1 00:00:00,130 --> 00:00:01,500 All right, so welcome back, everyone. 2 00:00:01,530 --> 00:00:07,320 This is Rajneesh, and the situation is about to start when we need to do this. 3 00:00:07,770 --> 00:00:09,060 It's a regular practice. 4 00:00:09,090 --> 00:00:15,420 In fact, if you remember, I told you about this every week, every month. 5 00:00:15,870 --> 00:00:22,440 What happened is, even in my organization, whenever we take care of any clients, we do the monthly 6 00:00:22,440 --> 00:00:24,630 scan for their entire network. 7 00:00:24,640 --> 00:00:28,280 We perform this scan for all their all their assets. 8 00:00:29,340 --> 00:00:33,790 So in that situation, we identify all the assets based on the IP address. 9 00:00:34,740 --> 00:00:41,190 And once that is done, we get the report on the spreadsheet and then we share across to the specific 10 00:00:41,190 --> 00:00:44,640 person, usually the team manager. 11 00:00:44,790 --> 00:00:50,310 And then they each day they make apply a filter on the spreadsheet and didn't share to the respective 12 00:00:50,310 --> 00:00:50,600 team. 13 00:00:51,000 --> 00:00:55,110 Maybe if we got, you know, hundreds of vulnerabilities on the firewall. 14 00:00:55,120 --> 00:00:56,970 So it would be shared with the firewall team. 15 00:00:57,510 --> 00:01:04,830 If we have 131 liabilities on on a Cisco router, it could be shared with the network team to fix that 16 00:01:04,830 --> 00:01:05,310 problem. 17 00:01:05,610 --> 00:01:13,650 If we got maybe, you know, 20, 21 already is on the servers, which is comparatively pretty low in 18 00:01:13,650 --> 00:01:14,040 number. 19 00:01:14,040 --> 00:01:17,940 But still, for example, it would be shared, shared to the server team. 20 00:01:18,270 --> 00:01:24,570 Now, all of those teams then responded back to the team to, you know, update them about this is what 21 00:01:24,570 --> 00:01:26,300 happened and this is the part about it. 22 00:01:27,000 --> 00:01:27,270 Right. 23 00:01:27,300 --> 00:01:30,620 So this is how the dart structure really works. 24 00:01:30,630 --> 00:01:37,710 And usually it would be shared, shared infosec manager shared to the, you know, the managers of those 25 00:01:37,710 --> 00:01:45,510 department and then the manager of maybe network team then shared through the network analysis manager 26 00:01:45,510 --> 00:01:51,870 of firewall team, shared to the firewall analyst and manager of sys admin. 27 00:01:51,870 --> 00:01:58,140 Our system team basically shared the system and to fix the vulnerabilities on the server side. 28 00:01:58,560 --> 00:02:01,020 So let's start over again. 29 00:02:01,020 --> 00:02:05,880 In this situation, what happiness will be straight away going to our scanner? 30 00:02:06,130 --> 00:02:08,880 OK, this is our scan. 31 00:02:09,370 --> 00:02:11,450 Let me close it. 32 00:02:11,460 --> 00:02:11,840 Yeah. 33 00:02:12,330 --> 00:02:14,190 And let me launch a new scan. 34 00:02:14,340 --> 00:02:24,900 At this moment, what we can do is in spite of network scan, in spite of just specifying a single IP 35 00:02:24,900 --> 00:02:28,340 address, will be making use of the entire network. 36 00:02:28,350 --> 00:02:31,590 So standard zeroed out one dot seal. 37 00:02:31,860 --> 00:02:33,210 So zero. 38 00:02:34,530 --> 00:02:41,840 So this covers the entire network because let's say I know that my Internet workspace is of Ten Network, 39 00:02:41,880 --> 00:02:43,860 so I can consider all the IP address. 