Configurations
Default settings: default passwords
• Default settings
•
Vendor may not release product in a default-secure configuration
• Unsecured root accounts
•
•
Threat actor will gain complete control
Limit ability to login as superuser
• Open permissions
•
•
Configuration errors allowing unauthenticated access
Allowing write access when only read access is appropriate
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
21
21
7
21/05/2021
Weak Network Configurations
MD5 - outdated encryptions
• Open ports and services
•
•
•
Restrict using an access control list
Disable unnecessary services or block ports
Block at network perimeter
•
Cleartext data transmissions are vulnerable to snooping and
eavesdropping
• Unsecure protocols
• Weak encryption
•
•
•
•
Storage and transport encryption
Key is generated from a weak password
Cipher has weaknesses
Key distribution is not secure
•
Error messages that reveal too much information
• Errors
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
22
22
Impacts from Vulnerabilities
Data loss: data becomes unavailable
• Data breaches and data exfiltration impacts
•
•
Data breach is where confidential data is read or transferred without
authorization
Data exfiltration is the methods and tools by which an attacker transfers data
without authorization
• Identity theft
•
Abuse of data from privacy breaches
• Data loss and availability loss impacts
•
Availability is also a critical security property
• Financial and reputation impacts
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
23
23
Third-Party Risks
application softwares, linux system
• Supply chains
•
•
Due diligence
Weak links
one development, one for advertising
• Vendor management
•
•
•
Process for selecting suppliers and evaluating risks
System integration
Lack of vendor support
will be beneficial
• Outsourced code development
• Data storage
• Cloud-based versus on-premises risks
Data storage: personal data, data backup, archive
Monitoring your personal data, back up management services
on-premises risks:to save your data from the cloud-based, firewall, accesspoint, switch, port server(private office)
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
24
24
8
21/05/2021
Security Concerns with General Vulnerability Types
Review Activity
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
25
25
Automated, on-going comprise monitor
Topic 3C
What types of scanners we can use
Summarize Vulnerability Scanning Techniques
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
26
26
Syllabus Objectives Covered
• 1.7 Summarize the techniques used in security assessments
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
27
27
9
21/05/2021
Security Assessment Frameworks
Automated scanners
• Methodology and scope for security assessments
• NIST SP 800-115
NIST SP 800-115, technical guide book for testing, examining, interviewing
•
•
•
Testing
Examining
Interviewing
• Vulnerability assessment versus threat hunting and penetration testing
• Vulnerability assessments can use a mix of manual procedures and
automated scanning tools
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Vulnerability assessment: system security, ability e.g. what config u have, correct configuration
e.g. penetration testing: how different application exploits identified be secured in IT
28
28
Vulnerability Scan Types
Two types of scanners: Network vulnerability scanner & application and web application scanner
• Automated scanners configured
with list of known vulnerabilities
• Network vulnerability scanner
•
•
Configured with tests for most
types of network hosts
Focused on scanning OS plus
some desktop and server
applications
• Application and web application
scanners
•
Configured with applicationspecific tests
Screenshot used with permission from Greenbone Networks (openvas.org).
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
29
29
Common Vulnerabilities and Exposures
• Vulnerability feed/plug-in/test
• Security Content Automation
Protocol (SCAP)
•
•
Mechanism for updating scanner
via feed
Common identifiers
• Common Vulnerabilities and
Exposures (CVE)
• Common Vulnerability Scoring
System (CVSS)
Score
Description
0.1+
Low
4.0+
Medium
7.0+
High
9.0+
Critical
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
30
30
10
21/05/2021
Intrusive versus Non-intrusive Scanning
• Remote scanning versus agent-based scanning
• Non-intrusive scanning
•
•
•
Passively test security controls
Scanners attach to network and only sniff traffic
Possibly some low-interaction with hosts (port scanning/banner
grabbing)
• Intrusive/active scanning
•
•
Establish network session
Agent-based scan
• Exploitation frameworks
•
•
Highly intrusive/risk of system crash
Used with penetration testing
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
31
31
Credentialed versus Non-credentialed Scanning
• Credentialed
• Non-credentialed
•
•
Anonymous or guest
access to host only
Might test default passwords
• Scan configured with logon
• Can allow privileged access to configuration
settings/logs/registry
• Use dedicated account for scanning
Screenshot used with permission from Greenbone Networks (openvas.org).
