External Network Penetration Test Report
|
|
- Rudolf Bates
- 8 years ago
- Views:
Transcription
1 External Network Penetration Test Report Jared Doe
2 C O N F I D E N T I A L P a g e 2 Document Information Assessment Information Assessor Kirit Gupta kirit.gupta@rhinosecuritylabs.com (888) Client Acme Company Project Manager Assessment Type Benjamin Caudill Client Jared Doe benjamin.caudill@rhinosecuritylabs.com Contact jared@acmecompany.com (888) External Network Penetration Test Project Number ACM-NPT Report Date Assessment Period Revision History Version Date Author Notes 1.0 October 16, 2015 Kirit Gupta Rough draft 1.1 October 16, 2015 Benjamin Caudill Edits 1.2 October 16, 2015 Kirit Gupta Final Report
3 C O N F I D E N T I A L P a g e 3 1. Executive Summary Rhino Security Labs conducted a network penetration test for Acme Company (Acme Company). This test was performed to assess Acme Company's defensive posture and provide security assistance through proactively identifying vulnerabilities, validating their severity, and providing remediation steps. Rhino Security Labs reviewed the security of Acme Company's infrastructure and has determined a CRITICAL risk of compromise from external attackers, as shown by the presence of multiple serious vulnerabilities. The detailed findings and remediation recommendations for these assessments may be found later in the report. Strategic Recommendations Not all security weaknesses are technical in nature, nor can they all be remediated by security personnel. Companies often have to focus on the root security issues and resolve them at their core. These strategic steps are changes to the operational policy of the organization. Rhino Security Labs recommends the following strategic steps for improving the company's security. 1 Enforce a more secure password policy, and educate users on proper password management. 2 Upgrade all Windows 2003 Servers to 2008 or above. 3 Transition company architecture from cleartext protocols to encrypted versions. 4 Enhance security defenses with additional detection and response capabilities, such as a SIEM 2. Summary Vulnerability Overview Rhino Security Labs performed an external network penetration test for Acme Company (Acme Company) on Scanning is performed to identify vulnerabilities, and manual
4 C O N F I D E N T I A L P a g e 4 testing and validation follows to simulate real-world attack scenarios. The following vulnerabilities were determined to be of highest risk, based on several factors including asset criticality, threat likelihood, and vulnerability severity. Summary An external network penetration test was performed on Acme Company. The following vulnerabilities were found, indicating the overall risk rating of this application is Critical. ID Vulnerability Risk C1 Subdomain takeover Vulnerability Critical Remove the subdomain identifying the server's direct IP address. C2 JBoss Credentials Brute Forced Critical Increase the administrative password complexity, or remove the administrative account if possible. H1 Sensitive Public Information Identified Remove sensitive information on the company from public resources. H2 Nameserver es Recursive Queries Restrict the processing of restrictive queries. H3 Multiple Unpatched Apache Vulnerabilities Update all Apache services and associated modules. H4 Multiple Unpatched PHP Vulnerabilities Update all PHP services and associated modules. H5 Multiple Unpatched OpenSSH Vulnerabilities Regularly patch and update all OpenSSH servers and associated modules. H6 Public Telnet Service Replace Telnet with SSH on all servers.
