Raoul Chiesa. Founder & Mediaservice.net Divisione Sicurezza Dati/DSD-LAB

Size: px
Start display at page:

Download "Raoul Chiesa. Founder & CTO, @ Mediaservice.net Divisione Sicurezza Dati/DSD-LAB"

Transcription

1 Sicurezza informatica via cavo, wireless e satellite:segreti e soluzioni, II sessione Raoul Chiesa Founder & Mediaservice.net Divisione Sicurezza Dati/DSD-LAB [ PROACTIVE SECURITY AND FIELD EXPERIENCES ] Steering Committee, CLUSIT Italian Association for the Computer Security Board of Director s Member, Director of Communications, ISECOM Institute for Security and Open Methodologies, USA Authorized International Trainer, ISECOM OPST & OPSA Official Certification Programs Southern Europe Reference Member, T.S.T.F. Telecom Security Task Force, USA, EU, ASIA

2 COPYRIGHT Questo insieme di slide è protetto dalle leggi sul copyright e dalle disposizioni dei trattati internazionali. Il titolo ed i copyright relative alle slide (ivi inclusi, ma non limitatamente a, ogni immagine, fotografia, animazione, video e testo) sono di proprietà degli autori indicati. Le slide possono essere riprodotte ed utilizzate liberamente dagli istituti di ricerca, scolastici ed universitari afferenti al Ministero della Pubblica Istruzione per scopi istituzionali, non a fine di lucro. Ogni altro utilizzo o riproduzione (ivi incluse, ma non limitatamente a, le riproduzioni a mezzo stampa, su supporti magnetici o su reti informatiche locali e pubbliche) in toto o in parte è vietata, se non esplicitamente autorizzata per iscritto, a priori, da parte del/degli autore/i. L informazione contenuta in queste slide è ritenuta essere accurata alla data della pubblicazione. Essa è fornita per scopi meramente didattici e non per essere utilizzata in progetti di impianti, prodotti, ecc. L informazione contenuta in queste slide è soggetta a cambiamenti senza preavviso. L autore non si assume alcuna responsabilità per il contenuto di queste trasparenze (ivi incluse, ma non limitatamente a, la correttezza, completezza, applicabilità ed aggiornamento dell informazione). In ogni caso non può essere dichiarata conformità all informazione contenuta in queste slide. In ogni caso questa nota di copyright non deve mai essere rimossa e deve essere riportata anche in utilizzi parziali. (C) Raoul Chiesa (C) Mediaservice.net Srl

3 AGENDA AN INTRODUCTION TO PROACTIVE SECURITY The company The speaker What we do Our clients Proactive Security Schools & methodologies ISECOM s Security Proactive Square IT SECURITY AND SAT COMMS: THE LINKS Applying Proactive to the world of satellite s communications: a real overview Typical security issues THE SATELLITE AND THE BUSINESS WORLD: A CASE STUDY ON END-USER APPLICATIONS Finance environments Editorial group environments Telecommunications environments ASSET & PROBLEMS: HISTORICAL ISSUES AND FIELD EXPERIENCES Smart Card, Decoder, Router, NoC, Dealers Penetration Testing Case Studies ZOOM: SAT ROUTER S FIELD EXPERIENCES (BLACK BOX SECURITY TESTING) Router X Router Y (A THEORICAL) CASE STUDY: SAT-OPERATOR SECURITY Points of attack Vulnerabilities: Devices, Applications, Network Lessons that have been learnt SECURITY SAT-COMMS R&D: SOME RESULTS ON ROUTER S SECURITY Q&A

4 THE COMPANY We r not a dot-com sec-company [Est. 1997] Privately owned by security professionals, no VCs Vendor-independent: no resell, no (re)distribute! D.S.D. ( Data Security Division ) since 1998 Wide Background, Direct Experience InternalTiger Team ( 99) On-the-Edge consulting expertise Unconventional technologies builder Vendors & Carriers External Audit Team Strong R&D ( national/intl: scouting, black-box testing, distributed research, contributes to the world s security community ) Top & Large Companies s final choice ( Corporate, Telco, IT, Industry, Chemical, Editorial, Finance, Healthcare and P.A. Environments ) Third-partyselected partnerships

5 THE SPEAKER Hacking skills started back in 1986 From 1989 to 1995 high level hacking and phreaking experiences Ice Trap operation, : SCO/FBI, Interpol, Criminalpol Co-Founder Mediaservice.net in 1997 (a l0pht focus) Papers & articles for standard and specialized press Interviews with mass-media (independent point of view) CLUSIT, ISECOM, TSTF Member of the Board

6 CLIENT PORTFOLIO (EXTRACT) Arma dei Carabinieri (ROS, Central Command in Rome), Hospital S. Giovanni Battista, Torino (Ospedale delle Molinette), Banca Mediocredito Friuli Venezia Giulia, Bo*frost SpA, Bulgari SpA, CNR di Milano (Security Task Force) Telecom Italia SpA (Italy and abroad group companies), Editorial Group L Espresso (La Repubblica, Kataweb, Radio DJ, etc..), ITC/ILO - International Training Center of the ILO (ONU), Mirato SpA (Malizia, Clinians and Intesa brands pharmaceutical/chemical sector), NoiCom SpA, Pirelli SpA Corporate Security Department, TIM SpA, Vodafone Omnitel SpA, University of Udine, University of Milano (DSI), UNICRI United Nations Interregional Crime and Justice Research Institute (ONU), Zyxel Telecommunications Inc. (TAIWAN), Watchguard Technologies Inc. (USA).

