Security Administration ToolsHanan Hibshi & Tim Vidas

• Web browser and Web security

• PKI and Secure Communication

• Phishing & Semantic Attacks

• User Education

• Passwords, graphical passwords and alternatives

• Challenge Questions

• Access Control

• Other issues...

Putting it All Together

Why Security Administration?• Hackers. • Attacks.• Vulnerabilities. • Terrorism.• etc.• Thus, we need front liners!

• Security Admin Personnel • Can be one person

• Can be a team

• Scalability: size of organization, cost…. 

Who?

• Too many things to keep track of. • Monitoring and maintenance of a number of complicated

tasks. • Need to "keep an eye"• Security tools supposed to be "to the rescue"

• Make administrators life easier• Provide them with better reporting and monitoring

• Paper in assigned readings defined a number of factors:• Organizational • Human • Tools themselves

Why can’t one person do it?

• Network Traffic and Packet analyzers

• Wireshark, TCP Dump, Cain and Able (PW), Ntop, Netcat

• Vulnerability Testing

• Metasploit, Nessus

• Intrusion Detection Systems (IDS)

• Snort, Splunk

• File/host integrity tools

• Tripwire

• Others

• OpenSSH honeypots, Scripting tools, Websecurity

Common Tools

Wireshark - ScreenShot

Wireshark – Screenshot 2

TCPdump – Screenshot

Cain and Abel

Ntop – Screenshot

Ntop – Screenshot 2

Metasploit - Screenshot

Nessus - Interface

Snort - Screenshot

Problems• GUI vs. Command line • Technical background • Is usability important anyway?• Issues:

• Too much to look at• No single data format for output• Out-of-sync clocks• The human!

Some Proposed Solutions• Visualizations• Training users

• Understand implications • Understand least privilege

• Understanding different players: organization, human, tools• Improving IDS Usability

• Assist users with configuration and installation• Some other recommendations

• Heuristics evaluation • Developed ITSM Heuristics • Compared ITSM to Nielsen’s Heuristics • With ITSM Heuristics, more problems were found