2 richard s. carson and associates management consulting web-based products world wide digital...
TRANSCRIPT
![Page 1: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/1.jpg)
![Page 2: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/2.jpg)
2
Richard S. Carsonand Associates
ManagementConsulting
Web-BasedProducts
World Wide Digital Security,
Inc.
Background
![Page 3: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/3.jpg)
3
A suite of web-based security assessment tools used to determine a network’s vulnerability and risk, with a patent pending methodology —
Single assessmentNetworkDenial of Service
Our Product
![Page 4: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/4.jpg)
4
Benefits of WebSaintTM
Web based delivery system – basis for minimum user impact
Dedicated computer is not needed – it is run on the web
Easy to use – complexities of installing software are removed
No costly software
Results are self explanatory – trained security professionals are not needed
Use as many times as you need under the 3-month subscription
Cost advantage in terms of product price and minimal resource impact
Product is always up-to-date with the most current vulnerabilities and threats
![Page 5: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/5.jpg)
5
Our CustomerThe network administrator of a small to medium size enterprise who is looking for the easiest and most accurate tool to analyze network security —
OverworkedDealing with Y2K issuesResources limited for security
![Page 6: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/6.jpg)
6
The Opportunity
1997 2002
Internet Users 50 million 175 million
Electronic Commerce $8 billion $327 billion
Network Security $1.3 billion $6.5 billion
![Page 7: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/7.jpg)
7
The OpportunityOur niche is the Internet Security Assessment market — estimated to be $1 billion by 2002
WebSaint™ provides:
Vulnerability assessment by identifying security strengths and weaknesses
Detailed review and evaluation of a company's network, allowing the development of a baseline security policy from the data collected.
Corporate confidence that current security standards are being met.
![Page 8: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/8.jpg)
8
Our CompetitionInternet Security Systems, Inc.
Network Associates, Inc.
Axent Technologies, Inc.
Netect, Inc.
Security Dynamics Technologies, Inc.
![Page 9: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/9.jpg)
9
Our Uniqueness in the Security MarketPatent pending, web-based delivery system
Subscription sales/easy selling approach
Focused – security assessments
Leads to consulting services
![Page 10: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/10.jpg)
10
Marketing
SATAN SAINT WebSaintTM
Name recognition
VARs, partnerships, Joint Development Agreements
Using integrated Web and PR marketing approach
www.wwdsi.com
![Page 11: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/11.jpg)
11
SATAN Released April 1995
COAST extensions released in December 1995
No updates since release
Scan of large network using SATAN prompted development of SAINT
SAINTTM History
![Page 12: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/12.jpg)
12
SAINTTM – The New SATANNew tests for the following:
“R” services (rlogin, rshell and rexec) Vulnerable CGIs (e.g., webdist, phf, and test-cgi) Vulnerable versions of IMAP and POP SMB open shares New backdoors (NetBus, Back Orifice) ToolTalk service Vulnerable versions of DNS rpc.statd service UDP echo and/or chargen (can be used for DoS) Vulnerable news servers
![Page 13: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/13.jpg)
13
SAINTTM – The New SATAN Identifies Microsoft Windows (3.x, 95, 98, NT) computers
(may be vulnerable to various DoS attacks)
Added a new attack level (heavy +)
Performs in a firewalled environment
Many cosmetic and functional improvements
![Page 14: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/14.jpg)
14
UNIX platform (AIX, OSF, Free BSD, BSDI, IRIX, HP-UX, Linux, SunOS, System V)
20MB disk space
As much memory as you can get
Perl 5.00 or above
C compiler
Web browser
SAMBA (for SMB tests)
What You Need
![Page 15: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/15.jpg)
15
How it Works
![Page 16: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/16.jpg)
16
Controls what hosts SAINT may probe Controls the intensity of the probes Specified in the configuration file
attack level and what probes are included status file timeouts and timeout signals proximity variables trusted or untrusted targeting exceptions workarounds (DNS, ICMP)
Some settings can be changed via command-line switches or from hypertext user interface
Policy Engine
![Page 17: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/17.jpg)
17
Specified by User one host class C subnet
Generated by inference engine when processing facts generated by data acquisition module
Saves time by checking whether hosts are actually alive first fping (default) tcp_scan on common ports (firewall)
