6.

Identificarea vulnerabilitilor
2
Ion BICA
Vulnerabiliti
Eroare de programare sau greeal de configurare ce poate
crea bree n securitatea sistemelor
Dac nu sunt corectate la timp pot fi exploatate de ctre un
eventual atacator
Metode de corecie
instalare de patch-uri recomandate de productor
securizarea sistemelor (hardening)
3
Ion BICA
Vulnerabiliti (cont.)
Total vulnerabiliti raportate (1995-Q3,2008): 44,074
Sursa: CERT (http://www.cert.org )
8,064
2006
7,236 5,990 3,780 3,784 4,129 2,437 1,090 Vulnerabilities
2007 2005 2004 2003 2002 2001 2000 Year
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
9,000
2000 2001 2002 2003 2004 2005 2006 2007 2008
4
Ion BICA
Vulnerabiliti (cont.)
Sursa: Secunia (http://www.secunia.com)
10 firme sunt responsabile pentru 38% din vulnerabilitile dintr-un an!
5
Ion BICA
Vulnerabiliti (cont.)
Numai 20% din vulnerabiliti sunt critice!
Sursa: Secunia (http://www.secunia.com)
6
Ion BICA
Vulnerabiliti (cont.)
Common Vulnerabilities and Exposures (CVE)
lista cu denumirile standardizate ale tuturor vulnerabilitilor cunoscute
public
dicionar de vulnerabiliti (nu baz de date)
http://cve.mitre.org/
Open Vulnerability and Assessment Language (OVAL)
standard ce descrie modul n care poate fi verificat existena unei
vulnerabiliti pe un sistem de calcul
http://oval.mitre.org/
7
Ion BICA
Scannere de vulnerabiliti
Automatizarea procesului de identificare i corectare a
vulnerabilitilor
Clasificare
funcie de locaie de unde se face scanarea
network based
host based
funcie de credenialele folosite pe parcursul scanrii
cu drepturi administrative
fr drepturi administrative
funcie de tipul de sisteme / aplicaii testate
de uz general
pentru aplicaii web
8
Ion BICA
Scannere de vulnerabiliti de uz general
Nessus (http://www.nessus.org )
the best security tool!
SARA - Security Auditor's Research Assistant (http://www-arc.com/sara/ )
X-scan (http://www.xfocus.com)
MBSA (http://www.microsoft.com )
GFI LANGuard (http://www.gfi.com )
Retina (http://www.eeye.com )
CORE IMPACT (http://www.coresecurity.com )
Proventia Network Enterprise Scanner (http://www.ibm.com )
QualysGuard (http://www.qualys.com/ )
SAINT - System Administrators Integrated Network Tool
(http://www.saintcorporation.com/ )

9
Ion BICA
Nessus
Arhitectur client / server
server (scanning engine)
client (user interface)
autentificare utilizatori + criptare conexiune (SSL)
Modular
funcionaliti implementate sub forma de plugin-uri (script-uri)
aproximativ 40.000 de plugin-uri de scanare a vulnerabilitilor
NASL (Nessus Attack Scripting Language)
Detectarea serviciilor active de pe calculatorul int se face prin port
scanning
ping, TCP connect(), SYN scan
Metode de scanare safe / distructive
Generare de rapoarte (HTML)
Compatibil CVE
2 tipuri de abonamente
ProfessionalFeed (1200 USD / year)
HomeFeed (free)
10
Ion BICA
Nessus (cont.)
1. Conectare n sistem (autentificare)
2. Definire inte (calculator / subreea)
3. Selectare politic de scanare (plugin-uri)
4. Scanare sisteme
5. Interpretare rezultate
11
Ion BICA
Nessus (cont.)
12
Ion BICA
MBSA
Microsoft Baseline Security Analyzer
Detecteaz vulnerabiliti specifice produselor Microsoft:
Security updates
Weak passwords
Windows configuration
IIS vulnerabilities
SQL vulnerabilities
Necesit drepturi administrative pe calculatorul int
Generare de rapoarte
13
Ion BICA
MBSA (cont.)
14
Ion BICA
Vulnerabiliti specifice aplicaiilor Web
Over 70% of security vulnerabilities exist at the application layer,
not the network or system layer.
Gartner 2004-2006
15
Ion BICA
Vulnerabiliti specifice aplicaiilor Web (cont.)
Unvalidated Input
Cookie Poisoning
CGI Parameters
SQL Injection
Cross site scripting (XSS)
Directory Traversal
Buffer Overflow

16
Ion BICA
Scannere de vulnerabiliti pentru aplicaii Web
Nikto (http://www.cirt.net/nikto2 )
Paros proxy (http://www.parosproxy.org )
Burpsuite (http://portswigger.net/suite/ )
WebInspect (http://www.spidynamics.com )
Acunetix WVS (http://www.acunetix.com )
Rational AppScan (http://www.ibm.com )
N-Stealth (http://www.nstalker.com/nstealth/ )
Open Web Application Security Project (OWASP)
http://www.owasp.org/
17
Ion BICA
Nikto
Open Source (GPL)
Utilitar n linie de comand
Verificri efectuate:
server and software misconfigurations
default files and programs
insecure files and programs
outdated servers and programs
Asigur identificarea modulelor software instalate pe serverul de Web (php,
perl, etc)
Suport pentru SSL, LibWhisker2 (anti IDS)
Generare rapoarte n diverse formate (text, CSV, HTML, XML, NBE )
Permite integrarea cu Nessus
lansarea automat a programului nikto atunci cnd Nessus detecteaz un
server de Web
18
Ion BICA
Nikto (cont.)
19
Ion BICA
Acunetics WVS
Verificri efectuate:
CGI testing
parameter manipulation (SQL Injection, XSS, )
text search
port scanning
Google Hacking Database
Generare de rapoarte customizate
Suport pentru AJAX / Web 2.0
Suport pentru CAPTCHA, Single Sign-On i mecanisme de
autentificare bazate pe doi factori
Unelte auxiliare
HTTP Editor, HTTP Sniffer, HTTP Fuzzer, Scripting tool, Blind SQL
Injector
1500 USD (Single User Single URL Perpetual License)
20
Ion BICA
Acunetics WVS (cont.)
21
Ion BICA