Browse Source

Finished with the comments on the report

master
Martins Eglitis 7 months ago
parent
commit
607bc5b04a
3 changed files with 128 additions and 31 deletions
  1. 128
    31
      project/group64.lyx
  2. BIN
      project/group64.pdf
  3. BIN
      project/review.pdf

+ 128
- 31
project/group64.lyx View File

@@ -194,10 +194,34 @@ Together with the expansion of the Internet, which started in 1980s, numerous
\end_layout

\begin_layout Standard
Nowadays, modern computers posses great computational powers and capabilities
that must be protected at every stage of the communication - outside, border,
and inside.
If we assume (and we should) that the
Nowadays, modern computers possess great computational powers and capabilities
that must be protected at every stage using the appropriate mechanisms.
The three stages are can be assumed as - outside, border, and inside stage.
The outside stage is not directly related to your computer but still casts
a shadow on protection indirectly, for example, computer viruses that are
sent over emails but have not affected your system yet.
The best way to protect this stage by using legal means of protection and
education.
The border stage is the front line of security both physical and digital,
for example, routers, switches, ports, and protocols.
The protection mechanisms for this stage are physical protection, data
encryption, etc.
The inside stage everything that follows the border stage and basically
is the system that is ought to be protected the most.
Some of the methods to protect the inside stage are using security scanning
programs, regularly scanning the system, backups, etc.
[
\begin_inset CommandInset ref
LatexCommand ref
reference "enu:Magnus-Almgren,-Computer"
plural "false"
caps "false"
noprefix "false"

\end_inset

].
If we, as a society, assume (and we should) that the
\begin_inset Quotes eld
\end_inset

@@ -216,12 +240,19 @@ border

stage.
However, we have to sacrifice security and open area for vulnerabilities
in return of capabilites.
in return of capabilities.
For example, to serve web content, a webserver might listen on port 80
and serve the client the content.
Some threats are obvious here - DDoS attacks on the port by exhausting
system resources (memory, CPU time, IO), unauthorized access, file discovery,
cross-site scripting, identity theft, etc.
\end_layout

\begin_layout Standard
In this project, I will concentrate on scanning network related vulnerabilities
in the
In this project, I will first introduce the overall architecture of the
OpenVAS program and vulnerability scanning in general.
Then I will concentrate on scanning network related vulnerabilities in
the
\begin_inset Quotes eld
\end_inset

@@ -229,7 +260,9 @@ border
\begin_inset Quotes erd
\end_inset

stage using OpenVAS.
stage using OpenVAS and reporting the outcome.
Finally, I will present my findings regarding the particular system and
recommendations on how to improve security.
\end_layout

\begin_layout Section
@@ -283,10 +316,10 @@ noprefix "false"
\end_layout

\begin_layout Standard
In laymans terms, both CLI and web interfaces can be used to communicate
In layman's terms, both CLI and web interfaces can be used to communicate
with the OpenVAS server.
The server consists of a scanner and a manager.
In this project we will be using a web-based client, the Greenbone Security
In this project I will be using a web-based client, the Greenbone Security
Assistant.
Data, such as network vulnerability tests (NVT), config, and results are
passed to the server.
@@ -294,7 +327,7 @@ In laymans terms, both CLI and web interfaces can be used to communicate
\end_layout

\begin_layout Standard
Just as the name suggests, the vulnerability scanning is useful for finding
Just as the name suggests, vulnerability scanning is useful for finding
weaknesses in systems.
The main types of vulnerability scanning are [
\begin_inset CommandInset ref
@@ -322,39 +355,57 @@ Database scanners
\end_layout

\begin_layout Standard
We use the results of the scans to report the security status at the given
time and suggest system improvements in terms of security.
One should not target systems / services / ports freely and there are two
main reasons for it.
The first reason is that vulnerability scanning must be coordinated with
the authorities of the respective system because they might contain restricted,
even confidential data.
The second reason is that one might put extra load on the system resources
while performing the scan.
\end_layout

\begin_layout Standard
One of the most important configuration data used by the server is NVTs.
Basically, different NVT are used because it can help to decrease the execution
time and system resource usage, as well as build on the concept of security
ethics (one should not target systems / services / ports freely).
The aim of specific scans is to target specific vulnerabilities.
ethics.
Another type of configuration data is configuration files / profiles which,
just as the name suggests, holds information such as (but not limited to)
IP address, agent, user, operating system, etc.
Finally, the third type of configuration data is results, which can be
used both to execute the next tests with different parameters or produce
the final scan report.
The aim of the specific scans is to target specific vulnerabilities.
\end_layout

\begin_layout Enumerate
Port scanning - we scan a subset containing most widely used ports by services.
Port scanning - scan a subset containing most widely used ports by services.
\end_layout

\begin_layout Enumerate
Service fingerprinting - we find what service is using a port, what is the
Service fingerprinting - find what service is using a port, what is the
version, protocol, etc.
of the service.
\end_layout

\begin_layout Enumerate
Remote host fingerprinting - we find the hostname, the operating system,
etc.
Remote host fingerprinting - find the hostname, the operating system, etc.
of the remote host.
\end_layout