Target Acquisition
![Page 18: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/18.jpg)
18
Executes probes based on target’s scanning level
light
normal
heavy
heavy plus
Written in Perl or shell script
Output written to database in common tool record format
Data Acquisition
![Page 19: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/19.jpg)
19
Rules applied in real-time Results are either
new facts for inference engine new probes for data acquisition module new targets for target acquisition module
Actually six separate engines controlled by own rule base todo – what probe to perform next hosttype – deduces system classes facts – deduces potential vulnerabilities services – translates cryptic daemon banners and/or port numbers to user-
friendly names trust – classifies data collected on NFS, DNS, NIS, and other cases of trust drop – what to ignore
Inference Engine
![Page 20: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/20.jpg)
20
Facts – data generated by data acquisition module and inference
engine
All-hosts – all hosts seen
Todo – all things it did
Database Format
![Page 21: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/21.jpg)
21
Target – name of host record refers to Service – base name of tool or service being probed Status – if host was reachable Severity – how serious was the vulnerability Trustee – who trusts another target (user@host) Trusted – who the trustee trusts (user@host) Canonical Service Output
for non-vulnerability records, the reformatted version of the network service for vulnerability records, the name of the tutorial
Text – additional information for reports
Database Format – Facts
![Page 22: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/22.jpg)
22
Host name
IP address
Proximity from original host
Attack level host has been probed with
Was subnet expansion on? (1 = yes, 0 = no)
Time scan was done
Database Format – All-hosts
![Page 23: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/23.jpg)
23
Host name
Tool to be run next
Arguments for tool
Database Format – Todo
![Page 24: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/24.jpg)
24
Requires an HTML browser Documentation Data management Data gathering Viewing results
– vulnerabilities
– host information
– trust Also can be run from the command line
User Interface
![Page 25: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/25.jpg)
25
SAINTTM Vulnerabilities
DNS vulnerabilities FTP vulnerabilities Hacker program found HTTP CGI access IMAP version INN vulnerabilities NFS export to unprivileged programs NFS export via portmapper
Open SMB shares Remote shell access REXD access Sendmail vulnerabilities SSH vulnerabilities TFTP file access Unrestricted modem Unrestricted NFS export Writable FTP home directory
Red — Services that are vulnerable to attack. Hackers exploiting these services may cause substantial harm.
![Page 26: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/26.jpg)
26
SAINTTM – VulnerabilitiesYellow — Services that may directly or indirectly assist a
hacker in determining passwords or other critical information.
NIS password file access
Unrestricted X server access
![Page 27: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/27.jpg)
27
Excessive finger information HTTP CGI info NetBIOS over the Internet POP server POP version Possible DoS (fraggle) problem Remote login on the Internet
Remote shell on the Internet Rexec on the Internet Statd vulnerability Rstatd vulnerability Rusersd vulnerability Sendmail info Windows detected
Brown — Services that may not be vulnerable but the configuration and/or version may make them vulnerable. Further investigation on the part of the system administrator may be necessary.
SAINTTM Vulnerabilities
![Page 28: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/28.jpg)
28
SAINTTM VulnerabilitiesGreen — Services that do not have any vulnerabilities apparent through remote assessment. (However, if passwords have been compromised, these services may prove to be vulnerable to exploitation by local users).
![Page 29: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/29.jpg)
29
System Administrators
Security Administrators
Requires some knowledge of UNIX
Requires installation and configuration of software
What about the less technical,
less UNIX savvy administrator? . . . . . .
Who Uses It?
![Page 30: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/30.jpg)
30
Web browser
Internet connection
E-mail address
What You Need
![Page 31: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/31.jpg)
31
How it Works Customer requests scan via Web page
Customer receives e-mail containing URL for custom page
Customer uses custom page to start scan
Customer receives a second e-mail after the scan completes containing a new URL for the results
Customer can perform an unlimited numberof scans within the subscription period
![Page 32: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/32.jpg)
32
Getting off the ground . . .
We’d like to hear your comments and ideas.