40 00:02:44,250 --> 00:02:52,920 But if I know I just have to fit the system to scan maybe two in that situation, it would start scanning 41 00:02:52,920 --> 00:03:02,360 all the IP addresses ranging from 10, not zero to one, not one to 10 to zero one dot to fifty four. 42 00:03:03,210 --> 00:03:12,210 OK, and that way it would scan all those system and this subnet and I can even and then nodes go door 43 00:03:12,210 --> 00:03:17,560 to door zero four five twenty four as well. 44 00:03:17,880 --> 00:03:21,270 This would again cover another 255 host. 45 00:03:21,570 --> 00:03:28,200 I can keep adding all the network if let's say I just want to scan all of my network so I can simply 46 00:03:28,200 --> 00:03:29,940 scan all the network. 47 00:03:29,940 --> 00:03:37,500 Maybe I have ten slash eight network so I can specify the zero eight. 48 00:03:37,860 --> 00:03:45,710 So this we're going to scan all of my network system irrespective of their subnets they belong to. 49 00:03:45,840 --> 00:03:51,500 In my situation, we have a limited host and slash twenty four. 50 00:03:51,930 --> 00:03:53,490 So we have some servers. 51 00:03:53,850 --> 00:03:55,170 As I have shown you. 52 00:03:55,320 --> 00:03:58,980 We have got so we have got. 53 00:03:59,190 --> 00:03:59,550 All right. 54 00:03:59,550 --> 00:04:01,590 So we have Windows servers running. 55 00:04:01,590 --> 00:04:03,300 So I will be scanning that. 56 00:04:03,300 --> 00:04:06,120 We have Windows Ten machine that has been running. 57 00:04:06,510 --> 00:04:10,300 We have been as DSP servers, we have got databases. 58 00:04:10,320 --> 00:04:11,670 Well let me turn it up. 59 00:04:11,730 --> 00:04:17,400 The difference in DCB services is so works as well and this would be started as well. 60 00:04:17,730 --> 00:04:22,430 And we have got database MySQL database servers as well. 61 00:04:22,770 --> 00:04:25,800 And of course we do have many desperate people running. 62 00:04:25,800 --> 00:04:34,930 Do we have got OS bwl which need to be started to because this is a game that we've made us to, is 63 00:04:35,210 --> 00:04:41,160 host having the ability or SBW, where the Broken Web application is a set of. 64 00:04:41,160 --> 00:04:49,800 It's a group of all the infected web applications, so it more often includes more of it, including 65 00:04:50,190 --> 00:04:53,610 all the Web application in a single host. 66 00:04:54,250 --> 00:04:59,790 OK, and so once we specify that, we can specify the. 67 00:04:59,860 --> 00:05:06,870 Great interest as well, but for now, let's keep it as it is we can in case of basic network scan, 68 00:05:06,880 --> 00:05:13,170 we can't really modify any plugins to be we just have to be hazardous and let's start over again. 69 00:05:14,260 --> 00:05:18,350 OK, so usually what happens is it has to discover all the cost. 70 00:05:18,670 --> 00:05:23,200 So for Discovery itself, the scan is now ready for now. 71 00:05:23,200 --> 00:05:26,560 Let's pause it and let me show you there's a discovery scan. 72 00:05:26,560 --> 00:05:30,250 Is this especially to discover how many holes we have in the network? 73 00:05:30,700 --> 00:05:38,240 So when you ran this disk scan, this will only give you an idea about what almost you or you are having 74 00:05:38,510 --> 00:05:42,280 in a specific network and then you get the idea. 75 00:05:42,310 --> 00:05:44,260 OK, these are the most available. 76 00:05:44,550 --> 00:05:50,650 What are the operating system they are on and what application, what version of the operating system 77 00:05:50,650 --> 00:05:51,490 they are running with them? 78 00:05:52,230 --> 00:05:55,220 OK, that's something you can start with, OK? 79 00:05:55,540 --> 00:06:01,060 So usually before doing the network scan, you can make use of discovery to discover all the hosts in 80 00:06:01,060 --> 00:06:01,610 a network. 81 00:06:02,020 --> 00:06:03,310 That's something you can start with. 82 00:06:03,320 --> 00:06:10,300 But usually when we when we perform the network scan, start with the discovery and then start finding 83 00:06:10,300 --> 00:06:12,570 the vulnerabilities of each and every host. 84 00:06:12,850 --> 00:06:18,460 OK, so let me start to launch this scan and let's see what stopped happening. 