retina network security scanner by ajith u kamath 60-564 project
TRANSCRIPT
Retina Network Security Scanner
By
Ajith U Kamath
60-564 Project
AGENDA
• Introduction
• Installation procedure
• Features
• Test cases and results
• Points noted during testing
• Conclusion
INTRODUCTION
Importance of Network Security Scanner
Retina Network Security Scanner
INSTALLATION
System Requirements
Download from http://www.eeye.com/html/products/retina/download/index.html
Install
FEATURES – Retina Session
FEATURES (Cont…)
Discover Tab
Discover network machines
Customizable TCP, UDP, and ICMP discovery, OS detection, and general machine information
Retina can also be configured to discover active wireless devices
Additional IP’s with Retina licenses on the network
FEATURES (Cont…)
Target Types
FEATURES (Cont…)
Audit Tab
FEATURES (Cont…)
Modifying the Port Groups
• All Ports
• Discovery Ports
• HTTP Ports
• NetBIOS Ports
• Custom Ports added
FEATURES (Cont…)
Modifying Audit Groups All Audits
SANS20 [All]
SANS20 [Unix]
SANS20 [Windows]
Custom Audit Groups
Remediate Tab Generate reports used in remediation
management
Create customized reports
FEATURES (Cont…)
FEATURES (Cont…)
Configurations pane
Scan Jobs
Results
Report Tab Detailed information gathered by the
scanner
Customized reports
Report can be opened in MS Word or Internet Explorer
FEATURES (Cont…)
Network Configuration
TEST CASES AND RESULTS
Switch -1 Switch -2
137.207.234.57IBM Server
Red Hat Linux
`
137.207.234.119 Dell MachineWindows XP
`
137.207.234.151Windows 2000 Professional
100Mbps link
137.207.234.56IBM ServerWindows Server 2003
TEST CASES AND RESULTS
Test Case One Aim: To scan the ports on the windows
server.
Description: To run the complete scan of all the ports on the windows server.
Test Result: Passed
TEST CASES AND RESULTS
TEST CASES AND RESULTS
Test Case Two Aim: To scan the Red Hat Linux server and
match the result with other security tool.
Description: By comparing the result with other network security tool like GFI LANguard we can actually check whether the result produced by Retina Scanner is proper or it lacks in giving some information.
Test Result: Failed.
TEST CASES AND RESULTSThe result obtained from Retina
TEST CASES AND RESULTSThe result obtained from GFI LANguard
TEST CASES AND RESULTS
Test Case Three Aim: To test whether retina network scanner will detect
the users weak passwords Description: The user account in question could have a
password that is exactly the same as the account name except for it is backwards. Therefore an attacker could easily guess this password and gain access to your system via this account and then further their access into your network.
Test Condition: Created a user account ‘kamath’ with password as ‘htamak’ i.e. opposite to the user login name on 137.207.234.151 machine.
Test Result: Passed
TEST CASES AND RESULTS
TEST CASES AND RESULTS
Test Case Four Aim: To test the windows server 2003 for
CVE-2000-1200.
Description: Windows NT allows remote attackers to list all users in a domain by obtaining the domain security identifier (SID) with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
Test Result: Passed
TEST CASES AND RESULTS
POINTS NOTED DURING TESTING
The results were not consistent in few test cases. The following diagrams shows while the network is discovered using the software.
POINTS NOTED DURING TESTING
In the following diagram, the Mac address for machine 137.207.234.151 is not displayed.
POINTS NOTED DURING TESTING
When the same machine is discovered again, Mac address is displayed.
POINTS NOTED DURING TESTING
The software was unstable during testing. When the link connecting to the destination went down while the retina was still scanning the machine, scanner hanged. The scanner was not responding for any commands. But the problem could not be reproduced when tested under the same conditions again.
Conclusion
The 2004 Readers' Choice Best Security Scanner award
User friendly interface
Many features included
Could not scan medium risk vulnerabilities when compared to other tools.