All Rights Reserved © 2012 IJARCSEE
21
will address a phase of the different levels of security assessments. The paper is written for security practitioners and pen testers, and of course, students who have interested in security assessment. So, it is concentrated on open source tools, and thereby, commercial products are not mentioned. It is used to validate the security of a network. We describe the number of open source tools and suggest mechanisms for applying these techniques. This paper examines the security assessment and shows that open source tools may more clearly and comprehensively meet the guidelines.
Keywords: Security Assessment, Web Server Assessment, Network Security, System Security
I.INTRODUCTION
Information Technology is a crucial resource and enabler in almost every part of our society. However, there are severe risks associated with IT that may substantially decrease the potential benefits. To handle these risks, it is requires the ability to perform security assessments. Every computer that communicates on the Internet uses an Internet Protocol (IP) address. Some IP addresses are Public and others are Private. Any computer with a Public IP address means that it is directly accessible from any other computer on the Internet. Any computer can present information requests or commands, which it can either deny or accept, and respond accordingly. When a computer is behind a router, firewall or proxy server, it may be using a Private IP address. It means that any requests for information or commands must pass through the router, firewall, or proxy server in order to be delivered to the destination computer. These security measures provide a good layer of protection. There are various tools for security assessment, both open and closed source. In this paper are listed and evaluated those that are found valuable and mature while in the same time being freely available open source tools. An information security assessment is providing a tool to evaluate, and enhance
II.OPEN SOURCE SECURITY ASSESSMENT TOOLS
1) www.network-tools.com
Network tools that provide services such as ping, lookup, trace route, whois, and much more. This is one of the information gathering online tools.
2) SuperScan:
All Rights Reserved © 2012 IJARCSEE
22 Installation:
Download the SuperScan4.exe (204 KB) file to your
computer
Double click the file, it will show error message. We must have local administrator privileges to run this program.
Click O.K. Now select the file right click select ‘Run as administrator’, it will work.
Usage:
Click Scan tab, it will show Hostname/IP, Start IP, and End IP.
Enter hostname or IP, you will scan specific
computer
Enter Start IP to End IP, you will scan specific network range
Click Forward arrow button
Click Play button, scan will start
Click View HTML results tab, complete scan
report will get HTML format, you will open with internet explorer
3) Nmap:
Nmap is one of the most useful network discovery tools that we will ever use. Nmap allows you to explore networks of any size to determine the following information Port details, Host details, State, Service, Devices, Addresses, and much more. Nmap is one of those applications that we need to open anytime to see issues on the network, need to get information about hosts, track down an IP address, etc. Nmap is flexible, powerful, deployed all over the world. It is one among the top 10 programs. It is easy to use, well documented, cross platform and free. Nmap is one of the command line tool, but the same features also available in
another front end tool Zenmap. To install Zenmap, we need
to install Nmap along with it.
Installation:
Download the Nmap-5.21-setup (15258 KB) file into the
computer.
Double click Click I agree
Click Next Click Install
Click Next Click Next Click Finish
Usage:
Find a target IP Address {ie: 192.168.0.1} Enter
the input Text Box that says Target
From the Drop-down box to the Right that says
Profile Select Intense scan
Press Scan button to begin scanning your target, Wait for Zenmap to scan our target's IP
Nmap Output tab Shows the progress of the
scanning with detailed information about the scan Ports / Hosts tab List the Open Ports and it'll tell
that which port is open and which Port is closed and since we picked Intense scan it will show the TCP and UDP ports.
Topology tab Shows 3D/2D Graphic viewer of
the route from the router to the targets and it will show the hops along the way and our target that we traced. If we press Fisheye and Controls buttons we will have more options to see the graphic image to show more details.
Host Details tab Show the information about the
host target OS detection, Mac address, and our target computer whether if their computer is active or inactive.
4) Microsoft Baseline Security Analyzer:
All Rights Reserved © 2012 IJARCSEE
23
Download the MBSASetup-x86-EN.msi (1588 KB) file
into the computer
Double click the File Click Run
Click Next Select I Accept the licence agreement
Click Next Click Next
Click Install Click O.K
Usage:
a) Scan a computer:
Check a computer using its name or IP address, this scan using for home or personal computers.
Click Scan a Computer; then enter IP address or
Computer name
Click Start Scan, it will check online Microsoft
Security Updates, and then the system scan will start
b) Scan multiple computers:
Check multiple computers using a domain name or a range of IP addresses, this scan using for network environment.