85 00:06:19,510 --> 00:06:22,750 You will see a list of all the hosts one by one. 86 00:06:22,750 --> 00:06:31,630 And if we become lucky, we could we could see some interesting vulnerabilities as well. 87 00:06:32,860 --> 00:06:33,250 All right. 88 00:06:33,260 --> 00:06:39,430 So let's pause this video for now and we will wait for some time to get the report, to get the detail 89 00:06:39,430 --> 00:06:41,590 about it, because that's a huge scan. 90 00:06:42,220 --> 00:06:49,690 So we have reset to time, but we have got a significant amount of vulnerabilities. 91 00:06:50,020 --> 00:06:51,270 Let's start with the host. 92 00:06:51,640 --> 00:06:54,870 So the first thing that you see is the discovery of all this. 93 00:06:54,870 --> 00:06:57,580 Who was from then on out one, not 14? 94 00:06:57,970 --> 00:06:59,520 That's our that's portable. 95 00:06:59,530 --> 00:07:03,730 And we have got many other hosts who still have the one liberty as well. 96 00:07:04,270 --> 00:07:07,110 So then not zero on one or two. 97 00:07:07,120 --> 00:07:08,680 That's the host information. 98 00:07:08,680 --> 00:07:15,090 That's the Linux kernel with running the Windows system and everything that seems to be on Broadway. 99 00:07:15,610 --> 00:07:21,190 And we have got one or two and we do have some more system one. 100 00:07:21,190 --> 00:07:24,280 But 15 is the host name is not yet clear. 101 00:07:24,580 --> 00:07:26,220 It seems to be a Windows machine. 102 00:07:27,520 --> 00:07:29,920 And let's talk about one to three. 103 00:07:30,430 --> 00:07:36,610 And it's majorly our server for sure, because that's our that's where the servers are running. 104 00:07:37,270 --> 00:07:41,040 And this is what the vulnerabilities reports will look like. 105 00:07:41,050 --> 00:07:47,850 So most vulnerable system seems to be then large zeroed out one but 14 and then not zeroed out, wonder, 106 00:07:47,910 --> 00:07:55,330 well, why we don't have one of these on our any of our systems to see if we can find any vulnerabilities 107 00:07:55,330 --> 00:07:59,650 for, you know, for any of us, because that's a brand new server. 108 00:07:59,650 --> 00:08:03,390 There's no servers, active service running on it or any. 109 00:08:04,600 --> 00:08:06,880 Well, yeah, we do have a service running, but. 110 00:08:07,600 --> 00:08:13,870 But there's no additional application, no Third-Party application running, which could probably be 111 00:08:13,870 --> 00:08:17,310 a weakness or could create a vulnerability on the system. 112 00:08:18,100 --> 00:08:24,850 What we have a problem is with the postal system where we where we have maximum vulnerability and you 113 00:08:24,850 --> 00:08:28,070 can see Eighty-three vulnerability out of that maximum. 114 00:08:28,280 --> 00:08:30,820 There are 77 percent of them are critical. 115 00:08:31,480 --> 00:08:40,010 Seven percent of a highly critical high would be high reach, and then 16 percent are a medium than 116 00:08:40,360 --> 00:08:45,210 a four percent low and then 66 percent are of information. 117 00:08:45,970 --> 00:08:48,130 So this is pretty great information. 118 00:08:48,130 --> 00:08:53,740 Even if you look at the first Apache Tomcat, which is for a Web application. 119 00:08:54,670 --> 00:09:00,010 So even if you look at any of this one liberty, you get the information about what those vulnerabilities 120 00:09:00,010 --> 00:09:00,430 are. 121 00:09:00,760 --> 00:09:03,100 And this is more likely for injections. 