Monitoring the Security Infrastructure

Scan for Vulnerabilities

Monitor for Intruders
Set Up a Honeypot
Respond to Security Incidents

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 1

 The Hacking Process

Footprinting Scanning Enumerating Attacking

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 2

 Ethical Hacking

Ethical hacker
Report on
security flaws

Footprinting Scanning Enumerating Attacking

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 3

 Security Utilities

Vulnerability scanning tools

Port scanning tools
Password scanning and cracking tools
Exploits and stress testers
Intrusion detection systems
Network monitors
Network and security administration

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 4

 Types of Vulnerability Scans

General vulnerabilities
Application-specific vulnerabilities
Tools for different scan types
General scan
Man-in-the-middle scan
Port scan
Password scan

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 5

 Vulnerable Port Ranges

Well-Known Ports: 0 to 1,023

Specific port numbers are most vulnerable to attack
Registered Ports: 1,024 to 49,151
Too system-specific for direct target by attackers
Attackers might scan for open ports in this range
Dynamic or Private Ports: 49,152 to 65,535
Constantly changing, cant be targeted by number
Attackers might scan for open ports in this range

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 6

 An IDS

Sensors scan for signs

of attack

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 7

 Categories of IDS

Host-based Application-based

Network-based

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 8

 Passive and Active IDS

Passive IDS Active IDS

Detects Detects
Logs Logs
Alerts Alerts
Blocks

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 9

 IDS Analysis Methods

Signature-based
Activity matches known attacks
Anomaly-based
Compares changes to pre-set parameters

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 10

 A Honeypot

Attacker lured to honeypot Detects and logs attack

Insecure honeypot Secure internal

system Blocks access to
system
secure systems

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 11

 Types of Honeypots

Software-based Hardware-based

Composite or
network-based

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 12

 An IRP

Who verifies
incident
Who is notified

Who determines
response

Who implements response

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 13

 Reflective Questions

1. What type of intrusion detection software are you familiar with, and
how have you used it to detect attacks?

2. What do you feel is the most important part of the infrastructure to

monitor? Why?

Copyright 2005 Element K Content LLC. All rights reserved. OV 9 - 14