Project 2

Introduction

Network Vulnerability Assessment

“A review of a system of systems to identify weaknesses or errors in design, implementation, or operation.”

Security Space Security Audit

Security scanning service.

It requires little or no knowledge or skill to set up and run.

Platforms

– Windows– Linux– Unix– Macintosh– Web servers– Database products. (Almost anything that can be remotely

tested).

Advantages (claimed)

An external view of your network.  Getting an external view of your network usually involves getting access to a machine on the outside of your network for the purpose of running your scan. The cost of setting up and maintaining this type of access can often be more than the cost of this service alone.

Reproducible.  As an audit mechanism, Security Audits are a

low cost, reproducible audit that can be run whenever you need.

Low effort Setting up and configuring a vulnerability scanner for proper operation can be time-consuming.

Always up to date   By using a service, you automatically

receive the latest vulnerability tests without having to install them into your own scanner

Different Services

They offer four different types of service.

– Standard Service.– Advanced Service.– Dedicated Service.– Recurring Service.

Standard Service

The service scans more than 1500 ports (0-1024 and other service ports).

The test can be set to start at time of convenience for the user.

For monthly or annual subscription unlimited IP allocated for the user can be scanned unlimited times.

The user can also purchase additional channels. Usually

one channel is allocated to each user which mean a bandwidth of 50kbps. If the user wants to get more bandwidth it can be bought.

Advanced Service

The service scans more than 65535 ports. The test can be set to start at time of convenience for the user.

For monthly or annual subscription unlimited IP allocated for the user can be scanned unlimited times.

It scan 256 IPs with one request for category or any test the user desires in the same network and the results will be shown in the same report.

The user can also purchase additional channels. If the user

wants to get more bandwidth it can be bought.

Dedicated Service

Designed for large scale networks, can run 50 audits simultaneously (50 channels) per dedicated server.

Servers can be leased weekly or monthly, without long term commitments.

The user can audit unlimited IPs (providing the IP is yours, or allocated for your own use). Can run unlimited number of audits.

The reports include detailed and comprehensive information on vulnerabilities and remedies. The reports can also be able merges into a single report, for comparison or summary

Recurring Service

Performs a port scan of all 65,535 port of an IP for open ports and possible trojans.

Can schedule audits to be launched automatically at selected times.

The report provides detailed and comprehensive information on vulnerabilities and remedies.

May use up your quota of audits as quickly or as slowly as you choose. May carry over unused audits (if any) from one year to the next

Comparison

Report Contents

Risk Classification Risk Classification SummarySummary

Baseline Comparison Baseline Comparison ControlControl

Comparative Security Comparative Security RatingRating

Vulnerability Category Vulnerability Category SummarySummary

Vulnerability Title Vulnerability Title SummarySummary

Vulnerability DetailsVulnerability Details

Open PortsOpen Ports Complete Report Order Complete Report Order

FormForm Appendix A: Risk Appendix A: Risk

DefinitionsDefinitions Appendix B: CVE Appendix B: CVE

VersioningVersioning Appendix C: List of Tests Appendix C: List of Tests

ExecutedExecuted

Conclusion to SecuritySpace Security Audit

For smaller organizations, Security scan is a means of convenience and no capital expenditure.

Security scans of some kind should be part of any well-

designed security maintenance plan.

Disadvantages– Too many false positives (according to comments of various

security experts). Since it is paid for the user would like the reports to be efficient.

– If the system contains confidential information then it is not a very good idea to store the reports of vulnerability in someone else’s server.

SAINT5 (Security Administrator's Integrated Network Tool)

SAINT™ screens every live system on a network for TCP and UDP services.

For each service it finds running, it launches a set of probes designed to detect anything.

When vulnerabilities are detected. SAINT vulnerability scanner categorizes the results in several ways, and creates a report specified by the user and also recommends fixes.

Diagram

Requirements.

Operating systems: – SunOS 5.6/Solaris 2.6 or higher (Sun Sparc) – HP-UX 10.20 or higher – Linux 2.2 or higher (x86) – FreeBSD (x86) – OpenBSD (x86) – MacOS X

Disk space– 10 MB for SAINT

Memory– 256 MB (minimum)

Other software tools required– PERL 5.004 or higher.

Features

Target Selection Target File Subnet Expansion Data Preservation Starting the Scan Interactive Control Panel Resuming an Interrupted Scan Firewall Option Windows Domain Authentication Scan Levels

– Discovery – Light – Normal– Heavy– Heavy Plus– Top 20– Custom

Firewall Option

For scanning targets which are behind a firewall from a system which is not behind the firewall, then choose the Firewall Support option. This option will cause SAINT to use TCP instead of ICMP for discovering live targets, and to adjust port scan settings to optimize performance through the firewall.