7 WHO WE ARE An independent team of security professionals +10 years expertise in high-level penetration testing & security consulting Specialized in telco and corporate environments Independent researchers, independent auditors We enjoy impossible missions and hard-to-solve security issues T.S.T.F. International Consulting Team Members (+40 telecommunication operators audited in 4 USA, Australia, Asia, Europe) We r not the ones that talk, we re the ones that AUDIT, TEST, REPORT.

8 WHAT WE DO Proactive Security (I m going to explain you this) Real-Time Security - Secured Production Systems (Web, Mail, FTP and SMS systems) - Defense Systems (Firewall, xids and Monitoring systems - Security Managed Services -S.O.C. Post-Attack Security -Log Analysis - Computer Forensics - Criminal Profiling Specialized Security Training - Certified Security Classes (OPST, OPSA) - Ethical Hacking for Corporates - L.E.A. Security (authorities only) IT & TLC Security Consulting

9 MEDIA RELATIONSHIPS (EXTRACT) Magazines/Newspapers: Apogeo Editore, Fondazione Ugo Bordoni-Telèma, Hackers & C, ICT Security Magazine, Il Sole 24 Ore Internet News, Internos, La Repubblica, La Stampa, Linux & C, MAX, Mondadori My Tech, Panorama/Panorama Web, PC Magazine Italia, Zeusnews. Books: Feltrinelli, Pearson Italia, Sperling & Kupfler, Apogeo Editore: scientific supervisors and writers for italian editions of specialized books and manuals. Matrix Reloaded, The art of Deception, Security in Computing and Hacking: The Art of Exploitation.

10 Proactive Security I [ a basic intro ]

11 PROACTIVE SECURITY: WHAT S S THIS?!? Proactive Security = Act BEFORE [and gain a better night-sleeping]

12 WHY IS IT SO IMPORTANT? Maybe for the consequences? Economic damages Company s image damages Confidential informations and reserved projects theft Law responsabilities (both civil and penal) Resources abuse Violation of international practices and standards Revocation/suspension of certifications (ISO/BSI) you really have many reasons to care of.

13 PROACTIVE SECURITY: from schools Yesterday..we used to have different schools : - Automated testings (Vulnerability Scanning/Assessment) our scanner use A.I. on neural networks, and everything is in HA - Manual testings (Ethical Hacking, Pentesting, Unconventional Security Testing) we ve got the most advanced & up-to-date hacking techniques we have the best hackers in the world (or whatever)...uh, yeah, you know, we use lettonian people! - Security through Obscurity Security Testing...dear customer, you shouldn t care about HOW we do it, that s our job and we know how to do it, but we can t explain you the whys and the hows!

14 PROACTIVE SECURITY: to methodologies - Vulnerability Scanning/Assessment - Security Scanning - Penetration Testing - Risk Assessment - Security Auditing - Ethical Hacking - Posture Assessment & Security Testing DECISIONAL FACTORS: Execution Costs Execution Timings DISTINCTION FACTORS: Applied methodology Repetibility of the tests and comparision s chance Numeric classification of the risk values Compliance with standards and legislations (ISO/BSI, Privacy laws, company policies, )

15 The PROs and the CONs Automatized (Vulnerability Scanning, Security Testing) Hand-made (Penetration Test, Ethical Hacking) The first methodology is based on the quality of the securitytesting tool (a product); it s not that easy to reproduce the tecnical skill and motivations of an attacker Would an hacker ever buy a software to attack your company? We suggest the use of automated tools in order to plan cyclic Internal Vulnerability Assessments, but it cannot be a serious way to take a real screenshot of the existing situation and the effective technical risk level. The second technique produces the best results, but the testings must be executed by a Tiger Team with huge and proved expertise and skills.

16 TODAY: THE PROACTIVE SECURITY SQUARE

17 Proactive Security II [ Know Your ENEMY ]

18 KNOW YOUR ENEMY: HACKER S S PROFILING PSYCHOLOGICAL PROFILE DANGEROUSNESS LEVEL Wannabe Lamer NULL (I d liketobeanhacker, buti can t ) Script Kiddie LOW (The script boy) Cracker HIGH (Burned ground, the Distructor) Ethical Hacker MEDIUM (The ethical hacker s world) Quiet, paranoid, skilled hacker MEDIUM (The very specialized and paranoid attacker) Cyber-Warrior HIGH (The soldier, hacking for money) Industrial Spy HIGH (Industrial espionage) Government agent HIGH (Governative agent: CIA, Mossad, FBI, etc. Cuckoo s Egg docet)

19 KNOW YOUR ENEMY: TARGETS PSYCHOLOGICAL PROFILE TARGET Wannabe Lamer End-user (I d liketobeanhacker, buti can t ) Script Kiddie SME/specific security flaws (The script boy) Cracker Big Companies/PA/Finance/Telco (Burned ground, the Distructor) Ethical Hacker Vendor/System Integrator/Telco (The ethical hacker s world) Quiet, paranoid, skilled hacker Big Companies/PA/Finance/Telco/R&D (The very specialized and paranoid attacker) Cyber-Warrior Multinationals symbol (The soldier, hacking for money) Industrial Spy Multinationals, ICT companies (Industrial espionage) Government agent Multinationals/Governments (Governative agent: CIA, Mossad, FBI, etc. Cuckoo s Egg docet)