122 00:09:03,100 --> 00:09:08,500 And this this seems to be a very risky as well if you want to get more information about any one of 123 00:09:08,500 --> 00:09:08,920 them. 124 00:09:09,820 --> 00:09:13,750 So what you can do is you can actually copy the. 125 00:09:16,670 --> 00:09:17,780 CV, no. 126 00:09:17,990 --> 00:09:28,490 And then again, you can reach out to the CBD or see the CBD and then on the CBD, you can piece the 127 00:09:28,510 --> 00:09:32,890 detail and you can get to know about is it really the one? 128 00:09:32,900 --> 00:09:34,110 Is it really the correct one? 129 00:09:34,130 --> 00:09:34,460 Yeah. 130 00:09:34,880 --> 00:09:35,840 So absolutely. 131 00:09:35,840 --> 00:09:36,800 This is the right one. 132 00:09:36,810 --> 00:09:38,590 It is for Apache Tomcat. 133 00:09:39,110 --> 00:09:42,410 And yes, you can see this is for I don't get it. 134 00:09:43,100 --> 00:09:47,450 This is how you can go deep into it and get the output about it as well. 135 00:09:47,480 --> 00:09:53,060 So this is how this scam was launched and the output was available here as well. 136 00:09:53,720 --> 00:09:59,720 What is the solution when when this report is downloaded by the vulnerability or security is infosec 137 00:09:59,720 --> 00:10:03,370 team, it will be given to the one, you know, web developer. 138 00:10:03,590 --> 00:10:04,870 Why, you may ask? 139 00:10:04,880 --> 00:10:07,160 It's a security issue nationwide. 140 00:10:07,420 --> 00:10:09,490 Why would you give it to the developer team? 141 00:10:10,190 --> 00:10:16,580 Because while fixing it, it is all the software related problem, because this is this platform is 142 00:10:16,580 --> 00:10:22,820 owned by the owner of the platform is the developer, because this is the application. 143 00:10:22,820 --> 00:10:23,060 Right. 144 00:10:23,630 --> 00:10:29,450 So if you see the solution, even solution can give you the better idea of doing the AJP configuration 145 00:10:29,450 --> 00:10:37,700 to require authorisation or upgrade the Tomcat server two seven one zero point 100 or dissuasion or 146 00:10:37,700 --> 00:10:38,360 maybe Linko. 147 00:10:38,840 --> 00:10:42,620 So when you want to upgrade the server Tomcat, it's a Web application. 148 00:10:42,620 --> 00:10:50,450 So if you want to upgrade the Apache servers, you need the Web team, the application team to perform 149 00:10:50,450 --> 00:10:51,140 that activity. 150 00:10:51,770 --> 00:10:58,070 This has nothing to do with the security right in order to upgrade any software or downgrade any application, 151 00:10:58,070 --> 00:11:00,680 adding a new application or removing any application. 152 00:11:00,710 --> 00:11:07,150 This is all has to be done by the application owner, the stakeholder of the application. 153 00:11:07,460 --> 00:11:11,920 So this will be given to the right person, right team as well to perform the activity. 154 00:11:12,350 --> 00:11:19,280 The purpose of the scanning is are the responsible person of the scanning is the security team whose 155 00:11:19,280 --> 00:11:26,030 task is to detect the vulnerability and get it fixed by the concern being. 156 00:11:26,330 --> 00:11:28,160 So that's the responsibility of it. 157 00:11:28,570 --> 00:11:36,740 Usually it's not the it's not the way, you know, it is getting the the they just they can just simply 158 00:11:36,740 --> 00:11:43,940 hand it over or give the report to the consultant manager and then it's a job of that concern manager 159 00:11:43,940 --> 00:11:45,940 to get it fixed from the analysis. 160 00:11:46,010 --> 00:11:46,400 All right. 161 00:11:46,850 --> 00:11:49,130 So that's all about the network scanning. 162 00:11:49,130 --> 00:11:53,060 I hope you've got a pretty clear sense about how this scanning really works. 163 00:11:53,480 --> 00:11:57,980 We can take you in the next session where we'll start scanning the application as well. 164 00:11:58,490 --> 00:11:59,000 Thank you.