![Page 33: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/33.jpg)
33
Detailed SAINTTM
Vulnerabilities
![Page 34: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/34.jpg)
34
SAINTTM Red Services (1of 5)DNS vulnerabilities
Impact: unauthorized access (remote) and/or denial of service Resolution: patch or updated version
FTP vulnerabilities Impact: unauthorized access (remote or local) Resolution: patch, updated version, restrict access
Hacker program found Impact: host has been compromised Resolution: remove program, remove hacker
HTTP CGI access Impact: execute arbitrary commands (remote or local) Resolution: remove/disable CGI
![Page 35: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/35.jpg)
35
SAINTTM Red Services (2of 5)IMAP version
Impact: unauthorized access (remote) Resolution: patch, updated version, restrict access
INN vulnerabilities Impact: unauthorized access (remote) Resolution: patch, updated version
NFS export to unprivileged programs Impact: unauthorized file access (read/write), program execution Resolution: restrict access, block router ports (2049, 111)
NFS export via portmapper Impact: unauthorized file access (read/write) Resolution: restrict access, block router ports (2049, 111)
![Page 36: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/36.jpg)
36
SAINTTM Red Services (3of 5)Open SMB shares
Impact: unauthorized file access (read/write) Resolution: disable SMB over Internet, restrict access
Remote shell access Impact: unauthorized remote shell/login from arbitrary hosts Resolution: restrict access
REXD access Impact: unauthorized REXD remote access from arbitrary hosts Resolution: disable service, restrict access
Sendmail vulnerabilities Impact: unauthorized access (remote) Resolution: patch, updated version
![Page 37: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/37.jpg)
37
SAINTTM Red Services (4of 5)
SSH vulnerabilities Impact: unauthorized use of credentials (local) Resolution: updated version
TFTP file access Impact: unauthorized access (remote) Resolution: disable service, restrict access
Unrestricted modem Impact: unauthorized access (remote) of modem Resolution: restrict access
Unrestricted NFS export Impact: unauthorized file access (read/write) Resolution: restrict access, block router ports (2049, 111)
![Page 38: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/38.jpg)
38
Writeable FTP home directory Impact: unauthorized file access (read/write/execute) Resolution: restrict access
SAINTTM Red Services (5of 5)
![Page 39: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/39.jpg)
39
NIS password file access Impact: access to NIS password file by arbitrary hosts Resolution: restrict access
Unrestricted X server access Impact: unrestricted X server access from arbitrary hosts Resolution: restrict access
SAINTTM Yellow Services
![Page 40: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/40.jpg)
40
SAINTTM Brown Services (1 of 4)
Excessive finger information Impact: releases excess account information Resolution: disable service, restrict access
HTTP CGI info Impact: provides information about server Resolution: remove/disable CGI
NetBIOS over the Internet Impact: unauthorized file access (read/write) Resolution: disable service
POP server Impact: unauthorized access (passwords in the clear) Resolution: disable service, use more secure version
![Page 41: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/41.jpg)
41
SAINTTM Brown Services (2 of 4)POP version
Impact: unauthorized access (remote) Resolution: patch, updated version, restrict access
Possible DoS (fraggle) problem Impact: denial of service (intermediary and victim) Resolution: router configuration
Remote login on the Internet Impact: unauthorized shell access (with no password) Resolution: disable service, restrict access
Remote shell on the Internet Impact: unauthorized remote shell/login from arbitrary hosts Resolution: restrict access
![Page 42: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/42.jpg)
42
SAINTTM Brown Services (3 of 4)Rexec on the Internet
Impact: unauthorized program execution (remote) Resolution: disable service, restrict access
Sendmail info Impact: provides information about users Resolution: Disable EXPN and VRFY commands
Statd vulnerability Impact: unauthorized access (remote/local) Resolution: patch, disable service
Rstatd vulnerability Impact: provides information about host’s performance Resolution: disable service
![Page 43: 2 Richard S. Carson and Associates Management Consulting Web-Based Products World Wide Digital Security, Inc. Backgroun d](https://reader034.vdocuments.mx/reader034/viewer/2022051820/56649ea35503460f94ba7f7e/html5/thumbnails/43.jpg)
43
SAINTTM Brown Services (4 of 4)Rusersd vulnerability
Impact: provides information about users Resolution: disable service
Windows detected Impact: operating system may be vulnerable to denial of service Resolution: patch, disable unnecessary services