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
32
32
False Positives, False Negatives, and Log Review
• Analyzing and validating scan
report contents
• False positives
•
Scanner identifies a
vulnerability that is not
actually present
False negatives are hard to detect, and you are unable to take actions on that
• False negatives
•
Scanner fails to identify a
vulnerability
• Review logs to confirm results
Screenshot used with permission from Greenbone Networks (openvas.org).
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
33
33
11
21/05/2021
Configuration Review
compare-based templates and your configuration to check if there are differences
• Lack of controls
•
Security controls that should be present
but are not (or are not functioning)
• Misconfiguration
•
Settings deviate from template
configuration
• Driven by templates of configuration
settings
•
•
Open Vulnerability and Assessment
Language (OVAL)
Extensible Configuration Checklist
Description Format (XCCDF)
• Compliance-based templates available
in many products
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
34
34
Threat Hunting
Intelligence fusion and threat data: Information management system, take all information and process for you
• Use log and threat data to search for IoCs
• Advisories and bulletins
•
Plan threat hunting project in response to newly discovered threat
• Intelligence fusion and threat data
•
Use security information and event management (SIEM) and threat data feed to
automate searches
• Maneuver
•
•
Consider possibility of alerting adversary to the search
Use techniques that will give positional advantage
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
35
35
Vulnerability Scanning Techniques
Review Activity
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
36
36
12
21/05/2021
Assisted Labs
• Analyzing the Results of a Credentialed Vulnerability Scan
Lab Activity
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
37
37
Authorized hacking techniques
Topic 3D
Explain Penetration Testing Concepts
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
38
38
Syllabus Objectives Covered
• 1.8 Explain the techniques used in penetration testing
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
39
39
13
21/05/2021
Penetration Testing
• Pen test or ethical hacking
• Verify threat
•
Identify vulnerability and the vector by which it could be exploited
• Bypass security controls
•
Identify lack of controls or ways to circumvent existing controls
• Actively test security controls
•
Examine weaknesses that render controls ineffective
• Exploit vulnerabilities to prove threat exists (“pwned”)
• Active and highly intrusive techniques, compared to vulnerability
assessment
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
40
40
Rules of Engagement
• Agreement for objectives and scope
• Authorization to proceed from system owner and affected third-parties
• Attack profile
•
•
•
Black box (unknown environment)
White box (known environment)
Gray box (partially known environment—to model insider threat agents, for
instance)
• Bug bounty programs
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
41
41
Exercise Types
• Red team
•
Performs the offensive role
• Blue team
•
Performs the defensive role
• White team
•
Sets the rules of engagement and monitors the exercise
• Purple team
•
•
•
Exercise set up to encourage collaboration
Red and blue teams share information and debrief regularly
Might be assisted by a facilitator
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
42
42
14
21/05/2021
Passive and Active Reconnaissance
• Pen testing and kill chain attack life cycle
• Reconnaissance phase
•
•
•
•
•
•
•
Passive techniques unlikely to alert target
Active techniques are detectable
Open Source Intelligence (OSINT)
Social engineering
Footprinting
War driving
Drones/unmanned aerial vehicle (UAV) and war flying
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
43
43
Pen Test Attack Life Cycle
• Initial exploitation
•
Obtain a foothold via an exploit
•
•
Establish a command & control backdoor
Reconnect across host shut down/user log off events
•
•
Internal reconnaissance
Gain additional credentials and compromise higher privilege accounts
•
Compromise other hosts
•
Access hosts with no direct remote connection via a pivot host
• Persistence
• Privilege escalation
• Lateral movement
• Pivoting
• Actions on objectives
• Cleanup
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
44
44
Penetration Testing Concepts
Review Activity
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
45
45
15
21/05/2021
Lesson 3
Summary
CompTIA Security+ Lesson 3 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
46
46
16
Related documents
COMPTIA EXAM INFO http://certification.comptia.org/getCertified
COMPTIA EXAM INFO http://certification.comptia.org/getCertified
Performance based questions
Performance based questions
MATC IT Computer Support Specialist Pathways
MATC IT Computer Support Specialist Pathways
ITEC2701
ITEC2701
Key Terms - Lori Collier
Key Terms - Lori Collier
Resume
Resume
A+ Certification FAQs CERTIFICATION INFORMATION • To receive
A+ Certification FAQs CERTIFICATION INFORMATION • To receive
Download
advertisement