Click Scan multiple computers, then enter the Domain name or IP address range
Click Start Scan, it will check online Microsoft
Security Updates, and then system scan will start Both scans detailed report will show Security Update,
Administrative Vulnerabilities, Additional System
Information, Internet Information Services, SQL Server and Desktop Application results.
5) Wikto:
Wikto is a quick and easy to perform web server assessment tool. It tries to find out interesting directories and files on the website, it looks for sample scripts that can be abused or
finds known vulnerabilities in the web server
implementation itself.
Installation:
Download the Wikto_v2.1.0.0.rar (1064 KB) right
click extract here, which will shows two files. Double click setup file Click Next
Select I Agree Select Just me Click Next
Click Next Click Close
Usage:
Wikto scan wizard Welcome tab Click Next
Target tab Enter the hostname or IP address of
the machine {e.g: www.example.com}
Select Webserver HTTP or HTTPS (depends on
the target site)
Host internet facing Select NO Click Next Configuration tab Use proxy server Select
Yes or No (depends on our network configuration) Click Next Confirm Settings Click Next
Overview Click Finish Click Start, that’s all.
6) SiteDigger:
All Rights Reserved © 2012 IJARCSEE
24 Installation:
Download the sitedigger3.msi (1270 KB) file into
the Computer.
Double click the file Click Run Click Next
Click Next Select I Agree
Select Just me Click Next Click Next
Click Close
Usage:
It will show FSDB and GHDB
First I will click FSDB tree we will check just a few boxes
Click Scan, that’s all
No copy and pasting crap simply double click on any one of the results and it will pop up in our default web browser.
7) RootkitRevealer:
RootkitRevealer uses a cross view approach and focuses only on the File system and Registry. The benefit of this tool is fast, simple and effective. It does not scan for loaded kernel modules; it quickly detects both the hidden registry keys and the files being hidden by the rootkit.
Installation:
Download the RootkitRevealer.exe (326 KB) file
copy into the computer.
Double Click Agree Agree, that’s it. Usage:
Click File Scan, it will show number of
discrepancies.
Click File Save.
It is necessary to examine all discrepancies
8) http://www.gfi.com/malware-analysis-tool (formerly CWSandbox)
GFI SandBox is an automated malware analysis tool that allows the analysis of virtually any Windows application or file including infected Office documents, PDFs, malicious URLs, Flash ads and custom applications.
Click Submit your malware sample for a free
analysis, it will redirect
http://www.threattrack.com/
Click File Chosen button upload your sample malware, Enter the Email ID, then confirm Email ID, and enter the Captcha
All Rights Reserved © 2012 IJARCSEE
25 Installation:
Download the fsbl2.2.exe (1111 KB) file into the Computer Double click the file Click Run, it will show
error messages. F-secure BlackLight requires administrator privileges.
Click O.K. Now select the file right click select ‘Run as administrator’
Click Run, select I accept the agreement
Click Next.
Usage: Step1
Click Scan, after scanning ‘show all processes’
tab will appear
Click Show all processes, it will show number of process
Step2
Click Next, select the malicious file Click Next, cleaning Malicious files
Click Close
using tools that are highly rated by industry magazines, industry experts, and security companies.
IV.REFERENCES
[1] http://network-tools.com/
[2] http://www.softpedia.com/get/Network-Tools/Network-IP-Scanner/SuperScan.shtml
[3] http://nmap.org/download.html
[4] http://www.microsoft.com/download/en/ details.aspx?id=7558
[5] http://www.sensepost.com/labs/tools/pentest/wikto
[6] http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
[7] http://technet.microsoft.com/ en-us/sysinternals/bb897445
[8] http://www.gfi.com/malware-analysis-tool
[9] http://www.pcworld.com/downloads/file/fid,72632-order,1/description.html
[10] Steve Manzuik, Ken Pfeil, Andre Gold. Network Security Assessment from Vulnerability to patch. Syngress Publishing, Inc.
[11] Certified Ethical Hacking. EC-Council
[12] http://www.sans.org/reading_room/whitepapers/auditing/base- security-assessment-methodology_1587
All Rights Reserved © 2012 IJARCSEE
26
AUTHORS PROFILE
A.Sankara Narayanan is presently working as a Technical Support in Department of Information Technology at Salalah College of Technology, Salalah, Sultanate of Oman. He has 9 years of Networking/System experience and 4 years of Information Security experience. He has published 5 international journals. His research interests include ethical hacking, computer forensics, malware and information Security.