\begin_layout Enumerate
Vulnerability scanning - we fingerprint systems / services / ports and compare
Vulnerability scanning - fingerprint systems / services / ports and compare
against known vulnerabilities.
\end_layout

\begin_layout Standard
I am choosing which scans to perform based on the assignment objectives
but the same idea holds true for other cases - one should always have an
approved plan of how the vulnerability scanning will be done.
I use the results of the scans to report the security status at the given
time and suggest system improvements in terms of security.
\end_layout

\begin_layout Section
Results
\end_layout
@@ -369,9 +420,9 @@ Port scanning

\begin_layout Standard
Table 1 shows the open ports and the threat level.
It can be deducted that the system most likely runs Windows since most
of the services / ports are not used on Linux machines (except for telnet,
which is hardly ever used nowadays with public networks).
It can be seen that the system most likely runs Windows since most of the
services / ports are not used on Linux machines (except for telnet, which
is hardly ever used nowadays with public networks).
The OpenVAS reports all the tuples as level = Log, which can be considered
safe.
\end_layout
@@ -545,7 +596,7 @@ Log
\begin_inset Quotes erd
\end_inset

level but still poses no risk to the system.
level but still possess little to no risk on the system.
The two of them are ntp and telnet.
The other 8 services pose no threat to the system.
\end_layout
@@ -923,7 +974,7 @@ Remote host fingerprinting
The operating system is Microsoft Windows.
I deducted it from the large number of Windows specific services running
on the machine.
Also, the OS fingerprinting test with 100% probablity states that it is
Also, the OS fingerprinting test with 100% probability states that it is
Microsoft Windows.
It is also fairly easy to learn more about the system by running
\begin_inset Formula $nmap$
@@ -933,7 +984,7 @@ The operating system is Microsoft Windows.
\begin_inset Formula $-O$
\end_inset

flag on a linux system with escalated permissions.
flag on a Linux system with escalated permissions.
\end_layout

\begin_layout Subsection
@@ -961,7 +1012,7 @@ It was possible to log into the remote host using the SMB protocol

.
I find it very interesting and assume that OpenVAS was using dictionary
attack agains SMBClient.
attack against SMBClient.
And if so, it is unclear why the threat level was set to
\begin_inset Quotes eld
\end_inset
@@ -1268,8 +1319,8 @@ Discussion
\end_layout

\begin_layout Standard
In my opinion, in order to improve the security the system should not be
using telnet because of lack of security in the telnet protocol.
In my opinion, in order to improve security the system should not be using
telnet because of lack of security in the telnet protocol.
And even though the SMBClient was marked as
\begin_inset Quotes eld
\end_inset
@@ -1280,6 +1331,17 @@ Low

, I think it is a good idea to stop using the service and port in general
and switch, for example, to ftp and cups services.
Moreover, one should evaluate the need for the remaining services.
It is always a good idea to strip away the programs not used to keep the
system clean.
Even if the system is using a particular program, using well known programs
that are designed with security in mind and has strong community behind
(for example, the Linux/GNU ecosystem) to reduce security threats.
From my subjective point of view, using *nix operating systems is a modern,
fast, maintainable, and, most important, secure operating sytem that can
be deployed on almost any type of machine.
I would strongly suggest trying such operating system and serve the necessary
services from it.
\end_layout

\begin_layout Standard
@@ -1682,11 +1744,11 @@ Conclusions

\begin_layout Standard
With some minor exceptions, the given host can be considered safe.
I would like to present some of my recommendations in the following list:
I would like to present some of my recommendations on the following list:
\end_layout

\begin_layout Enumerate
Monitor your computer.
Monitor your system.
A complete overview of what is happening with the system (logs, system
resources, users, etc.) is crucial to keep it safe.
\end_layout
@@ -1703,10 +1765,45 @@ Perform security tasks.
weaknesses.
\end_layout

\begin_layout Enumerate
Protect the system as early as possible.
Early protection means fewer threats to higher stages, eg.
the border or the inside stage.
\end_layout

\begin_layout Enumerate
Use common sense.
Do not open strange emails offering fortune or unknown programs.
\end_layout

\begin_layout Enumerate
Backup your system.
Use the 3-2-1 rule if possible - 3 total copies of the data, stored in
2 different mediums, and at least 1 offline copy.
\end_layout

\begin_layout Enumerate
Hire professionals.
The price for a corrupted system most definitely is higher than spending
a bit extra on experienced professionals.
\end_layout

\begin_layout Section
References
\end_layout

\begin_layout Enumerate
\begin_inset CommandInset label
LatexCommand label
name "enu:Magnus-Almgren,-Computer"

\end_inset

Magnus Almgren, Computer Security Lecture 1 VULNERABILITIES, THREATS and
PROTECTION MECHANISMS, Department of Computer Science and Engineering Chalmers
University of Technology
\end_layout

\begin_layout Enumerate
\begin_inset CommandInset label
LatexCommand label

BIN
project/group64.pdf View File


BIN
project/review.pdf View File


Loading…
Cancel
Save