20 Attack tools grown up, intruder s skills went down!

21 BACK! THE PROACTIVE SECURITY SQUARE

22 SECURITY TESTING: HOW IT WORKS Ok, what s in these verification actions? Using different actions of Vulnerability Scanning, Penetration Test or attacks via Ethical Hacking, we actuate proactive verification systems, useful to point out weaknesses in the target systems, environments or goal network EXTERNAL Deep Inside INTERNAL

23 FROM THE EXTERNAL FROM THE INTERNAL Public Networks Leased TCP/IP lines (CDN/CDA/ADSL/HDSL/F.R.) Packet Switching lines (CDN or Frame Relay) Telephone lines (PSTN/ISDN) Satellite lines (mono/bidirectional) Mobile (GSM, GPRS, 3G) Private Networks with public gateways INSIDER ABUSE PROFILE INTERNAL L.A.N. (via RAS or on-site) LAN-to-LAN PtP LAN-to-LAN Public LAN-to-LAN VPN INTERNET linked Point-to-Point X.25/X.121 DECnet SNA Dialin/Toll free access numbers RAS Suppliers gateways: SAP, trusted suppliers, trusted gateways, etc..

24 WHY HIRING AN EXTERNAL TIGER TEAM? You obtain an objective and impartial test of your data infrastructure External T.T.s often use unconventional verification techniques, beyond the classic verification methodologies Already knowing your information technology systems = interests conflict + useful informations for the attacks (e.g. 10 or private IPs classes? ) Company s preconceptions could influence a security testing home-made (blind view issues) Third party confirmations supply guarantees to insurance and financial partners, as well as to the customers.

25 CONSULTANT SELECTION: COMPANY OR FREELANCE? Single freelance: OK! He costs less: money (apparently) savings. NOT OK...he does not have availability on particular apparals, skill and infrastructures, in order to execute large-scale jobs or attacks on specific medias (e.g. RAS, PBX, X.25, OS different from Microsoft, Linux, Sun). compromise #1: problems on availability, immediate reponse, target dimensions; compromise #2 : lower-profile testings, low-vision on the targets; compromise #3 : 3 heads work better that 1, we all know this: but if this could lead to missing vulnerabilities discover, this will mean a false sense of security on the client s side.

26 OPERATING SYSTEMS TESTED IN +10 YEARS - AOS/VS - BBS Systems - Bull PAD - CICS/VTAM - Cisco IOS - CDC NOS Control Data Corporation - DEC VAX/VMS and AXP/OpenVMS - DEC Ultrix - DEC Terminal Decserver - DG/UX Aviion General -DOS - DRS/NX -GS/1 - HP HP/UX IBM Aix - IBM OS/400 (AS/400) -IRIX SGI - IRIS Operating System (PDP and others) - Linux - Motorola XMUX (Gandalf) - Northern Telecom PBXs - PACX/Starmaster (Starmaster Gandalf) -Pick Systems - PRIMOS Prime Computer -RSTS -SCO - Shiva LAN Router - Sun Solaris - TOPS 10/20 - Unknown systems -VCX Pad - VM/CMS - VM/370 -XENIX - WANG Systems

27 MAIN CHECKINGS AND TESTS Policies (External/Internal) Passwords Operating System (OS) Bugs Applications Bugs.

28 OUR METHODOLOGY APPROACH

29 ATTACK PHASES Information Gathering The goal of this phase is obtaining all the available informations about the target, using public sources and tools. Services scanning In this second phase, the goal is obtaining all the available informations regarding the active services of the target machine(s), as well as their versions and releases. Security flaws identification & PoC/Attack Phase The goal here is to penetrate into the target system(s) and obtaining whenever it s possible full operating privileges on the machine; demonstrate the theorized vulnerabilities; Proof of Concept using specific or on-the-fly coded exploits. Target Session The fourth phase on the security verification process looks for informations and trends on the target system itself; we also look for previous (unknown) break-ins or intrusions and we try to define and understand the management and administration level of the target box. Security Report The final Security Report contains: Executive Summary, Technical Summary, Attack Sessions, Evidences, as well as Tested Environment specifications, assigned Technical Risk Level, Suggestions and final Conclusions.

30 BACK AGAIN THE PROACTIVE SECURITY SQUARE

31 VULNERABILITY ASSESSMENT (SCANNING) THE PROACTIVE SECURITY SQUARE (1/7) YOU ARE H E R E Level 1 in the Security Testing Quality standards Automatized testings English language reports fits for everybody High number of false positive/negative (fake alerts, fake security sensation It just cares about the IP world

32 SECURITY SCANNING THE PROACTIVE SECURITY SQUARE (2/7) YOU ARE H E R E Level 2 in the Security Testing Quality standards Automatized scannings, hand-made verifications Final report in italian and english language Manual tuning of the False Positives and Negatives We keep on to take care only of the IP areas

33 PENETRATION TESTING THE PROACTIVE SECURITY SQUARE (3/7) YOU ARE H E R E Level 3 in the Security Testing Quality standards Verification actions manually executed, following proprietary methodologies (pentester s personal background or attack team specific know-hows) Final report is directly written by the executing Tiger Team and it s sent in italian (or others) language to the final customer You can bundle special testing services (optionally), sich as Social Engineering,Trashing, Physical Intrusion, Web Applications Security Testing, black-box penetration test, etc... It does not stop at the IP world (RAS,X.25,DECnet,Wi- Fi,Web, etc...) The execution time grows up on each single tested asset

34 RISK ASSESSMENT THE PROACTIVE SECURITY SQUARE (4/7) YOU ARE H E R E Level 4 in the Security Testing Quality standards Evaluation and correlation actions, toward the datas mined from testing operations and the company s risk values Results can be generated from the 3 previous technical analysis methodologies It needs a long exetion time If the technical testings results are somehow false, the whole risk analysis will pay the consequences (and the economic investments as well!)

35 SECURITY AUDIT THE PROACTIVE SECURITY SQUARE (5/7) YOU ARE H E R E Level 5 in the Security Testing Quality standards Auditing actions tipically from the internal environment of the whole IT information infrastructure: the analysis looks at the projectual, procedural and implementation points of view and security issues, exposures and flaws. It is manually executed, with a strong customizing final report, based on the effective client s needings, taking also under consideration specific assets or company s businesses. It can be the final result of proactive security methodologies, married with standard risk analysis methodologies (CRAMM, etc..)

36 ETHICAL HACKING THE PROACTIVE SECURITY SQUARE (6/7) YOU ARE H E R E Level 6 in the Security Testing Quality standards 360 degree verification attacks, aimed towards specific assets, services or infrastructures It requires FULL OPERATING AUTHORIZATION + Free to Jail (special options at point # 3) It is executed using unified actions of: 1. Penetration Testing (IP, xsdn, X.25/X.121, SAT, Wi- Fi,Web Applications, ) 2. Phreaking 3. Social Engineering, Physical Intrusion, Trashing 4. Reverse Engineering 5. Black Box Penetration Testing

37 CERTIFIED POSTURE SECURITY ASSESSMENT THE PROACTIVE SECURITY SQUARE (7/7) YOU ARE H E R E Top Level (7 ) in the Security Testing Quality standard Repeated verification and matching actions (follow-up), executed in a time-frame defined and agreed with the client The analysis are based on initial knowledge factors (expressed in the vulnerabilities analysis, generated from the previous testing actions) and they are executed in full respect of the OSSTMM methodology (repeat and compare is possible, saving time & money!) and of its RAVs Risk Assessment Values The final report is manually generated from the Tiger Team, it s in client s language and it is compliance to international guidelines and stadards, such as ISO/BSI, GAO, FISCAM The Security Report is OSSTMM Certified

38 Proactive Security & SAT Security [ the dangerous relationships ]

39 THE PROBLEM The main Telecommunications vendors (Nokia, Ericsson, Alcatel, etc.) are selling insecure software and systems to telcos. Telecommunications operators have a very poor understanding of security issues. Based on 5 years penetration testing experiences, TLC operators are the most vulnerable of all industry groups. Sophisticated hackers have an increased interest in telco security, communications and VAS hacking. In the SAT environment the facts are even worst: no-one ever cared about Proactive Security. Contents resell (movies, shows, sit-coms, etc) is moving to H.323 and other IP-based protocol.

40 THE VENDORS Some vendors have decided to take an active stance in security (e.g. Nokia on security advisories), however such initiatives are isolated and do not address most TLC security problems. Most vendors sell antiquated software full of bugs, running old and unpatched version of operating systems and daemons. Operators cannot fix the identified security weaknesses because it would void their warranty. Lately in these years, vendors discovered Linux as a good operating system for embedded applications: the security aspects are usually forgotten. The result of this head in the sand approach is an increase in the threat: critical infrastructures are at risk.

41 THE TLC OPERATORS Operators rely on vendors for secure solutions. Operators are primarily focused on network operations, software upgrades, network performance and other time-consuming routine tasks. Operators lack in-house expertise on TLC and hacking security. Operators are usually divided between the IT and Engineering, departments, creating two separate security domains. Most operators networks are open to hackers.

42 THE PARADIGMA Two different worlds, IT ed Engineering Very different priorities

43 SOME NUMBERS Based on a 5-years study encompassing 21 network operators: 100% could be hacked from the Internet 90% could be hacked through PSTN, X.25 or ISDN. 72% had a security incident in the last 2 years 23% had appropriate perimeter security control 0% had all their mission-critical hosts secured 0% had comprehensive database security in place 0% had integrity measures protecting billing data

44 THE ENEMY SAT fraud is still an attractive target: Cloning smart-cards. Bypassing toll, getting services without fees, setting up premium subscriptions, etc. (web hacking, operator s hacking). Privacy invasions: interception of call-related data (e.g. contents, signalling data, billing data) via device s or Internet s hacking. Unauthorized Access: illegal access to the broadcasting center and IT back-office. Recently one underground group announced it was reverse engineering Nokia software. Groups of sophisticated hackers are working on abusing many Sat-decoders running on embedded Linuxes. A US-based research group is working on a secure decoder.

45 THE COMPETITION Traditional security shops: no knowledge of TLC specific issues, poor understanding of security procedures. Traditional TLC consultancies: very poor knowledge of security issues. Big 5 audit firms: focused on policies, no real expertise (they outsource their jobs to people like us). In-house resources: Very dangerous. Internal fraud overlooked. Interdepartmental ego problems. Good security and bad security looks the same.

46 DOING NOTHING with your sat and tlc infrastructures today is like doing nothing with your Internet hosts in the 90 s. It is an invitation for upcoming disasters.

