| Chapter 2: Network Security Testing Basics




Download 22,59 Mb.
Pdf ko'rish
bet60/225
Sana14.05.2024
Hajmi22,59 Mb.
#232856
1   ...   56   57   58   59   60   61   62   63   ...   225
Bog'liq
learningkalilinux

56 | Chapter 2: Network Security Testing Basics


to derive a session key, which is a symmetric key. This means that the session uses a
less computationally intensive key and algorithm to do the heavy lifting of encrypting
and decrypting the bulk of the communication between the server and the client.
As noted earlier, SSL is no longer used as the cryptographic protocol. Instead, TLS is
the current protocol used. It has been through a few versions itself, again demonstrat‐
ing the challenges of encryption. The current version is 1.2, while 1.3 is in draft stage
at the moment. Each version introduces fixes and updates based on continuing
research in breaking the protocol.
One way to determine whether a server you are testing is using outdated protocols is
to use a tool like 
sslscan
. This program probes the server to identify what encryption
algorithms are in use. This is easy to determine, because as part of the handshake
with the server, it will provide a list of ciphers that are supported for the client to
select from. So, all 
sslscan
needs to do is initiate an encrypted session with the server
to get all the information needed. 
Example 2-9
 shows the results of testing an Apache
server with encryption configured.
Example 2-9. Running sslscan against local system
root@rosebud:~# sslscan 192.168.86.35
Version: 1.11.10-static
OpenSSL 1.0.2-chacha 
(
1.0.2g-dev
)
Testing SSL server 192.168.86.35 on port 
443
using SNI name 192.168.86.35
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression disabled
Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed
Supported Server Cipher
(
s
)
:
Preferred TLSv1.2
256
bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2
128
bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2
256
bits DHE-RSA-AES256-GCM-SHA384 DHE 
2048
bits
Accepted TLSv1.2
128
bits DHE-RSA-AES128-GCM-SHA256 DHE 
2048
bits
Accepted TLSv1.2
256
bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2
256
bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2
256
bits DHE-RSA-AES256-SHA256 DHE 
2048
bits
Accepted TLSv1.2
256
bits DHE-RSA-AES256-SHA DHE 
2048
bits

Download 22,59 Mb.
1   ...   56   57   58   59   60   61   62   63   ...   225




Download 22,59 Mb.
Pdf ko'rish

Bosh sahifa
Aloqalar

    Bosh sahifa



| Chapter 2: Network Security Testing Basics

Download 22,59 Mb.
Pdf ko'rish