module 5 : 弱點掃描系統實習
DESCRIPTION
Module 5 : 弱點掃描系統實習. 學習目的. 電腦軟硬體技術的發展,促進了電腦的普及化 ; 眾多的設備和軟體也增加了使用者電腦受到攻擊的機會。如何在攻擊者發現前,找出電腦上的弱點,就成為保護使用者電腦安全重要的一環 2. 本模組共有六個小節包括 (1) 弱點簡介 (2) 弱點掃描與評分介紹 (3) 弱點管理與評分方式 (4) 弱點掃描與評分工具介紹 (5) 弱點掃描系統的實務 (6) 弱點掃描系統實的 專案實作 共需三個鐘點. Module 5 :弱點掃描系統實習. Module 5-1 :弱點簡介 (*) - PowerPoint PPT PresentationTRANSCRIPT
12.
bugflaw ()
5-*
Vulnerability
Weakness
Flaw
Bug
Exploit
BAC
()
*
IP
-
(Low)
Microsoft
””
http://nvd.nist.gov/scap/docs/ISAP-SecuritySolutions-2007.ppt
* Common Platform Enumeration (CPE)
* Extensible Configuration Checklist Description Format (XCCDF)XML
* Open Vulnerability and Assessment Language (OVAL)XML!!
* Common Vulnerability Scoring System (CVSS)
*
(NIAC)
CVSS (Metrics Group)(Formulas)(Metrics Group)(Base Metrics)(Temporal Metrics) (Environmental Metrics)()CVSS
(Base Score, BS:Temporal Score, TSEnvironmental Score, ES)
CVSS
*
(Medium)0.8
(Low)1.0
(Confidentiality Impact)
(Functional)shell code0.95
(Remediation Level)
(Temporary Fix)0.9
(Workaround) 0.95
(Unavailable)1.0
(Unconfirmed)0.9
(Uncorroborated)0.95
*
(Low) 0.1
(Medium) 0.3
(Target Distribution)
(Low) 1% - 15%0.25
(Medium) 16% - 49%0.75
(High) 50% - 100%1.0
*
Microsoft Baseline Security Analyzer (MBSA) Microsoft MBSA MBSA Windows Update Microsoft Update Microsoft Microsoft Update (MU)Windows Server Update Services (WSUS)Systems Management Server (SMS)System Center Configuration Manager (SCCM) 2007 Small Business Server (SBS)MBSA MBSA
*
Nessus www.insecure.org " Top 100 Security Tools ”1 Nessus Linux, Mac, FreeBSD, Solaris, Windows
5-*
Nessus
Nessus
Server
Client
ServerClient
5-*
ISO 27001ISMS NIST (Scan) (Fix) (Verify)
5-*
Nessusbanner
banner(unix)
web10000/tcp
6007/tcp(IRC)
CVSS
Nessus serverHost001Nserver
Client Only : IOS 4.x Android
http://www.tenable.com/products/nessus/nessus-download-agreement
5-*
Nessus-4.4.1-i386.msi
Next
5-*
*
→→Tenable Network Security→Nessus→Nessus Server Manager
Nessus Server ManagerHome Plugin Feeds
5-*
5-*
Plugin
5-*
5-*
5-*
→→Tenable Network Security→Nessus→Nessus Client( https://localhost:8834/ )
Continue to this website
5-*
Single host(IP)
IP Range(IP)
--Safe Checks :
--Silent Dependencies:plugin
--Avoid sequential scans: IPIP
--Consider Unscannned Ports as Closed:Nessus
--Designate Hosts by their DNS Name:DNSDNS
-Network congestion
--Reduce the number of connections in parallel on congestion
--Use the kernel congestion detection (Linux only) Linux
-Port Scanners
Port
*
5-*
5-*
Nessus
High
Medium
Low
5-*
AppServ
http://www.appservnetwork.com
5-*
JP Vendor Status Notes (JVN). CVSS V2.0 Calculator. Retrieved Auguet 1, 2009, from the World Wide Web: http://jvnrss.ise.chuo-u.ac.jp/jtg/cvss/en/CVSSv2.html
Microsoft TechNet, http://technet.microsoft.com
MITRE CCE, http://cce.mitre.org/
MITRE CVE, http://cve.mitre.org/
National Vulnerability Database, http://nvd.nist.gov/
()
New version of Common Vulnerability Scoring System released. Retrieved June 12, 2009, from the World http://www.first.org/cvss/index.html
NIST NVD SCAP, http://nvd.nist.gov/scap.cfm
Tenable Security Network. (September 3, 2009). Nessus 4 Installation Guide (Version 7). Retrieved June 15, from the World Wide Web: http://www.nessus.org/documentation/nessus_4.0_installation_guide.pdf
Tenable Security Network. (July 24, 2009). NessusClient 4.0 User Guide (Version 7). Retrieved June 15, from the World Wide Web: http://www.nessus.org/documentation/NessusClient_4.0_User_Guide.pdf
Nessus(97822)98622http://security.sinica.edu.tw/infosec-web/topicdetail.jsp?id=&f=7&t=545
bugflaw ()
5-*
Vulnerability
Weakness
Flaw
Bug
Exploit
BAC
()
*
IP
-
(Low)
Microsoft
””
http://nvd.nist.gov/scap/docs/ISAP-SecuritySolutions-2007.ppt
* Common Platform Enumeration (CPE)
* Extensible Configuration Checklist Description Format (XCCDF)XML
* Open Vulnerability and Assessment Language (OVAL)XML!!
* Common Vulnerability Scoring System (CVSS)
*
(NIAC)
CVSS (Metrics Group)(Formulas)(Metrics Group)(Base Metrics)(Temporal Metrics) (Environmental Metrics)()CVSS
(Base Score, BS:Temporal Score, TSEnvironmental Score, ES)
CVSS
*
(Medium)0.8
(Low)1.0
(Confidentiality Impact)
(Functional)shell code0.95
(Remediation Level)
(Temporary Fix)0.9
(Workaround) 0.95
(Unavailable)1.0
(Unconfirmed)0.9
(Uncorroborated)0.95
*
(Low) 0.1
(Medium) 0.3
(Target Distribution)
(Low) 1% - 15%0.25
(Medium) 16% - 49%0.75
(High) 50% - 100%1.0
*
Microsoft Baseline Security Analyzer (MBSA) Microsoft MBSA MBSA Windows Update Microsoft Update Microsoft Microsoft Update (MU)Windows Server Update Services (WSUS)Systems Management Server (SMS)System Center Configuration Manager (SCCM) 2007 Small Business Server (SBS)MBSA MBSA
*
Nessus www.insecure.org " Top 100 Security Tools ”1 Nessus Linux, Mac, FreeBSD, Solaris, Windows
5-*
Nessus
Nessus
Server
Client
ServerClient
5-*
ISO 27001ISMS NIST (Scan) (Fix) (Verify)
5-*
Nessusbanner
banner(unix)
web10000/tcp
6007/tcp(IRC)
CVSS
Nessus serverHost001Nserver
Client Only : IOS 4.x Android
http://www.tenable.com/products/nessus/nessus-download-agreement
5-*
Nessus-4.4.1-i386.msi
Next
5-*
*
→→Tenable Network Security→Nessus→Nessus Server Manager
Nessus Server ManagerHome Plugin Feeds
5-*
5-*
Plugin
5-*
5-*
5-*
→→Tenable Network Security→Nessus→Nessus Client( https://localhost:8834/ )
Continue to this website
5-*
Single host(IP)
IP Range(IP)
--Safe Checks :
--Silent Dependencies:plugin
--Avoid sequential scans: IPIP
--Consider Unscannned Ports as Closed:Nessus
--Designate Hosts by their DNS Name:DNSDNS
-Network congestion
--Reduce the number of connections in parallel on congestion
--Use the kernel congestion detection (Linux only) Linux
-Port Scanners
Port
*
5-*
5-*
Nessus
High
Medium
Low
5-*
AppServ
http://www.appservnetwork.com
5-*
JP Vendor Status Notes (JVN). CVSS V2.0 Calculator. Retrieved Auguet 1, 2009, from the World Wide Web: http://jvnrss.ise.chuo-u.ac.jp/jtg/cvss/en/CVSSv2.html
Microsoft TechNet, http://technet.microsoft.com
MITRE CCE, http://cce.mitre.org/
MITRE CVE, http://cve.mitre.org/
National Vulnerability Database, http://nvd.nist.gov/
()
New version of Common Vulnerability Scoring System released. Retrieved June 12, 2009, from the World http://www.first.org/cvss/index.html
NIST NVD SCAP, http://nvd.nist.gov/scap.cfm
Tenable Security Network. (September 3, 2009). Nessus 4 Installation Guide (Version 7). Retrieved June 15, from the World Wide Web: http://www.nessus.org/documentation/nessus_4.0_installation_guide.pdf
Tenable Security Network. (July 24, 2009). NessusClient 4.0 User Guide (Version 7). Retrieved June 15, from the World Wide Web: http://www.nessus.org/documentation/NessusClient_4.0_User_Guide.pdf
Nessus(97822)98622http://security.sinica.edu.tw/infosec-web/topicdetail.jsp?id=&f=7&t=545