Technical (Bottom-Up) Methodology 147
Exhibit 55. Brutus
Exhibit 56. The Vulnerability Assessment Model: Application Scanning Layer
Zero-Information-Based (ZIB) Tools
Network Enumeration Tools
OS Fingerprinting Tools
Application Discovery Tools
Vulnerability Scanning
Tools
Specialty
Tools
Application
Tools
Number of Hosts
Length of Time
Information In: Web-enabled applications
Information Out: Errors in the customer-written
application code
148 Managing Network Vulnerability Assessment
Vendor’s comments: AppScan is the most comprehensive Web application
security testing and vulnerability assessment tool available today. It
explores applications, automatically creates and customizes tests, and
provides comprehensive actionable results in the form of detailed and
custom reports. Instead of manually searching for security defects,
developers and testers use AppScan 3.5 to automatically detect security
defects as an integrated component of enterprise development and
testing processes. For applications in production, auditors benefit from
AppScan’s behavioral detection and precision testing processes, which
automatically learn the application’s logic and structure, and build
custom test scenarios to run against it. Using AppScan, manual appli-
cation testing becomes a thing of the past.
Opinion: This tool was the first Web application scanner released. After
some strange initial configurations, this scanning product has really
become a steady and easy-to-use product as of the current NT version.
Host Testing Tools
At the host testing layer of the vulnerability assessment model (see Exhibit 57),
you stop running tests over a network and perform what most of the tools
call a “local system audit.” This has both positives and negatives for the security
assessor. The positives are with increased access to the devices that are being
assessed the tools can make a greater determination of what security holes
reside in the system. The negatives are the raw numbers of holes that these
systems can uncover. It is not uncommon for some of these tools to uncover
more than 1700 vulnerabilities on a single system. So, when running the host-
Exhibit 57. The Vulnerability Assessment Model: Host Testing Layer
Zero-Information-Based (ZIB) Tools
Network Enumeration Tools
OS Fingerprinting Tools
Application Discovery Tools
Vulnerability Scanning
Tools
Specialty
Tools
Application
Tools
Host Testing
Tools
Number of Hosts
Length of Time
Technical (Bottom-Up) Methodology 149
based tools, remember to verify each finding and be prepared to sort through
a huge number of vulnerabilities.
Enterprise Security Manager
URL: http://www/symantec.com
Price: $$$
Vendor’s comments: Symantec Enterprise Security Manager 5.5 provides
comprehensive security policy compliance management of mission-
critical E-business applications and operating systems across the enter-
prise. From a single location, it manages the discovery of policy
deviations and vulnerabilities for services housing mission-critical appli-
cations and data on the network, enterprisewide. With its intelligent
tools, administrators can quickly and cost effectively create baselines
and measure performance against those baselines to identify systems
that are not in compliance and correct faulty settings to bring systems
back into compliance.
Opinion: This tool allows the assessor to monitor several devices from one
central console. Agents can be installed and removed from systems
without requiring a reboot, and the number of operating systems is
spectacular.
SecurityAnalyst
URL: http://www.intrusion.com
Price: $$
Vendor’s comments: Intrusion SecurityAnalyst software is an agent-less
assessment tool that does not require the installation of software agents
on target systems. It is designed to provide centralized audit data of
all key Windows security features. With its built-in policy definition
and comprehensive reporting capabilities, SecurityAnalyst can help
administrators analyze network risks so they can take immediate cor-
rective action to safeguard network integrity.
Opinion: This is a good product for evaluating the effective security of a
Windows NT system.
NetIq’s Security Analyzer
URL: http://www.netiq.com
Price: $$$$
Vendor’s comments: NetIQ’s Security Analyzer is a flexible, enterprise-scale
vulnerability assessment product for Windows, Solaris, and Linux plat-
forms that protects your systems from costly downtime and security
150 Managing Network Vulnerability Assessment
breaches. This industry-leading product scans computers in your net-
work for vulnerabilities, providing reports that help you correct prob-
lems and comply with company security policies. The extensible
architecture and flexible deployment options make Security Analyzer
your best choice among enterprise vulnerability assessment tools.
Opinion: A multiple award-winning tool, this tool does exactly what it is
supposed to do.
Miscellaneous Tools
These tools are good to have around but do not fit firmly into any category.
It could be argued that some of these tools are not vulnerability assessment
tools, but having some of them on hand “just in case” may not be a bad idea.
The Coroner’s Toolkit
URL: http://www.porcupine.org/forensics/tct.html
Price: Free
OS: Linux
Opinion: This tool is used for local system forensics. It actually is comprised
of a number of separate tools, such as a MD5 hash generator utility.
The tools in this kit often come in handy.
Fireball
URL: http://www.pelttech.com — to download
Price: Free
OS: NT
Opinion: This tool checks for well-known Trojan applications running on
a system. The tool is somewhat limited because it does not scan a
network range; it scans a single IP instead.
NetProwler
URL: http://www.symantec.com
Price: $$$
Vendor’s comments: Symantec NetProwler 3.5 complements existing secu-
rity countermeasures and fortifies any company’s E-business initiatives
by offering dynamic network intrusion detection that transparently
examines network traffic. It instantly identifies logs and terminates
unauthorized use, misuse, and abuse of computer systems by internal
saboteurs and external hackers.
Opinion: This tool may be going away or migrated into the newer Symantec
product. NetProwler filled the role of a traditional network sniffer in a
Technical (Bottom-Up) Methodology 151
vulnerability assessment. The greatest feature of this tool was the
intelligence built in to discard the normal network traffic and still alert
you to your scans getting past network security devices that were
supposed to stop them.
WinCrash
URL: http://www.pelttech.com — to download
Price: Free
Opinion: This is the tool that has the script to allow you to try the
fragmentation or data leakage attacks against Cisco and CheckPoint
network devices. It works well with NetProwler (listed above).
Wireless Tools
If you are going to be assessing wireless network security in your vulnerability
assessment, you will need a few things:
Wireless network cards
A prism chipset card for some utilities
An Orinoco chipset card for other utilities
An external antenna or two. One of the best places to get 802.11b antennas
on the Internet is at http://www.antennasolutions.com. A good 5-dB, multi-
directional antenna is a must, but you can go up to a 72-dB omni-directional
antenna and cover a range of a few city blocks
Time to keep abreast of the latest changes to the wireless networking
standards
Software — discussed below
Netstumbler
URL: http://www.netstumbler.com
Price: Free
OS: NT
Opinion: This is a very fun tool with which to play. You could fire up
your laptop, plug in your antenna, and go walking around looking for
wireless access points that are giving away free Internet access. Then
you are supposed to draw a crazy symbol with a piece of chalk, but
that really does not seem to make sense to us.
WEPCrack
URL: http://wepcrack.sourceforge.net
Price: Free
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.