142 Managing Network Vulnerability Assessment
Vendor’s comments: Essential NetTools (Exhibit 50) is a set of network
tools useful in diagnosing networks and monitoring your computer’s
network connections. It is a Swiss Army knife for everyone interested
in a set of powerful network tools for everyday use.
Opinion: This tool is point and click, very easy to use. It could be
considered the NT equivalent of Cheops.
Web Server Tools
Web server tools are designed to look at the http services of different devices
and check the relative security. It is of note that these scanners do not check
for vulnerabilities in the Web pages themselves, but rather the security of the
underlying Web server. The actual Web page code is checked in one of the
final steps of the network vulnerability assessment — application testing.
Grinder
URL: http://www.pelttech.com — for download
Price: Free
OS: NT
Opinion: Looks for rogue Web sites by searching for TCP port 80 and
grabbing the banner information (Exhibit 51). This tool scans large
ranges quickly, and has a very simple to user interface.
Exhibit 50. Essential Net Tools 3
Technical (Bottom-Up) Methodology 143
VLAD the Scanner
URL: http://razor.bindview.com/tools/desc/VLAD_readme.html
Price: Free
OS: Linux
Vendor’s comments: Welcome to VLAD the Scanner, a freeware scanner
that checks for common security problems. VLAD checks for the items
referenced in the SANS Top Ten list of common security problems,
found at http://www.sans.org/topten.htm.
Opinion: Because a large number of the top vulnerabilities are against Web
servers, this tool fits well here in the Web server tool section.
Cerberus Internet Scanner
URL: http://www.cerberus-infosec.co.uk/cis.shtml
Price: Free
Vendor’s comments: Cerberus Internet Scanner (CIS; Exhibit 52) is a free
security scanner written and maintained by Cerberus Information Secu-
rity, Ltd., and is designed to help administrators locate and fix security
holes in their computer systems. This tool is a must!
Opinion: A nice, all-in-one scanner that does an especially good job looking
for vulnerabilities in Web servers. This tool will probably be a purchase
product soon.
Exhibit 51. Grinder
144 Managing Network Vulnerability Assessment
Password Cracking Tools
Password cracking tools uncover passwords to check for policy compliance.
The process of cracking the passwords will be very processor intensive so it
is best to try to run the password cracking utility on your laptop. However,
some organizations may not permit this, so the next best step is to run the
password cracking after hours when fewer people are on the system. As a
rule-of-thumb, to get a good sample of network password compliance, run
the dictionary attack through to completion and then run the brute-force crack
for about an hour before stopping the process. This will get all passwords
that are dictionary words, and most passwords that are dictionary words with
a special character stuck on to the beginning or the end.
LC4
URL: http://www.atstake.com/research/lc/index.html
Price: $
OS: NT
Vendor’s comments: LC4 (Exhibit 53) is the latest version of the award-
winning password auditing and recovery application, L0phtCrack. It
provides two critical capabilities to Windows network administrators:
LC4 helps administrators secure Windows-authenticated networks
through comprehensive auditing of Windows NT and Windows 2000
Exhibit 52. Cerberus Internet Scanner
Technical (Bottom-Up) Methodology 145
user account passwords; and LC4 recovers Windows user-account pass-
words to streamline migration of users to another authentication system
or to access accounts whose passwords are lost.
Opinion: This is one of the founding tools in both hacking and vulnerability
assessment. It is easy to use and very fast. As of this writing, a free
command-line version was still available.
John the Ripper
URL: http://www.openwall.com/john
OS: NT
Price: Free
Opinion: This tool requires cgywin to be installed on the system. It is not
as straightforward as it could be. Better help files would really help
this tool.
Pandora
URL: http://www.nmrc.org
Price: Free
OS: NT
Opinion: This is a good password cracker for Novell NDS passwords
(Exhibit 54).
Exhibit 53. LC4
146 Managing Network Vulnerability Assessment
Brutus
URL: http://www.hoobie.net/brutus
Price: Free
OS: NT
Opinion: A great brute-force password cracker for common applications
(Exhibit 55). It is often necessary to use as a network administrator.
Application Tools
At this layer of the vulnerability scanning model (see Exhibit 56), you are
testing the Web-enabled application in the target network for vulnerabilities
in the customer-written code. These tools check for cookie manipulation, URL
modification, HTML comments with inappropriate content, and also underlying
vulnerabilities in the Web server itself.
SANCTUM AppScan
URL: http://www.sanctuminc.com
Price: $$$$
OS: NT
Exhibit 54. Pandora
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset