• No se han encontrado resultados

IV. DESARROLLO

3. D ESARROLLO DE LA PROPUESTA INTERPRETATIVA

3.3. Propuesta guía para la ejecución del Currulao

3.3.1. El Currulao en la guitarra

BiDiBLAH

BiDiBLAH is a scanner that automatically scans for vulnerabilities. Its methodology is illustrated in Figure 3-53. BiDiBLAH, seen in Figure 3-54, automates 80% of the previous (all except intelligence gathering). It will never completely replace a human, but it automates everything that can be automated with acceptable accuracy.

QualysGuard

QualysGuard is an on-demand vulnerability management solution that enables organizations to assess and manage business risk. QualysGuard automates the network security auditing process across an enterprise, both inside and outside the firewall, and across distributed networking environments. It provides network discovery and mapping, asset prioritization, centralized reporting, and remediation workflow and verification. Executive- level reports allow security professionals to demonstrate effective security practices and verify compliance with data protection laws and regulations.

SAINT

SAINT stands for Security Administrator’s Integrated Network Tool. It is used for the detection of security vulnerabilities in a nonintrusive manner on any remote target, including servers, workstations, networking devices, and other types of nodes. It can also be used for gathering information on operating system types and open ports.

It can detect all live targets within a given target list or range. After this, it launches a set of probes to run against each target. The selected scanning level determines the core probe required. The data from the probes is used by SAINT’s inference engine to schedule further probes and to infer vulnerabilities and other informa- tion based on rule sets. Data is logged to a file in a plain text format that SAINT’s data analysis and reporting modules can interpret to present the results in a readable fashion. Figure 3-55 for an illustration of SAINT’s scanning method.

Its features include the following:

• Data management: Creates a database or opens an existing database

• Scan configuration: Changes the scanning policy, process control, network information, and other options

• Scan scheduling: Views the current scan schedule and deletes unnecessary jobs • Data analysis: Views results and generates reports in plain text format

• Inference engine: Finds all vulnerabilities present in a network

ISS Security Scanner

ISS Security Scanner, seen in Figure 3-56, is a vulnerability detection and network analysis tool that can perform automated, distributed, or event-driven probes of geographically dispersed network services, operating systems, routers/switches, firewalls, and applications and then displays the scan results. The scanner provides ongoing analysis and control of network security, helping administrators and executives to manage security policy as a progressive and evolutionary process.

Tools 3-49

Copyright © by

All rights reserved. Reproduction is strictly prohibited

Figure 3-55 SAINT uses a four-step scanning method.

Figure 3-56 ISS Security Scanner is a vulnerability detection and network analysis tool.

The scanner has two user interfaces: a normal Windows GUI and a command-line mode that is useful for batch job setups and scheduling. It comes with a large set of preconfigured policy templates.

The following are some of the features of this scanner:

• Automated updates: Allows the user to quickly update checks with an easy-to-use utility • Policy editor: Allows the user to search and sort vulnerability checks for use in scans

4. Plug-in selection 5. Reporting of data

To obtain more accurate and detailed information from Windows-based hosts in a Windows domain, the user can create a domain group and account that have remote registry access privileges. After completing this task, the user gains access not only to the registry key settings but also to the service pack patch levels, Internet Explorer vulnerabilities, and services running on the host.

The following are some of the various features of Nessus:

• Each security test is written as a separate plug-in. This way, the user can easily add tests without having to read the code of the Nessus engine.

• Nessus can test an unlimited number of hosts simultaneously.

• It performs smart service recognition. It assumes that the target hosts will respect the IANA assigned port numbers.

• Nessus is made up of two parts: a server, which performs the attack, and a client, which is the front end. The server and the client can be run on different systems.

Tools 3-51

• Nessus has an up-to-date security vulnerability database. It carries out development of security checks for recent security holes.

• The security tests that Nessus performs work efficiently with one another. If the user’s FTP server does not offer anonymous logins, anonymous-related security checks will not be performed.

• Nessus will determine which plug-ins should or should not be launched against a remote host. • Nessus compiles on and works on any POSIX systems, such as:

• FreeBSD • GNU/Linux

• NetBSD and Solaris

GFI LANguard

GFI LANguard, seen in Figure 3-58, is used for analyzing the operating system and applications running on a network, identifying potential security gaps. The entire network can be scanned using this tool and information—such as service pack level of the machine, missing security patches, open shares, open ports, and applications active on the system—can then be forwarded to the user if deemed an important security event. The method used for alerting the user depends upon the event’s security level. For the purpose of reviewing the security events, the results can be stored in an archive. GFI LANGuard consists of several modules that can be used for specific purposes.

These modules can do the following:

• Retrieve all events from individual computers • Alert a user regarding important security events

• Save the event record that is read and processed by the tool in a database • Create various types of reports based on events

• Configure select machines for monitoring

Figure 3-58 GFI Languard analyzes the operating system and applications running on a network.

is to examine UNIX-based systems, and report vulnerabilities in network services such as FTP and TFTP. In addition, SATAN provides the following functions:

• It provides information about the software, hardware, and network topologies of the target system. • It reports security gaps in the target network.

• It checks whether or not a target host is active.

• It generates reports containing information about the target host. The information that SATAN provides includes the following: • RSH vulnerabilities

• Sendmail vulnerabilities

• FTP directories with write permission • X server vulnerabilities

• NFS vulnerabilities