Network Vulnerabilities

Vulnerabilities are weakness in the security system, for example, in procedures, design, or implementation that might be exploited to cause loss or harm. This category includes only general explanation of vulnerabilities. System/Application specific information is available in Attacks category.

Below are some common vulnerabilites: Hardware Vulnerabilities definition

Generally caused by the exploitation of features having been put into the hardware to differentiate it from the competition or to aid in the support and maintenance of the hardware. Some exploitable features include terminals with memory that can be reread by the computer and downloadable configuration and password protection for all types of peripheral devices, including printers. It is the crackers creative misuse of these features that can turn a feature into a vulnerability.Because we can see what devices are hooked to the system, it is rather simple to attack by adding devices, changing them, removing them, intercepting the traffic to them, or flooding them with traffic until they can no longer function. "Involuntary machine slaughter": accidental acts not intended to do serious damage to the hardware involved. "Voluntary machine slaughter" or "machinicide," usually involves someone who actually wishes to harm the computer hardware or software.

Software Vulnerabilities
Deletion. Because of software's high value to a commercial computing center, access to software is usually carefully controlled through a process called configuration management so that software is not deleted, destroyed, or replaced accidentally.

Modification.
Logic bomb - changes made so that a program fails when certain conditions are met or when a certain date or time is reached. Trojan horse - a program that overtly does one thing while doing another

Virus - a specific type of Trojan horse that can be used to spread its "infection" from one computer to another Trapdoor - a program that has a secret entry point Information leaks - code that makes information accessible to unauthorized people or programs Theft - unauthorized copying of software.

Software Vulnerabilities

Nonmalicious Program Errors

o o o

Buffer Overflow Incomplete Mediation Time-of-Check to Time-of-Use Errors Virus Trojan Horse Logic Bomb Time Bomb Worm Rabbit

Viruses and Other Malicious Code

o o o o o o

Data Vulnerabilities

Confidentiality. Data can be gathered by many means, such as tapping wires, planting bugs in output devices, sifting through trash receptacles, monitoring electromagnetic radiation, bribing key employees, inferring one data point from other values, or simply requesting the data. Because data are often available in a form people can read, the confidentiality of data is a major concern in computer security. Integrity. Data are especially vulnerable to modification. Small and skillfully done ways. Network.= Networks are specialized collections of hardware, software, and such, it experiences all the normal security problems. modifications may not be detected in ordinary

data. Each network node is itself a computing system; as

Access=Access to computing equipment leads to three types of vulnerabilities. Intruder may steal computer time to do general-purpose computing that does not attack the integrity of the system itself. Malicious access to a computing system, whereby an intruding person or system actually destroys software or data. Unauthorized access may deny service to a legitimate user.

People= People can be crucial weak points in security. In particular, a disgruntled employee can cause serious damage by using inside knowledge of the system and the data that are manipulated.

Network Vulnerabilities
o o o o o o o o o o o o o o o o

Eavesdropping Session Hijacking Man in the Middle Addressing errors Cookie Malicious active code: Java, ActiveX Protocol Flaw Eavesdropping Passive wiretap Misdelivery Protocol flaw Transmission or component failure Denial of Service DNS Attack Traffic redirection Distributed Denial of Service

TOOL

GFILANguard Network Security Scanner and Vulnerability Management Solution

GFI LANguard is the award-winning network and security scanner used by over 20,000 customers. We scan your network and ports to detect, assess and correct security vulnerabilities with minimal administrative effort. As an administrator, you have to deal separately with problems related to vulnerability issues, patch management and network auditing, at times using multiple products. However, with GFI LANguard these three cornerstones of vulnerability management are addressed in one package. We give you a complete picture of your network set-up and help you to maintain a secure network state faster and more effectively.

Vulnerability Management
GFI LANguard performs network scans using vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments when your network, including any virtual environment, is scanned. GFI LANguard allows you to analyze the state of your network security and take action before it is compromised.

