Step 3: Building the Toolkit (4/10)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

122 Managing Network Vulnerability Assessment

Fluke Network’s Network Inspector

URL: http://www.ﬂukenetworks.com

Price: $$$

Vendor’s comments: Designed for switched Ethernet LANs, Network Inspec-

tor (NI) actively monitors and diagnoses problems in TCP/IP, IPX, and

NetBIOS environments (see Exhibit 28). It rapidly identiﬁes whether

the problems lie on the server, client, switch, router, or printer through

its quick discovery process, and provides an extensive suite of reports

identifying all devices in the LAN, the services they provide, and an

array of tools and reports for data analysis.

Opinion: Network Inspector is a very good tool for network discovery on

a single local area network (LAN). The tools diagram the network to

the physical switch port that each device is plugged into. It can also

take a histogram and show the network usage statistic over a period

of time.

Network Enumeration Tools

Network enumeration tools take the IP block information ascertained in the

zero-information-based tools section, and continue to reﬁne the number of

hosts to test (see Exhibit 29). It is possible for the target network to be a

Exhibit 27. NetFormx

Technical (Bottom-Up) Methodology 123

Exhibit 28. Network Inspector

Exhibit 29. The Vulnerability Assessment Model: Network Enumeration Layer

Zero-Information-Based (ZIB) Tools

Network Enumeration Tools

Number of Hosts

Length of Time

Information In: IP Block

Information Out: Active hosts, SNMP information

124 Managing Network Vulnerability Assessment

“Class B” network, which means that there are 16,535 possible hosts to test.

If you wanted to exhaustively test each of the 16,535 addresses for vulnera-

bilities, you could be running the assessment for years. Enter network enu-

meration to cut down on the number of hosts you will be testing.

There are two primary protocols that will be used for network enumeration:

ICMP (Internet Control Messaging Protocol) and SNMP (Simple Network

Management Protocol). When ICMP is referred to, the general link is to the

ping function, but there are other types of ICMP in addition to ping. One

example is the traceroute that we ran in the zero-information-based section.

The other protocol, SNMP, helps a network security assessor as well as a

potential hacker. It will provide information about the target host indiscrim-

inately.

SolarWinds

URL: http://solarwinds.net

Price: $$

OS: NT

Vendor’s comments: The SolarWinds Network Management Tools (see

Exhibit 30) were designed by Network Engineers with the emphasis

placed on ease of use, speed of discovery, and accuracy of information

displayed. This can best be experienced by running the IP Network

Exhibit 30. The SolarWinds IP Network Browser

Technical (Bottom-Up) Methodology 125

Browser. This tool uses ICMP and SNMP to perform a very fast network

discovery. The detailed information it returns includes details of each

interface, port speed, IP addresses, routes, ARP tables, accounts, mem-

ory, sysObjectIDs, and much more.

Opinion: The SolarWinds toolkit has a number of great tools. The IP

Network Browser Tool that we use for network enumeration is fast

and easy to use. Other tools in the toolkit include a network trafﬁc

generator, an SNMP brute-force password crack, and countless Cisco

management tools. A great toolset for the price.

SNScan

URL: http://www.foundstone.com

Price: Free

OS: NT

Vendor’s comments: SNScan is a Windows-based SNMP detection utility

that can quickly and accurately identify SNMP-enabled devices on a

network (see Exhibit 31). This utility can effectively indicate devices

that are potentially vulnerable to SNMP-related security threats such as

those released on February 12, 2002.

Opinion: A similar tool to IP Network Browser, but with a few less features.

However, it has a much smaller price tag.

Exhibit 31. SNScan

126 Managing Network Vulnerability Assessment

Pinger

URL: http://www.pelttech.com

Vendor’s Web site: http://www.leto.net/docs/mhd.html

Price: Free

OS: NT

Opinion: A handy network tool to have, it makes performing ping sweeps

very easy (see Exhibit 32). Just plug in the network range and proceed.

ICMPEnum

URL: http://razor.bindview.com

Price: Free

OS: Linux

Opinion: Great all-around ICMP tool, but can take some time to get installed

depending on the Linux distribution.

Operating System Fingerprint Tools

At this layer of the network vulnerability assessment model, you build on the

information learned in the previous tool layers. What you hope to accomplish

is to determine the operating system (OS) running on the hosts found to be

active. The tools in this layer ﬁngerprint the operating system in one of two

ways. First, the OS can be ﬁngerprinted by the applications and subsequent

Exhibit 32. Pinger

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Step 3: Building the Toolkit (4/10)

Create new playlist

Sign In

Sign Up

Table of Contents for
Step 3: Building the Toolkit (4/10)