47 TYPICAL SECURITY ISSUES INTERNET LINK: Firewalls not updated/managed Lack of security policies Errors in the secure network design (DMZ, direct access to internal hosts, bridge systems not in a secured area) PSTN/ISDN LINKS: Not-presidiated access gateways (RAS, ISDN_Backup on routers, ) Missing hardening on RAS devices Default passwords Same phone numbers both for end-users (Pay-TV via xstn) and IT management SAT-LINK: Unsecure SAT device (SAT IP routers) Missing hardening on SAT devices Internal exploitation, interception of passing datas

48 END-USER APPLICATIONS & ASSETS FINANCE ENVIRONMENT: stock-exchange datas download PRESS ENVIRONMENT: news from the agencies TLC ENVIRONMENT: Internet connectivity ASSETS: Smart Card/JAVA Card Sat Decoder (STB) Sat Router Centre of Broadcasting Dealers clonable, breakable, reversable easy to crash, RS-232 consolle we ll discuss about this later hackable the weakest part of the chain

49 A THEORICAL CASE STUDY: CoB ATTACK LAN 1 SIT LAN 2 SIT

50 A THEORICAL CASE STUDY: CONTACT POINTS When talking about IT Security, we must NOT forget that attackers don t use just the Internet Process Security Information Security Physical Security Communications Security Internet Security Wireless Security

51 A THEORICAL CASE STUDY: Internet Presence ADMIN INTRANET ISP NEWS DMZ NSI Blue is considered under control. SATELLITE OFFICE Red is in 3rd party control. MOBILE OFFICE Yellow is 3rd party where some control can be maintained.

52 A THEORICAL CASE STUDY: Attack Points ADMIN ISP INTRANET NEWS DMZ INTERNIC Note the traditional defense points. SATELLITE OFFICE Note what a hacker can attack to cause damage. MOBILE OFFICE

53 LET S S PLAY IT AS A MOBILE TELCO GSM Architecture

54 GSM Operations Not WCS To WAP, SMSC, IN etc. ID & Address Validation CREDIT CHECK BLACKLIST? Multi Media WWW Electronic Queue Manager Service Centre Queue measurement tool Customer details Normalised address Customer Result of check Customer Result of check Multiple Fulfilment Vendors. Information access, supply for Internet information (APIs) and Interactive TV Portal. Information access device for Internet information (APIs) CRM Tool Credit Scoring manages integration of billing system and external validation agencies. SAP POS Activation Security. Certification and encryption External Billing for content supply Customer and subscription data, and real time billing Customer details, Credit score result Document Imaging BANK DD payments DD Returns BANK I/F DD payments DD Returns Card payments & authorisation CARD AUTHORISATION Card payments & authorisation CARD PAYMENTS (EFT) Card payments Billing System & Golden Database Customer and service administration, personalisation, content management, tariffing, SIM and number management, provisioning requests, call data collection, rating and billing (roaming, retail and interconnect), and payment collection Bad Debt Database Customer and subscription changes Subscriber data Rated CDRs Pre-pay CDRs Unrated CDRs FRAUD Ernie PRINTING SIM Manufacturer SIM + MSISDN numbers including blacklisting IMEI Dealer information Reporting Service requests and responses Normalised call data SIM orders, dispatched SIMS, Dealer codes, activation information, money back deactivations, general ledger updates Screen Navigation Small Purchases Retail Outlets E-Wallet Roaming call data Mediation System Collection and normalisation of call data, and transfer of service requests to GSM network TAP CLEARING HOUSE Dispatch SIM SIM orders, dealers codes GL updates & Roaming service requests, and responses Call data IN Platform SOG Service activation gateway BGW Billing gateway BANK I/F SAP Sales support, logistics and finance processing, Human Resource, and Materials Management Financial/Inventory Material master WCS Shops Customer and subscription data Logistics Company ISCP Commissions Sales and Dealer -Outbound -Goods mvt inbound -Picking conf. inbound -Change serial# kits -Physical inv. inbound Shops & Dealers IVR ISCP Site rental Assets SGSN GGSN WAP VMS SMC AuC HLR MSC Data Warehouse Customer call Call (CLI) Per call ACD Distribute customer calls in call centre Caller ID, Service Level, Preferred Language CRM Tool Manage customer tasks to completion Query type Recommendation Isaac Case Based Reasoning Tool Diagnose problems and recommend solutions GIS (Geographical Information System) Site, Dealer & Shops info Sites, faults & Links IMS Sites administration, BTS build provision and transmission, operations and network faults logging IVR Caller ID and Preference Screen navigation Signal strength and coverage IVR Identify customer, preference and satisfy simple queries Predictive Dialler O/S Operator services Directory inquiries Scholar Knowledge System On-line call centre reference Radio planning tool

55 LET S S PLAY IT AS A MOBILE TELCO

56 ZOOM: SAT ROUTER S B.B. SECURITY TESTING B.B.= BLACK BOX MODE when testing the security of a device What we tested: Broadlogic Satellite Express XLT * (DVB to Multicast Router) SatLynx BBI Astra ViaSat LinkStar (ComSat Laboratories) * Now become SkyStream EMR 5000 Edge Media Router

57 ZOOM: SAT ROUTER S B.B. SECURITY TESTING What we found: 1) LACK of security in default accounts Web Management Interface: Username: webadmin Password: webadmin Telnet Management Interface: Username: admin Password: admin Username: installer Password: installer System Users (hash MD5): root:$1$t.tujsep$zzhajmrk7z.oqerarfwkn1 bsupport:$1$taviasbi$0rvfqes85knelm/eowd2r.

58 ZOOM: SAT ROUTER S B.B. SECURITY TESTING What we found: 2) Unsecure and bad-written web applications (CGIs, etc..) Very common (and known) secure programming issues have been found on all the tested devices.

