Andrew Manborde
Owen Thompson
Yannick Morgan
Tian Boothe
Kadian Bailey
Daemone Brown
DATA COMMUNICATIONS
AND NETWORKS II
PROJECT
Problem Statement


UCC network has been compromised.
Evaluate threats to the UCC network using
vulnerability tools.
Purpose of Study


Demonstrate and evaluate the named network
vulnerability tools.
Determine which tool is best suited for which
particular application.
Significance of Study


Informed Network Security decisions.
Best suited tools to use.
International Review



Vulnerability scanning got its start as a tool of the
"bad guys."
Port scanning or testing to see which TCP/UDP
ports on a machine are "open" and thus vulnerable
to intrusion.
Today's vulnerability scanning programs are
designed with the "good guys" in mind
What does a vulnerability scanner do?



Can only scan for known vulnerabilities. And that
means vulnerabilities that are known to their
vendors.
Depend on databases that contain the descriptions
of the vulnerabilities they can detect.
Only as good as the database it uses
Types of scans








Open ("listening") ports
Unnecessary services
DDoS agents and similar malware
Means of remote access (terminal services,
PCAnywhere)
Password crackers
System configuration
Coding flaws/unsafe code
Missing service packs and security fixes
What a vulnerability scanner doesn't
do



Vulnerability scanners don't do the job of anti-virus
and anti-spyware products
Vulnerability scanners don't do the job of a firewall
Vulnerability scanners don't do the job of an
Intrusion Detection System (IDS)
Wireshark


Network protocol analyzer (packet sniffer) which
captures and decodes packets of information from
a network.
Wireshark is used to capture and analyze network
packets and discover a wide array of information
Snort



Open Source Intrusion Detection System which can
be downloaded free of cost. It is a software
package which needs to be installed (along with
other software in many cases) in a standard server
which acts as the sensor.
Network Sniffer Mode
Network Intrusion Detection Mode
Kismet


802.11 layer2 wireless network detector, sniffer,
and intrusion detection system.
Kismet identifies networks by passively collecting
packets and detecting standard named networks,
named/ hidden networks, and inferring the
presence of nonbeaconing networks via data
traffic.
Cain and Abel







Password recovery tool for Microsoft Operating
Systems.
Sniffing the network.
Cracking encrypted passwords using Dictionary, BruteForce and Cryptanalysis attacks.
Recording VoIP conversations.
Decoding scrambled passwords, recovering wireless
network keys.
Revealing password boxes.
Uncovering cached passwords and analyzing routing
protocols.
Local Case Study



International standards apply to Jamaica to a
lesser scale.
Net Security pros use the same tools as hackers.
Hackers exploit to personal gain.
Implementation Recommendations

Net Vulnerability tools selection are based on:
Type of network
Size of network

Provide counter measures to prevent future attacks.


Network Solution Steps




Select four viable candidates for use as a network
vulnerability tool.
Evaluate each candidate.
Use the selected candidate to evaluate the security
of the network in question.
Record and interpret the results.
Select 4 tools




Cain and Abel
Wireshark
Kismet
Snort
Evaluate each candidate




Cain and Abel –
Good functionality.
Did not require additional software in order to be
compliant with the test network.
User friendly due to its user interface design.




Wireshark –
Average functionality.
Did not require additional software.
Not user friendly due to its user interface design.



Kismet –
Poor functionality.
Additional software was required to be compliant
with the test network.



Snort –
Poor functionality.
Additional software was required to be compliant.
Evaluate Selected Candidate

The network vulnerability tool that was selected as
being the best candidate was Cain and Abel. The
test was conducted and several vulnerabilities were
revealed.
Record and interpret the results.

It was determined that a Kerberos firewall was
required in order to secure the network.
Summary



Snort and Kismet required another piece of
software in order to be fully compliant with our test
network.
WireShark proved to be too complicated in its
function and not very user friendly in its GUI
Cain and Abel is easily utilized and has a good
GUI.
Conclusion

We recommend the network vulnerability tool Cain
and Abel for use as it is fully functional i.e. it does
not require additional software in order to function
as well as it is user friendly by means of simple
functionality and intuitive user interface design.