Windows Domain Authentication

While some vulnerabilities on Microsoft Windows systems can be detected by an unprivileged scan, others, such as missing hot fixes and service packs, require administrative privileges on the target. In order to conduct a thorough scan of Windows targets, SAINT gives you the option of authenticating to the domain in order to detect these types of vulnerabilities.

Scan Levels

Scan level can be of different intensity.– Discovery

Hosts which are alive and reports their IP addresses.

– Light SAINT collects information from the DNS (Domain Name

System), tries to identify the operating system, and tries to establish what RPC (Remote Procedure Call) services the host offers and what file systems it shares via the network.

– Normal This level includes all of the Light scan probes, and also

includes probes for the presence of common network services

Scan Levels (cont.)

– Heavy At this level, SAINT will check for services listening on any TCP

and UDP port. (with the exception of ports which are known to cause certain software to crash when scanned) Any services detected will then be scanned for any known vulnerabilities.

– Heavy Plus This scanning level is the same as heavy except that it does not

attempt to avoid ports which are known to cause certain software to crash

– Top 20 This is a special scanning level designed specifically to detect

vulnerabilities which are among the SANS Top 20 Most Critical Internet Security Vulnerabilities

– Custom This scanning level allows the user to run any combination of

SAINT probes. Which of the user-defined scan levels to use is selected from the pull-down menu.

Pricing.

Single Site Annual Package Price Second year

SAINT License Subscription (includes first year's maintenance fee

maintenance fee) (lock in today's price)

Class C Network: $1,647 $2,994 $499

Single Hosts:

10-host pack $448 $815 $136 30-host pack $789 $1,434 $239 50-host pack $1,009 $1,835 $306 75-host pack $1,119 $2,034 $339 100-host pack $1,317 $2,394 $399 150-host pack $1,581 $2,874 $479 200-host pack $1,713 $3,114 $519 250-host pack $1,977 $3,594 $599

Perpetual License

Conclusion to SAINT5

You can configure this tool extensively, tailoring scans to your network’s characteristics and determining the depth of the scans you run.

SAINT has a very efficient way of presenting the report. The installation procedure is very easy.

Conveniently, SAINT 5 can be configured to log on to Microsoft Windows domains— simply by using an administrative user name and password—to perform tests that require domain authentication.

Disadvantages

– Within reports there’s no query feature or grouping function that would help the user zero in on certain problems.

– Quickly become overwhelming, especially if scanning larger networks.

Security Audit V.S SAINT.

Price is definitely a factor. Secuirty Audit is available at just below $1000 (dedicated server) while SAINT while cost a shade below $3000.

SAINT is runs specific scans as introduced by the user. While Security Audit is more general.

SAINT provides more privacy than Security Audit since the reports are with the user.

Security Audit is hassle free. And more convenient for small businesses and home user. While SAINT is built with the picture to maintain of large network in mind.

Security Audit makes the maintenance easier and cheap, since no need to hire a in-house security expert (if situation permits it).

SAINT offers technical support for a fee. SAINT provides a SAINTwriter to edit and present reports in different forms

(e.g. executive form etc). Security Audit provides an external view of the system. While to get external

view by using SAINT might prove expensive (setting up and maintaining the external machine).

SAINT cannot be set up in a windows machine. While Security Audit does not need to be set up.

SOURCES

http://www.saintcorporation.comhttp://www.securityspace.comwww.pcmag.comhttp://specials.cramsession.com/s/promos/Security_Watch/Security_Watch_LP_2_2.htmhttp://www.esecurityplanet.com/trends/print.php/10751_1475291http://www.nwc.com/1201/1201f1b1.html

Security space (E-Soft Inc)Security space (E-Soft Inc)2025 Guelph LineBurlington, ONL7P 4X4Phone:(905) 331-2260 Fax:(905) 331-2504 Toll-free:(800) 799 4831Email:general@securityspace.com

 

SAINT CorporationSAINT Corporation4720 Montgomery Lane Suite 800 Bethesda, MD 20814 Phone: (301) 656-0521 or 1-(800) 596-2006 Fax: (301) 656-4806

Questions

KAZI NASIM FAISAL100659146PICTURE TAKEN

FROM:http://www.haverhillpl.org/images/question001.jpg