59 ZOOM: SAT ROUTER S B.B. SECURITY TESTING

60 ZOOM: SAT ROUTER S B.B. SECURITY TESTING

61 ZOOM: SAT ROUTER S B.B. SECURITY TESTING What we found: 3) Proofed chances to abuse the device, launching attacks to other hosts (extracts from original report follow ) L apparato da noi testato presenta una problematica sullo stack TCP/IP; il campo IP ID dei pacchetti è incrementale, pertanto un ipotetico attaccante può utilizzare il sistema come ponte per lanciare port scan (zombie scan). Tale operazione è effettuabile anche senza avere accesso diretto al sistema. Un esempio pratico è illustrato di seguito: in questo caso se nella rete fosse stato presente un IDS o un sistema di rilevazione dei portscan, l indirizzo di provenienza non sarebbe quello dell attaccante, ma quello del router XXXXX (con le ovvie conseguenze legali, anche per l attuale legislazione italiana). Ulteriori informazioni su questa vulnerabilità possono essere reperite all indirizzo:

62 ZOOM: SAT ROUTER S B.B. SECURITY TESTING Procediamo ora ad una dimostrazione pratica di quanto affermato, lanciando un port-scan sull IP , indicando come IP sorgente il (router XXXXXX sotto ZombieScan ). nmap -si p 1,12,22,80,443, Starting nmap 3.30 ( ) at :18 CEST Idlescan using zombie ( :80); Class: Incremental Interesting ports on : (The 3 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 80/tcp open http 443/tcp open https Nmap run completed -- 1 IP address (1 host up) scanned in seconds

63 ZOOM: SAT ROUTER S B.B. SECURITY TESTING What we found: 4) Default SNMP Community (public, private) Some of the tested devices had SNMP capabilities. In all the cases, the community used by SNMP used to be default ones. (extract from the final reports) In general on all the tested SIT it is possible to gain access on a number of system information, but on a particular SIT it was possible to use the default SNMP community (which cannot be modified) to gain access to detailed system information, such as the satellite coordinates.

64 ZOOM: SAT ROUTER S B.B. SECURITY TESTING What we found: 5) TELNET access with NULL password (!) In another black-box testing, we found a device with TELNET opened and without a managing password.this is really sad

65 ZOOM: SAT ROUTER S B.B. SECURITY TESTING telnet Trying Connected to Escape character is '^]'. Password: Logged in as root help? help version alias unalias delay script doscript setprompt repeat systat mcbstat mcbprt memstat syscnt pbconf sysconf niprt util plog ptime echo msgtrace nochkdest chkdest putuseconput conolog time date sendtime uptime bc bread read lread bwrite write lwrite bcopy bcmp memtest hwreset reboot setprad restart kill setqsize poll initp resetp devstart devstop attach unattach prtstat show clrstat config prtconfig enable disable setloop clrloop settrace prtcache reseticache passwd rloginauth whoami login logout rlogout exit nvram_fstat nvram_parms nvram_init nvram_open nvram_read nvram_create nvram_write nvram_close nvram_copy nvram_lseek mdbselect mdbfiletype mdbread mdbwrite mdbdatavalid dblist dbprint dbprintdef dbsetvalue dbsetfield dbadd dbdelete dbdeleteall ksetprint ethnrtsho ethprtsho ethnrtadd ethprtadd ethsetprom ethclrprom ethtest ethenabcast ethdisbcast ethsetloop ethclrloop setipaddr proxytcpstatus arpadd arpdelete arpproxyadd arpproxydel arpproxylist ping riproutes disproutecb addsroute showtree showextnodes stressroute rtprt nhtprt hrtprt rtlook hrtlook mrtprt addmroute delmroute savebootparms switchbb bbrcvrinfo setdbready kdbpr

IP Telephony Architecture and Protocols

IP Telephony Architecture and Protocols Nota di Copyright IP Telephony Architecture and Protocols Mario Baldi Synchrodyne Networks, Inc. baldi@synchrodyne.com Iptel_e - 1 Copyright: si veda nota a pag. 2! Questo insieme di trasparenze (detto

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Penetration Testing in Romania

Penetration Testing in Romania Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

NETWORK PENETRATION TESTING

NETWORK PENETRATION TESTING Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes

More information

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:

More information

SCADA / Smart Grid Security Who is really in control of our Control Systems?

SCADA / Smart Grid Security Who is really in control of our Control Systems? SCADA / Smart Grid Security Who is really in control of our Control Systems? Simone Riccetti Certified SCADA Security Architect Agenda Overview of Security landscape SCADA security problem How to protect

More information

The Risks that Pen Tests don t Find. OWASP 13 April 2012. The OWASP Foundation http://www.owasp.org

The Risks that Pen Tests don t Find. OWASP 13 April 2012. The OWASP Foundation http://www.owasp.org The Risks that Pen Tests don t Find 13 April 2012 Gary Gaskell Infosec Services gaskell@infosecservices.com 0438 603 307 Copyright The Foundation Permission is granted to copy, distribute and/or modify

More information

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014 Security Testing Vulnerability Assessment vs Penetration Testing Gabriel Mihai Tanase, Director KPMG Romania 29 October 2014 Agenda What is? Vulnerability Assessment Penetration Testing Acting as Conclusion

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

DMZ Gateways: Secret Weapons for Data Security

DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security EXECUTIVE

More information

Why Voice Still Matters

Why Voice Still Matters W h i t e P a p e r Why Voice Still Matters Service providers can become critical partners for companies looking to ensure availability of their voice network Communication is the cornerstone of commerce.