Patch Management
When a network scan is complete, GFI LANguards Patch Management gives you what you need to effectively deploy and manage patches on all machines across different Microsoft operating systems and products in 38 languages. Not only can you automatically download

missing Microsoft security updates, but you can also automatically deploy the missing Microsoft patches or service-packs throughout your network at the end of scheduled scans.

Network Auditing
GFI LANguards Network Auditing tells you all you need to know about your network by retrieving hardware information on memory, processors, display adapters, storage devices, motherboard details, printers, and ports in use. Using baseline comparisons you can check whether any hardware was added or removed since the last scan. GFI LANguard will identify and report unauthorized software installations and provide alerts or even automatically uninstall unauthorized applications.

Why use GFI LANguard?

Powerful network, security and port scanner with network auditing capabilities Over 15,000 vulnerability assessments carried out across your network, including virtual environment Reduces the total cost of ownership by centralizing vulnerability scanning, Patch Management and Network Auditingthese connections can be audited for the appropriate security settings. Additionally,

Installing GFI LANguard

System requirements
Install GFI LANguard on a computer that meets the following Requirements: Any of the following operation systems: Microsoft Windows 2008 Server (x86 and x64) Microsoft Windows 2003 Server (x86 and x64) Microsoft Windows 2000 (SP4) Microsoft Windows VISTA (x86 and x64) Microsoft Windows XP (SP2) (x86 and x64) .NET Framework 2.0 A database backend such as Microsoft Access, MSDE or Microsoft SQL Server 2000 (or later) Internet Explorer 5.1 or higher. Client for Microsoft Networks component - included by default in Windows 95 or higher. NOTE: For more information on how to install the Client for Microsoft Networks component refer to the Installing the Client for Microsoft Networks component on Windows 2000 or higher section in the Miscellaneous chapter. Secure Shell (SSH) - included by default in every Linux OS Distribution pack.

Firewall considerations
Firewalls installed on either the host or target computer(s) will interfere With the operations of GFI LANguard You must either: Disable the firewall software on the host/target computer(s) Or Use the Windows Internet Connection Firewall domain policies to configure the necessary ports and services required by GFI LANguard to operate correctly. For more information on how to configure Active Directory policies to support scanning of/from computers running the Windows Internet Connection Firewall (XP SP2 or 2003 SP1) visit:

Installation procedure
To install GFI LANguard 9: 1. Double-click on languardnss9.exe and click next on the welcome screen. 2. Read the licensing agreement carefully. To proceed with the installation, select I accept the terms of the license agreement and click Next. 3. Type the username and the company name. If you bought a license for GFI LANguard, type it in the License Key box. If you do not have a license yet and want to evaluate GFI LANguard for 10 days, leave the default EVALUATION license key in the License Key box. Click Next to continue

4. Specify the service account under which GFI LANguard will be running and click Next. NOTE: GFI LANguard requires administrative privileges to scan network computers. For more information on how to specify different administrator credentials on a computer-by-computer basis refer to the Computer Profiles section in this manual. 5. To install GFI LANguard to the default location, click Next to continue. Alternatively, to specify a custom installation folder click Browse , select a new installation path and click Next to continue.

6. GFI LANguard will prompt you to install the complimentary ReportPack. Select Download and install GFI LANguard ReportPack and its prerequisites to install the ReportPack. Click Next to proceed. 7. GFI LANguard has now finished installing. To launch GFI LANguard immediately, click on Finish. To launch GFI LANguard later, unselect Launch GFI LANguard 9.0 and click Finish.

Upgrading earlier versions of GFI LANguard

You can upgrade previous versions of GFI LANguard (formerly known as GFI LANguard Network Security Scanner) and retain the current custom scan profiles, scheduled scan details, mailserver settings and the scan results database. To upgrade from a previous version: 1. Double-click on languardnss9.exe. 2. GFI LANguard will automatically detect whether a previous version of GFI LANguard is already installed on the machine and will proceed to uninstall this version. A dialog will be displayed to alert you that the previous version will be deleted. Click Next to proceed with the installation.

