강좌

HOME > 강좌 >
강좌| 리눅스 및 오픈소스에 관련된 강좌를 보실 수 있습니다.
 
CIS(Cerberus' Internet Scanner) 설치 및 운영 가이드
조회 : 9,720  



CIS(Cerberus' Internet Scanner) 설치 및 운영 가이드

2001. 3. 28

이완희, lwh@certcc.or.kr

1. 개요

CIS는 영국의 Cerberus Information Security (http://www.cerberus-infosec.co.uk)에서 만든 보안 스캐너로서 기존의 NT Info Scanner를 수정 보완한 것이다. 시스템 관리자를 위해 컴퓨터 시스템의 security holes을 찾아주기 위한 무료보안 스캐너이다. 이 툴은 기본적으로 WWW, SQL, ftp, various NT checks, SMTP, POP3, DNS, finger 등 12개의 점검 모듈로 구성되어 있으며 세부적으로 약 300여개의 점검항목을 포함한다. 특히, 이 툴이 NT Info Scanner를 확장한 도구로써 IIS 웹서버 취약점과 관련된 점검항목이 풍부하다. 12개의 점검모듈들은 dll 형태로 제공되고 점검항목의 업데이트는 자동업데이트 기능을 이용하여 dll 파일을 교체하면 된다.

2. 설치 및 운용

윈도우 NT나 2000에서만 사용 가능하며 Win95/98은 사용불가능하다.

가. 설치

다음 사이트에서 http://www.cerberus-infosec.co.uk/cis.shtml 압축된 파일을 다운받아 자신이 원하는 디렉토리에 압축을 풀면 해당 디렉토리에 실행파일과 검사모튤(dll) 파일이 설치된다.

실행 프로그램은 GUI 환경으로 사용이 대단히 편리하다.

나. 실행

: 스캔할 호스트를 적는다.
: 스캔을 시작한다.
: 스캔한 목록을 보여준다( HTML 웹 형식으로)
: 검사할 특정 서비스 항목(모튤)을 선택할수 있게 해 준다.
: 모뎀연결을 스캔한다.(이것은 상업용 버전에서만 가능하다.)
: 간단한 도움말이 있다.

그리고 명령 프롬프트 창을 이용하면 여러개의 호스트를 동시에 백그라운드로 실행 시킬수 있으며, 메모리의 사용이 적어 시스템에 부하가 적다.

3. 검사 후 결과물(Report)

12개의 점검 모듈로 구성되어 있으며 300여개의 점검항목을 포함하며 특히 IIS 웹서버 취약점과 관련된 점검항목이 많다.

( Web service, MS SQL Services, FTP Services, NetBIOS, NT Registry, NT Services SMTP Services, POP3 Services, Portmapper, Finger, DNS )

스캔 결과 발견된 취약점에 대한 설명은 웹을 통한 하이퍼링크를 통해 관련문서를 연결해 주고 있다.

여기서 원하는 서비스를 선택하면 해당 서비스에서 감지된 보안 취약점 관련해서 세부사항을 상세하게 설명해 준다. 그리고 좀더 자세한 사항은 링크를 통해 해당 취약점 관련 사이트로 링크를 걸어준다.

4. Update

점검 서비스별 모듈이 dll 형태로 제공되고 각각 분리 되어있기 때문에 각 서비스별로 업데이트 할수 있어 업데이트가 간단하다.(해당 dll 파일을 다운받아 덮어쓰면 된다.)

