Computer and Network Security

Report no. Two

In this report you are expected to research network security audit tools and investigate one that
can be used to identify host or network device vulnerabilities. Fill in the report below based on
your findings.

1. Research various security audit and network attack tools

List some of the tools that you identified in your research

Possible examples include: Microsoft Baseline Security Analyzer (MBSA), NMAP, Cisco
IOS AutoSecure, Cisco Security Device Manager (SDM) Security Audit
Wizard,Sourceforge Network Security Analysis Tool (NSAT) Solarwinds Engineering
Toolset.
Attacker tools may also be investigated, including L0phtcrack, Cain and Abel, John the
Ripper, Netcat, THC Hydra, Chkrootkit, Sniff, Nessus, AirSnort, AirCrack, WEPCrack,
The SDM Security Audit tool is used as an example here.

Note: Additional sources of information include the following:

http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html

Top 100 Network Security Tools of 2006

http://sectools.org/index.html:
Password Crackers
http://sectools.org/crackers.html
Sniffers
http://sectools.org/sniffers.html
Vulnerability scanners:
http://sectools.org/vurn-scanners.html
Wireless:
http://sectools.org/wireless.html
Exploitation:
http://sectools.org/exploitation.html
Packet-crafters:
http://sectools.org/packet-crafters.html

2. Fill in the following form for the security audit or network attack tool
selected.

Developer: Cisco Systems

Type of tool: Cisco router GUI based security Analysis
Used on(network device or Router
computer host):
 Description of key features and capabilities of product or tool:
SDM security Audit wizard runs a series of predefined checklists to access arouterJs
security configuration. When finished, SDM presents a list of the recommended actions,
which you can selectively choose to apply. SDM also allows you to directly perform a
one-step router lockdown option.
One-step lockdown configures the router with a set of defined security features with
recommended settings.
Security Audit is a feature of SDM that examines an existing router configuration then
provides a list of recommended configuration changes to make a router and network more
secure. For a complete list of functions that security Audit checks for, see the online help
topics in SDM.
Security audit does the following:
• Checks the router’s running configuration against a list of predefined security
configuration settings.
• List identified problems and provides recommendation for fixing them.
• Allows the user to choose which problems to fix and displays the appropriate user
interface for fixing them.
• Delivers commands to configure the router with the chosen security configuration.
• Examples of security, related issues that Security Audit can address include
services that should be disabled, password requirements, warning banners, Telnet
settings, SSH access, firewalls, logging, and AAA and the Security Audit wizard
provide content, sensitive help
References and info links:
http://www.cisco.com/en/US/docs/routers/access/cisco-router-and-security-device
-manager/25/software/user/guide/SAudit.html

3. Reflection
a. What is the frequency of network attacks and what is their impact on the operation of
an organization? What are some key steps organizations can take to help protect their
networks and resources?
Massive network attacks like code red which can affect large portion of the internet are
less common because of mitigation strategies that have been implemented. However,
smaller targeted attacks, especially those intended to acquire personal information, are
more common than ever. Networking devices and hosts on a network have much potential
vulnerability that can be exploited.
Vulnerability analysis tools can help identity security holes so that network administrators
can take steps to correct the problem before an attack occurs. Other steps that can be taken
include: The use of firewalls, intrusion detection and prevention, hardening of Network
devices, endpoint protection, AAA, user education and security policy development.
b. Have you actually worked for an organization or know of one where the network was
compromised? If so, what was the impact to the organization and what did it do
about it?
Answers will vary, and the results can be interesting.

c. What steps can you take to protect your own PC or laptop computer?
Answers will vary but could include: Deep the operating system and applications up to date
with patches and service packs, use a personal firewall, configure passwords to access the
system, configure screensavers to timeout and require a password% protect important files
by making them read, only encrypt confidential files and backup files for safe keeping.