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Rapid Vulnerability Assessment Report

Rapid Vulnerability Assessment Report White Paper Rapid Vulnerability Assessment Report Table of Contents Executive Summary... Page 1 Characteristics of the Associated Business Corporation Network... Page 2 Recommendations for Improving Security...

More information

Information Security Policy

Information Security Policy Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp ECSA/LPT is a security class like no other! Providing real world hands on experience, it is the only in-depth

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Cyber Security solutions

Cyber Security solutions Cyber Security solutions The scenario IT security has become a highly critical issue for all businesses as a result of the growing pervasiveness and diffusion of ICT technology. Risks can arise both inside

More information

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== Table of Contents Introduction to VoIP Security... 2 Meet Our Expert - Momentum Telecom... 2 BroadWorks... 2 VoIP Vulnerabilities... 3 Call

More information

Concierge SIEM Reporting Overview

Concierge SIEM Reporting Overview Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts

More information

Solutions and IT services for Oil-Gas & Energy markets

Solutions and IT services for Oil-Gas & Energy markets Solutions and IT services for The context Companies operating in the Oil-Gas & Energy sectors are facing radical changes that have a significant impact on their business processes. In this context, compliance

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Network Security and Firewall 1

Network Security and Firewall 1 Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week

More information

information security and its Describe what drives the need for information security.

information security and its Describe what drives the need for information security. Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

THE ROLE OF IDS & ADS IN NETWORK SECURITY

THE ROLE OF IDS & ADS IN NETWORK SECURITY THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

Worldwide attacks on SS7 network

Worldwide attacks on SS7 network Worldwide attacks on SS7 network P1 Security Hackito Ergo Sum 26 th April 2014 Pierre-Olivier Vauboin (po@p1sec.com) Alexandre De Oliveira (alex@p1sec.com) Agenda Overall telecom architecture Architecture

More information

Wired Network Security: Hospital Best Practices. Jody Barnes. East Carolina University

Wired Network Security: Hospital Best Practices. Jody Barnes. East Carolina University Wired Network Security 1 Running Head: Wired Network Security: Hospital Best Practices Wired Network Security: Hospital Best Practices Jody Barnes East Carolina University Wired Network Security 2 Abstract

More information

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

VoIP Survivor s s Guide

VoIP Survivor s s Guide VoIP Survivor s s Guide Can you really save $, improve operations, AND achieve greater security and availability? Presented by Peggy Gritt, Founder and CEO of the VoIP A non-biased organization for the

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction

More information

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade

More information

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

What IT Auditors Need to Know About Secure Shell. SSH Communications Security What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic

More information

Course Title: Penetration Testing: Security Analysis

Course Title: Penetration Testing: Security Analysis Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced

More information

Security in Global IP Networks

Security in Global IP Networks Security Technology for the Internet Security in Global IP Networks Tatu Ylönen SSH Communications Security Corp What are global IP networks? The Internet The consumer internet Global uncontrolled

More information

Femtocell: Femtostep to the Holy Grail

Femtocell: Femtostep to the Holy Grail . Femtocell: Femtostep to the Holy Grail... Ravishankar Borgaonkar, Kévin Redon.. Technische Universität Berlin, SecT ravii/kredon@sec.t-labs.tu-berlin.de TROOPERS 2011, 30 March 2011 3G/UMTS femtocells

More information

MANAGED SECURITY SERVICES

MANAGED SECURITY SERVICES MANAGED SECURITY SERVICES Security first Safety first! Security is becoming increasingly important for companies, especially for the extension of networking to mission-critical environments, with new intranet

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

SECURITY TRENDS & VULNERABILITIES REVIEW 2015 SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall

More information

Passive Vulnerability Detection

Passive Vulnerability Detection Page 1 of 5 Passive Vulnerability Detection "Techniques to passively find network security vulnerabilities" Ron Gula rgula@securitywizards.com September 9, 1999 Copyright 1999 Network Security Wizards

More information

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013 Everything You Always Wanted to Know About Log Management But Were Afraid to Ask August 21, 2013 Logging and Log Management Logging and Log Management The authoritative Guide to Understanding the Concepts

More information

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of

More information

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...

More information

Securing E-Commerce. Agenda. The Security Problem IC Security: Key Elements Designing and Implementing. 3203 1346_06_2000_c1_sec3

Securing E-Commerce. Agenda. The Security Problem IC Security: Key Elements Designing and Implementing. 3203 1346_06_2000_c1_sec3 Securing E-Commerce 1 Agenda The Security Problem IC Security: Key Elements Designing and Implementing 2 The Security Dilemma Internet Business Value Internet Access Corporate Intranet Internet Presence

More information

Network Security: Introduction

Network Security: Introduction Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has

More information

Introduction to Ethical Hacking and Network Defense. Objectives. Hackers

Introduction to Ethical Hacking and Network Defense. Objectives. Hackers Introduction to Ethical Hacking and Network Defense January 14, 2010 MIS 4600 - Abdou Illia Objectives Describe the role of an ethical hacker Describe what can an ethical hacker legally do Describe what

More information

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers

More information

Network Security Policy: Best Practices White Paper

Network Security Policy: Best Practices White Paper Security Policy: Best Practices White Paper Document ID: 13601 Introduction Preparation Create Usage Policy Statements Conduct a Risk Analysis Establish a Security Team Structure Prevention Approving Security