5. 체크 항목 세부사항

Web Checks - 126 Checks
***********************
Web service is running
Misc Evaluate web service software
Misc MS Proxy Server
Misc Remote IIS administration
Misc Oracle owa_util package
Execute Commands msadc
Execute Commands campas
Execute Commands jj
Execute Commands formmail
Execute Commands formmail.pl
Execute Commands faxsurvey
Execute Commands get32.exe
Execute Commands alibaba.pl
Execute Commands tst.bat
Execute Commands phf
Execute Commands webdist.cgi
Execute Commands aglimpse.cgi
Execute Commands echo.bat
Execute Commands hello.bat
Execute Commands loadpage.cgi
Execute Commands Oracle Bat files
View files iissamples/issamples/query.idq
View files iissamples/issamples/fastq.idq
View files iissamples/exair/search/search.idq
View files iissamples/exair/search/query.idq
View files prxdocs/misc/prxrch.idq
View files iissamples/issamples/oop/qfullhit.htw
View files iissamples/issamples/oop/qsumrhit.htw
View files scripts/samples/search/qfullhit.htw
View files scripts/samples/search/qsumrhit.htw
View files Webhits
View files scripts/samples/search/author.idq
View files scripts/samples/search/filesize.idq
View files scripts/samples/search/filetime.idq
View files scripts/samples/search/query.idq
View files scripts/samples/search/queryhit.idq
View files scripts/samples/search/simple.idq
View files scripts/samples/search/filesize.idq
View files scripts/samples/search/filetime.idq
View files scripts/samples/search/query.idq
View files scripts/samples/search/queryhit.idq
View files scripts/samples/search/simple.idq
View files scripts/samples/search/qfullhit.htw
View files scripts/samples/search/qsumrhit.htw
View files scripts/samples/search/webhits.exe
View files iissamples/exair/howitworks/codebrws.asp
View files msadc/samples/selector/showcode.asp
View files scripts/rguest.exe
View files cgi-bin/rguest.exe
View files scripts/wguest.exe
View files cgi-bin/wguest.exe
View files Search admin webhits.exe
View files view-source
View files ~root
View files ~ftp
View files FormHandler.cgi
View files AltaVista query
View files search.cgi (EZSHOPPER)
View files htsearch
View files sojourn.cgi
View files windmail
Information cfcache.map
Information idc reveals physical paths
Information bdir.htr
Information server-info
Information server-status
Information robots.txt
Information cgi-bin/enivron.pl
Information scripts/environ.pl
Information testcgi
Information test-cgi
Information test.cgi
Information cgitest.exe
Information nph-test-cgi
Information mkilog.exe
Information mkplog.exe
Information cgi-bin/htimage.exe
Information scripts/htimage.exe
Information names.nsf
Information catalog.nsf
Information log.nsf
Information domlog.nsf
Information domcfg.nsf
Information doctodep.btr
FrontPage administrators.pwd
FrontPage authors.pwd
FrontPage users.pwd
FrontPage service.pwd
FrontPage IIS Account shtml.dll
Directory Listing cgi-bin
Directory Listing scripts
Directory Listing Netscape PageService
Shell check cgi-bin/sh
Shell check cgi-bin/csh
Shell check cgi-bin/ksh
Shell check cgi-bin/tcsh
Shell check cgi-bin/cmd.exe
Shell check scripts/cmd.exe
Perl cgi-bin/cmd32.exe
Perl scripts/cmd32.exe
Perl cgi-bin/perl.exe
Perl scripts/perl.exe
Perl Errors reveal info
Create file newdsn.exe
BUffer overrun fpcount.exe
Buffer Overrun count.cgi
Predictable SessionID rightfax
Search iissamples/issamples/query.asp
Search iissamples/exair/search/advsearch.asp
Search samples/search/queryhit.htmSearch Netscape
Password Attacks iisadmpwd/aexp3.htr
HTTP Methods allowed to root directory
HTTP Methods allowed to /users
HTTP Methods allowed to /cgi-bin
HTTP Methods allowed to /scripts
Create file in /users directory
Create file in /cgi-bin directory
Create file in / directory
Create file in /scripts directory
File Upload repost.asp
File Upload cgi-win/uploader.exe
View Source Netscape append space
View Source shtml.dll
View Source ::$DATA
Configuration .htaccess
SMTP Service - 21 Checks
************************
SMTP service is running
Service software enumeration
EXPN command allowed
VRFY command allowed
VERB command allowed
Mail relaying allowed'
Win2k SMTP IIS Service Buffer Overrun
SLMail Buffer Overrun
Exchange Service Packs
Sendmail Wizard
Sendmail debug
Sendmail piped aliases
Mail to programs
Mail from bounce check
Sendmail 8.6.9 IDENT vulnerability
Sendmail 8.6.11 DoS vulnerability
Sendmail 8.7.5 GECOS buffer overrun vulnerability
Sendmail 8.8.0 MIME buffer overrun vulnerability
Sendmail 8.8.3 MIME buffer overrun vulnerability
Decode alias check
Mail forgery
FTP Checks - 7 Checks
*********************
FTP daemon is running
Service Software enumeration
IIS 4 DoS
Anonymous logins allowed
Hidden /c directory found
Uploads allowed to /c
Uploads allowed to root
Portmapper - 2 Checks
*********************
Portmapper is listening
Dump RPC Services running
POP3 Checks - 3 Checks
**********************
POP3 Daemon is running
Service software enumeration
QPOP buffer overrun
MS SQL Server Checks - 19 Checks
********************************
MS SQL Server is running
sa login has no password
Dump logins from master database
login has a blank password
login's password is same as login name
Dump databases
guest account is enabled on database
Dump logins with access to database
Audit database roles in database
Audit members of server-wide sysadmin role
Audit members of server-wide securityadmin role
Audit members of server-wide setupadmin role
Audit members of server-wide serveradmin role
Audit members of server-wide diskadmin role
Audit members of server-wide processadmin role
Audit members of server-wide dbcreator role
Check if SQL Authentication is allowed
Check if Mixed Mode Authentication is allowed
Check if NT Authentication is allowed
NT Accounts - 8 Checks
********************
Enumnerate Account Name
User Full name
User Comment
User Privs
User Last logon
User Last password change
Account has a blank password
Account has password same as userID
NT Shares - 3 Checks
********************
Share Name
Share Type
Null session connection
NT Groups - 2 Checks
********************
Enumerate group names
Enumerate and list members
NT User Mode Service Checks - 12 Checks
***************************************
Enumerate running user mode services
Check binary path
Audit permissions on SCM
Security context
Messenger Service is running
Browser Service is running
Index Service is running
SQL Service is running
Telnet Service is running
RASMAN Service is running
IP RIP Service is running
SNMP Agent Service is running
NT Driver Service Checks - 3 Checks
***********************************
Enumerate running driver services
Check binary path
Audit permissions on SCM
NT Registry Checks - 40 Checks
******************************
Audit permissions on permissions on various keys
Check values of various keys and values

 


[원글링크] : https://www.linux.co.kr/home2/board/subbs/board.php?bo_table=lecture&wr_id=428


이 글을 트위터로 보내기 이 글을 페이스북으로 보내기 이 글을 미투데이로 보내기

 
(주) 수퍼유저