3. By default GFI LANguard will retain the previous scan results

database, configuration data and all the logs and debug information files. To delete any of this data from your new installation of GFI LANguard 9, select the appropriate box and click Next. 4. Once the uninstall of the previous version is complete, continue the installation by following the instructions listed in the installation procedure section above.

Entering your license key after installation

The unregistered, evaluation version of GFI LANguard expires days and is feature-limited. For a list of restrictions that feature-limited version of GFI LANguard, please

When you obtain the 30-day evaluation key or the purchased licensed key, you can enter your license key without re-installing or reconfiguring the product. To achieve this: 1. Launch GFI LANguard management console 2. Select General tab .. Licensing 3. In the right pane click on Change license key 4. Insert your new license key in the textbox provided. For more information on GFI LANguard licensing visit:

Troubleshooting
Introduction
The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter. The main

sources of information available to users are: The manual most issues can be solved by reading this manual. GFI Knowledge Base articles Web forum Contacting GFI Technical Support

Knowledge Base
GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most uptodate listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/.

Web Forum
User to user technical support is available via the web forum. The forum can be found at: http://forums.gfi.com/.

Request technical support

If you have referred to this manual and our Knowledge Base articles, and you still cannot solve issues with the software, contact the GFI Technical Support team by filling in an online support request form or by phone. Online: Fill out the support request form on: http://support.gfi.com/supportrequestform.asp. Follow the instructions on this page closely to submit your support request. Phone: To obtain the correct technical support phone number for your region please visit: http://www.gfi.com/company/contact.htm. NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at: http://customers.gfi.com. We will answer your query within 24 hours or less, depending on your time zone.

Build notifications
We strongly suggest that you subscribe to our build notifications list. This way, you will be immediately notified about new product builds. To subscribe to our build notifications, visit: http://www.gfi.com/pages/productmailing.htm.

RETINA Network Security

Vulnerability and Risk Assessment Network Discovery and Patch Assessment Policy Compliance and Audit Reporting

NETWORK vulnerabilities are an increasingly common issue in today's highly complex computing environments. With exploit attacks appearing faster than ever before, it has become significantly more challenging for organizations to protect against attack. A notable case in point is the Sasser worm. Sasser was based on exploit code released two days earlier and only 18 days after the initial vulnerability was announced. With such a dynamic threat environment to contend with, IT professionals need a proactive security management strategy that goes beyond routine patch deployment. To meet the challenge, and reduce overall network security TCO in the process, organizations are adopting integrated security and threat management solutions from eEye Digital Security. Retina Network Security is a professional-grade security solution with a lengthy track record of success and industry leadership.Retina contains all the integrated security and threat management tools needed to effectively identify and remediate the Network vulnerabilities that lead to exposure and malicious attacks. Retina secures

Unsurpassed Vulnerability Management

networks by:

 Accurately discovering all the assets in thenetwork Infrastructure includingoperating system platforms, networked devices, databases and third party or customapplications. Retina also discovers wireless devices and their configurations, ensuring Implementing corporate policy driven scans to audit int these connections can be audited for the appropriate security settings. Additionally,Retina scans active ports and confirms the services associated with those ports.ernal security guidelinesand ensure that configuration requirements are enforced and comply with definedstandards. These custom scans can also assist with meeting any regulatory compliancerequirements (SOX, HIPAA, GLB, PCI etc) customers may face. Remotely identifying system level vulnerabilities to mimic an attacker's point ofview, providing information that an outsider would see about your Network. Theseremote checks do not require administrator rights, providing an accurate assessment,with fewer resources required to scan across departments, locations or geographies

Incorporating the most comprehensive vulnerabilities database and scanning technology available, allowing users to proactively secure their networks against was developed and is constantly updated by the eEye Research Team, leveraging its expertise and superior vulnerability discovery methodology. Updates are automatically uploaded at the beginning of each Retina session. Providing a workflow approach to vulnerability management. Retina's user interface allows for multiple views and reporting options with which to analyze assessment data. This gives users the opportunity to view assets criticality correlated with complete vulnerability data. This approach allows users to effectively prioritize remediation efforts