More information

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards

More information

Grandstream Networks, Inc. UCM6100 Security Manual

Grandstream Networks, Inc. UCM6100 Security Manual Grandstream Networks, Inc. UCM6100 Security Manual Index Table of Contents OVERVIEW... 3 WEB UI ACCESS... 4 UCM6100 HTTP SERVER ACCESS... 4 PROTOCOL TYPE... 4 USER LOGIN... 4 LOGIN TIMEOUT... 5 TWO-LEVEL

More information

Learn Ethical Hacking, Become a Pentester

Learn Ethical Hacking, Become a Pentester Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,

More information

An Introduction to Network Vulnerability Testing

An Introduction to Network Vulnerability Testing CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability

More information

WHITE PAPER. An Introduction to Network- Vulnerability Testing

WHITE PAPER. An Introduction to Network- Vulnerability Testing An Introduction to Network- Vulnerability Testing C ONTENTS + Introduction 3 + Penetration-Testing Overview 3 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and

More information

Network- vs. Host-based Intrusion Detection

Network- vs. Host-based Intrusion Detection Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477

More information

March 2012 www.tufin.com

March 2012 www.tufin.com SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST. CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Network Security Forensics

Network Security Forensics Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

Secure Web Applications. The front line defense

Secure Web Applications. The front line defense Secure Web Applications The front line defense Agenda Web Application Security Threat Overview Exploiting Web Applications Common Attacks & Preventative techniques Developing Secure Web Applications -Security

More information

Gateway Security at Stateful Inspection/Application Proxy

Gateway Security at Stateful Inspection/Application Proxy Gateway Security at Stateful Inspection/Application Proxy Michael Lai Sales Engineer - Secure Computing Corporation MBA, MSc, BEng(Hons), CISSP, CISA, BS7799 Lead Auditor (BSI) Agenda Who is Secure Computing

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Blended Security Assessments

Blended Security Assessments Blended Security Assessments Combining Active, Passive and Host Assessment Techniques October 12, 2009 (Revision 9) Renaud Deraison Director of Research Ron Gula Chief Technology Officer Table of Contents

More information

Who is Watching You? Video Conferencing Security

Who is Watching You? Video Conferencing Security Who is Watching You? Video Conferencing Security Navid Jam Member of Technical Staff March 1, 2007 SAND# 2007-1115C Computer and Network Security Security Systems and Technology Video Conference and Collaborative

More information

Mobile Device Strategy

Mobile Device Strategy Mobile Device Strategy Technology Experience Bulletin, TEB: 2012-01 Mobile Device Strategy Two years ago, the Administrative Office of Pennsylvania Courts (AOPC) standard mobile phone was the Blackberry.

More information

Code of Connection (CoCo) for Devices Connected to the University s Network

Code of Connection (CoCo) for Devices Connected to the University s Network Code of Connection (CoCo) for Devices Connected to the University s Author Information Security Officer (Technical) Version V1.1 Date 23 April 2015 Introduction This Code of Connection (CoCo) establishes

More information

CISO's Guide to. Penetration Testing. James. S. Tiller. A Framework to Plan, Manage, and Maximize Benefits. CRC Press. Taylor & Francis Group

CISO's Guide to. Penetration Testing. James. S. Tiller. A Framework to Plan, Manage, and Maximize Benefits. CRC Press. Taylor & Francis Group CISO's Guide to Penetration Testing A Framework to Plan, Manage, and Maximize Benefits James S. Tiller CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor

More information

HP IMC Firewall Manager

HP IMC Firewall Manager HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this

More information

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004 CSE331: Introduction to Networks and Security Lecture 32 Fall 2004 Hackers / Intruders External attacks Typical hacker Exploits carried out remotely Does not have an account on the remote machine Insider

More information

HIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures

HIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures HIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures Don Hewitt and Chris Goggans March 1, 2001 Copyright 2001 by Security Design International, Inc. 1 Agenda The Proposed Rule

More information

Common Remote Service Platform (crsp) Security Concept

Common Remote Service Platform (crsp) Security Concept Siemens Remote Support Services Common Remote Service Platform (crsp) Security Concept White Paper April 2013 1 Contents Siemens AG, Sector Industry, Industry Automation, Automation Systems This entry

More information

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006 CSE331: Introduction to Networks and Security Lecture 17 Fall 2006 Announcements Project 2 is due next Weds. Homework 2 has been assigned: It's due on Monday, November 6th. CSE331 Fall 2004 2 Summary:

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Network and Host-based Vulnerability Assessment

Network and Host-based Vulnerability Assessment Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:

More information

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Enterprise K12 Network Security Policy

Enterprise K12 Network Security Policy Enterprise K12 Network Security Policy I. Introduction The K12 State Wide Network was established by MDE and ITS to provide a private network infrastructure for the public K12 educational community. Therefore,

More information

HACKING RELOADED. Hacken IS simple! Christian H. Gresser cgresser@nesec.de

HACKING RELOADED. Hacken IS simple! Christian H. Gresser cgresser@nesec.de HACKING RELOADED Hacken IS simple! Christian H. Gresser cgresser@nesec.de Agenda About NESEC IT-Security and control Systems Hacking is easy A short example where we currently are Possible solutions IT-security

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How Network Security Is Breached Network Security Policy

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

STABLE & SECURE BANK lab writeup. Page 1 of 21

STABLE & SECURE BANK lab writeup. Page 1 of 21 STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth

More information

Effective Software Security Management

Effective Software Security Management Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information