Technical (Bottom-Up) Methodology 153
Vendor’s comments: Sniffer Investigator is an affordable, turnkey 10/100
Ethernet network management solution. It addresses the unique trou-
bleshooting needs of small and medium-sized enterprises by combining
six essential network management functions into a single, easy-to-
manage appliance. The fully integrated appliance eliminates downtime
and limits productivity loss caused by abnormally behaving applications.
Sniffer Investigator is a flexible solution for managing network traffic
between the Internet and corporate networks, or between network
segments and users. When problems are reported, Sniffer Investigator
can jump into action and provide a bird’s-eye view of the situation
instantly, assisting with defining whether the origin of the problem
occurs on the present segment or if the Sniffer Investigator needs to
move to a different segment.
Opinion: Sniffer Pro is almost a de facto standard for network sniffing. It
does everything well, and is one of the first to incorporate new features.
War Dialing
Phonetag
URL: http://packetstorm.widexs.nl/wardialers
Price: Free
Opinion: Our favorite war dialer (Exhibit 58). It has a very easy-to-use
Visual Basic interface that makes it just like dialing a telephone.
The Hackers Choice
URL: http://packetstorm.widexs.nl/wardialers
Price: Free
OS: DOS
Opinion: A very commonly used war dialer.
Telesweep
URL: http://www.securelogix.com
Price: $$
Opinion: This is the best product if you have the capital to spend. This
product has many more features than the other war dialers.
Step 4: Conduct the Assessment
Because we discussed most of conducting the assessment in the tools section,
we do not have a lot of ground left to cover here (see Exhibit 59). There are,
154 Managing Network Vulnerability Assessment
Exhibit 58. PhoneTag
Exhibit 59. The Vulnerability Assessment Model
Zero-Information-Based (ZIB) Tools
Network Enumeration Tools
OS Fingerprinting Tools
Application Discovery Tools
Vulnerability Scanning
Tools
Specialty
Tools
Application
Tools
Host Testing
Tools
Additional
Tests
Number of Hosts
Length of Time
Information In: Begin with only the company name
Information Out: Confirmed vulnerabilities, a network
map, list of all Web sites that have
the target network’s name
Technical (Bottom-Up) Methodology 155
however, a few key points to remember. First, beware of the tools that you
run. There are primarily two types of tests: active and passive. The following
are examples of active testing:
Probes using scanners:
– Nessus — broad view
– Webtrends Security Analyzer — focused view
– SolarWinds tools — Cisco devices
Use of exploit scripts and “underground” tools:
– Password crackers — on all platforms and by sniffing
– War dialers — remote access
– Web exploit tools — Web server specific
– Wireless testing
It is important to note that using any of the tests above will degrade
network performance in one aspect or another. Some tools have a very small
footprint on network performance while others can cause nearly total inter-
ruption. So be aware that any active tool will increase network traffic, processor
utilization, or both. On most networks this will not be a problem; however,
you should study the network with the tools cited in the network sniffer
section or the tools cited under the network discovery section of the zero-
information-based attacks.
In addition to increasing network traffic or processor load, your testing
can have other negative impacts on the target network. Several of the tools
we examined have the ability to run denial-of-service (DoS) testing. Here is
a handy rule-of-thumb:
Denial of service tests tend to deny service.
So be aware of the effects of DoS testing a production network. This is
especially true if you are testing during peak production times. Remember
that if you are not sure, do not guess on a production network. If you are
afraid of the consequences of running a test, take it home and run it against
your home network, or against another test network. However, your test
network should be a network that you have permission to test. This leads us
to another point: only test network systems that you have permission to test.
Do not say that we did not warn you. Testing systems that you are not
authorized to can get you in a world of trouble. So be cautious.
The second type of testing that you will do during a network vulnerability
assessment is passive testing. During a passive test, you seldom have any
impact on network performance (see Exhibit 60). The following tests are
examples of passive tests:
SNMP and RMON “listening”:
– General network sniffing
– Wireless sniffing
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.