up

2020-02-19

• Lab1 is graded for groups 1 through 6
  • biggest pain point: identifying a measurable metric
• teams 2 and 4 presenting their labs on Friday
• lab3 posted
• Homework due this evening
  • doing half in class today?

Asset Discovery

You need to know what you have in order to protect it.

Stackpole loves numbers. “Do the math” - stackpole

Undocumented machines may have a good reason for being there.

Sometimes undocumented machines have a good reason for being undocumented.

But most of the time it’s a bad reason.

• Hiding XP boxes
• They don’t know it’s there

Scanning tools will identify physical things that respond, but they don’t know about policy. They don’t know who owns that hardware.

When performing an audit, you need information. Discussions with a point-of-contact. Local knowledge.

If using tools, understand how they work. Tools:

• Nessus
• SentinalOne
• OSQuery

Assets can be many things:

• people
• IP addresses
• Services / ports
• policies

Consider layer 2 assets:

• All the ethernet ports in a building
  • location
  • connection status
  • map assets
  • creation / update timestamps

Layer 3:

• IP to MAC mappings?
• Shared IPs?
• ipv4 and ipv6 enablings / mappings

Layer n:

• What should be there?
• How can you test it?

There’s a tool, Bro / Zeek, that categorizes protocols.

If during, say, a PCI audit, you want to verify that all traffic is encrypted - Zeek can catch all the running shenanigans.

Homework

write a bash ping-sweeper using /dev/tcp and/or /dev/udp. If two separate scripts, post them separately.

Assignment detailed in slide-deck 5. Two scripts. Virtual Env required.