Vulnerability and Threat Assessment of Home WiFi Network

Purpose
The purpose of this document is to provide the system owner with a Vulnerability
and Threat Assessment (VTA) of their home network. A VTA will be performed on the
network to identify any and all vulnerabilities and/or threats. It should be noted that this
is just a break down of what would be conducted for a VTA, I did not actually run an
assessment on my home network for fear that I may compromise the network.
For this particular VTA I chose to use my home WiFi Network. My home WiFi
Network usually has two laptops, two iPhones, an Apple TV, and a Smart TV connected
to the router. The table below lists the Network Name, Security, and IP Address.

Network Name Security IP Address

Hitt WPA2 Personal 192.168.0.4

Preparation
Before I begin the vulnerability scan the first step I would take would be to identify
the vulnerability/vulnerabilities that I am looking for. Seeing as I am scanning my home
WiFi network I would scan for vulnerabilities that could potentially be granting remote
access to my network. For the purposes of this assignment the scope of my scan would
be that of an external scan performed from the perspective of an attacker on the
Internet (Palmaers, 2013). According to Palmaers (2013), An external scan provides
an overview of security vulnerabilities which are visible from outside a network, taking
into account all security layers on the network between the scanner machine and the
target system. This controls can include/includes network firewalls, intrusion detection
systems, (web) application firewalls as well as any host based security controls which
are present on the target system. The results of an external scan give an indication on
the correct configuration of the network security controls between the scanner and the
target system.
Once I have figured out the scope of my scan, external scan, I would plan the
vulnerabilities scans what would be preformed on my network. Using the list of different
vulnerability analysis tools from Kali Tools I have selected OpenVAS-scanner, within
OpenVAS-scanner there are multiple tools that can be run in conjunction with it they
are: Greenbone Security Assistant, GSD, and OpenVAS-Manager. I have also selected
Oscanner as my other vulnerability assessment (VA) tool to be utilized for the purpose
of this VTA.

Perform Vulnerability Scan

OpenVAS-scanner
For the VTA I would first utilize the VA tool openVAS-scanner. The openVAS-
scanner package is described as a modular security-auditing tool, used for testing
remote systems for vulnerabilities that should be fixed. It is made up of two parts: a
scan server, and a client. The scanner/daemon, openvassd, is in charge of the attacks,
whereas the client, OpenVAS-Client, provides an X11/GTK+ user interface (Offensive
Security, 2014).
Tools that are included in the openVAS-scanner package include: greenbone-nvt-
sync, openVas-adduser, and openvas-mkcert. Greenbone-nvt-sync is utilized for
updating the OpenVAS security checks from Greenbone Security Feed. OpenVas-
adduser is utilized for adding a user in the openvassd userbase. Lastly openvas-mkcert
is utilized for creating a scanner certificate (Offensive Security, 2014). The following
images are pulled from the Kali Tools website, these images depict what each tool in
OpenVAS does when run via Kali.
As privously stated openvas-mkcert is utilized for creating a scanner certificate,
likewise openvas-mkcert-client is utilized to create SSL client certificates for OpenVAS
(Offensive Security, 2014).

Openvas-nvt-sync syncing NVTs using different protocols (Offensive Security,

2014).

The image below is a usage example for openvas-nvt-sync.

Below is the usage example for openvas-adduser.

 There is also an openvas-rmuser tool; this tool is utilized to remove a user from
the openvassd userbase (Offensive Security, 2014).

The following two images are examples for OpenVAS usage. The first image
shows openvas with the command for help being utilized. The second image is
depicting the start of the OpenVAS scanner daemon in the foreground (-f) on the
example IP address and port: 192.168.1.202 (-a 192.168.1.202), port 8888 (-p 8888)
(Offensive Security, 2014).

One of the first programs that can run in conjunction with openVAS-scanner is
the Greenbone Security Assistant Package. Greenbone Security Assistant is described
as a web application that connects to the OpenVAS Manager and OpenVAS
Administrator to provide for a full-featured user interface for vulnerability management. A
tool included in the greenbone-security-assistant package is gsad Greenbone Security
Assistant Daemon (Offensive Security, 2014). The below image depicts the help
options when running the gsad in Kali.
 A gsad usage example is to start the daemon in the foreground (-f) on port 8888
(-p 8888) and redirect HTTP to HTTPS (-R) (Offensive Security, 2014).

The second tool to run in conjunction with openVAS is GSD package. GSD is a
desktop client that connects to the OpenVAS Manager using the OMP protocol
(Offensive Security, 2014). The following images depict the GSD desktop client for
openVAS manager and a usage example.
 The last tool to run in conjunction with openVAS-scanner would be the openVAS-
manager package. The OpenVAS-Manager is a layer between OpenVAS-Scanner and
various client applications such as OpenVAS-Client or Greenbone Security Assistant.
Among other features, it adds server-side storage of scan results and it makes it
unnecessary for scan clients to keep connection until a scan finishes (Offensive
Security, 2014). The following images depict tools that are utilized within openVAS-
manger:
 The last two images depict the usage examples: Start the daemon on localhost (-
a 127.0.0.1), port 9390 (-p 9390) and connect to the scanner daemon on localhost (-l
127.0.0.1), port 9391 (-s 9391) (Offensive Security, 2014).
Oscanner
Oscanner is an Oracle assessment framework developed in Java. It has a plugin-
based architecture and comes with a couple of plugins that currently do: Sid
Enumeration, Passwords tests (common & dictionary), Enumerate Oracle version,
Enumerate account roles, Enumerate account privileges, Enumerate account hashes,
Enumerate audit information, Enumerate password policies, and Enumerate database
links. The results are given in a graphical java tree (Offensive Security, 2014). The
following image depicts the tool utilized within Oscanner and the usage example.

Remediating Actions
Should any vulnerabilities or threats be located on the home WiFi network
remediating actions would be to: elevated the security of the network, strengthen all
passwords utilized for each devices connected to the network, and lastly implement a
plan to scan for vulnerabilities on a semi or yearly basis. Once the remediating actions
have been put in place a rescan of the network would be conducted, if vulnerabilities
still existed the process would be repeated as necessary.

References

Offensive Security. (2014, February 18). Kali Tools. Retrieved June 2016, from
Openvas-scanner: http://tools.kali.org/vulnerability-analysis/openvas-scanner

Offensive Security. (2014, February 18). Kali Tools. Retrieved June 2016, from
 Greenbone Security Assistant: http://tools.kali.org/vulnerability-
analysis/greenbone-security-assistant

Offensive Security. (2014, February 18). Kali Tools. Retrieved June 2016, from GSD:
http://tools.kali.org/vulnerability-analysis/gsd

Offensive Security. (2014, February 18). Kali Tools. Retrieved June 2016, from
Oscanner: http://tools.kali.org/vulnerability-analysis/oscanner

Offensive Security. (2014, February 18). Kali Tools. Retrieved June 2016, from
OpenVAS-manager: http://tools.kali.org/vulnerability-analysis/openvas-manager

Palmaers, T. (2013, March 23). SANS Institute. Retrieved June 2016, from
Implementing a Vulnerability Management Process:
https://www.sans.org/reading-room/whitepapers/threats/implementing-
vulnerability-management-process-34180