5 C O N F I D E N T I A L P a g e 5 M1 NTP Clock Variables Information Disclosure Medium Remove NTP from the given systems or apply an ACL that restricts NTP readvar queries from unauthorized clients. M2 Adobe Flash permissive crossdomain.xml policy Medium Edit the crossdomain.xml file, ensuring permissions are restricted to only what s necessary. L1 TCP Sequence Number Approximation Vulnerability Low On Windows systems, install the necessary patches for the given version of Windows. On Linux Systems, enable TCP MD5 signatures. L2 Web Directory is Publicly Browsable Low In the httpd.conf file, disable the Indexes option for the appropriate <Directory> tag by removing it from the Options line. 3. and Methodology Rhino Security Labs used a proprietary methodology to accurately assess the security of Acme Company s networks. This process involves detailed reconnaissance and research into the architecture and environment, performing automated testing for known vulnerabilities, and manually exploiting vulnerabilities for the purpose of detecting security weaknesses in the enterprise. Reconnaissance Information gathering is the first step toward a network penetration test, and provides Rhino Security Labs with crucial data to accurately and efficiently assess Acme Company s security. Network reconnaissance also includes enumeration to determine what hosts are alive and what
6 C O N F I D E N T I A L P a g e 6 services they are running. Research into these services is then carried out to tailor the test to the discovered systems. Automated Rhino Security Labs used a vulnerability scanner to conduct an automated analysis on Acme Company s network. This scan provides foundation for the full manual assessment, and should be viewed with this detailed report to gain an accurate representation of Acme Company s security posture. Manual Exploitation and Verification Rhino Security s consultants use the results of the vulnerability scan, paired with their expert knowledge and experience, to finally conduct a manual security analysis of the network. The assessors attempt to obtain access to sensitive systems via the published exploits or weaknesses discovered. The detailed results of both the vulnerability scan and the manual testing are shown in the tables below. 4. Constraints The following limitations were placed upon this engagement, as agreed upon with Acme Company: Vulnerabilities which would cause outages or interrupt the client's environment were noted but not validated. Penetration testing was limited to the agreed upon time period, scope, and other additional boundaries set in the contract and service agreement. 5. Research Penetration Notes Rhino Security Labs compiled the following notes during the reconnaissance portion of the web application penetration test. These notes provide the information needed to accurately assess the application and test for vulnerabilities.
7 C O N F I D E N T I A L P a g e 7 Assessment Information Assessment Type Vulnerability Scanner VPN Utilized Number of IP s in scope External Black-box Rapid7 NeXpose / Proprietary Internal Tools None 9 IP Addresses
8 C O N F I D E N T I A L P a g e 8 6. Vulnerability Findings The vulnerabilities below were identified and verified by Rhino Security Labs during the process of this network penetration test for Acme Company. Retesting should be planned following the remediation of these vulnerabilities. Attack Narrative Rhino Security Labs was tasked with performing an external penetration test for Acme Company Industries, an online retailer specializing in the sale of eye care products. This assessment is part of a larger engagement, involving a web application penetration test, social engineering, and an internal penetration test. The consultant assigned to this test began by performing routine reconnaissance and information gathering on the company, mining any useful data which can be used later in the assessment. After a thorough sweep of company websites, document metadata, social media sites and other resources, a cache of sensitive information was identified, including: Internal LDAP-Username Syntax Multiple names and internal LDAP usernames were found in PDF metadata from the corporate website. This is useful because it provides the syntax to create LDAP usernames from known employee names often easy to find. Corporate Syntax Like many organizations, the company names and Addresses were found online in multiple locations. Employee Names - Over 120 Acme employees were found in Linkedin and through other public sources, many of which being high value personnel within the company (IT, Company Executives, etc). Combined with the above syntax, usernames and address were able to be created for each user useful for brute forcing and similar network attacks. Internal Organizational Chart This provided many of the above employee names, and their ranking in the company. Useful for identifying key personnel in IT and other areas.
9 C O N F I D E N T I A L P a g e 9 Using this, we were able to confirm a critical security person was on vacation and response times would be slower useful information to have. DNS enumeration and bruteforcing was also performed on the domain, identifying a total of 46 subdomains. While many of these domains pointed to servers not in scope and should have additional security auditing performed on them (such as dev transfer and shop-dev ), one subdomain (community.acme.com) provided an interesting target. This subdomain pointed to a hosted community site which was no longer being used by acme and could therefore be purchased at the target site essentially hijacking a legitimate company subdomain. With initial information gathering activities completed, port and service scanning on Acme Company s external systems began. The tester encountered telnet and other unencrypted protocols that could be potential threats to the company s online security. During the tester s examination of the ports, port 8080 was identified as being open on one system and confirmed as an old JBoss version (4.0.4), hosting Java applets for Acme Company s online store. After further enumeration of the system, the tester confirmed that the JMX Console (the administrative console to JBoss) required a password. Using the previous list of employee names (specifically, those in IT and dev departments) and the LDAP syntax, a list of 18 possible LDAP usernames were created for brute forcing. A custom dictionary was created using employee names, industry and technology terms, and other words from the company website.
10 C O N F I D E N T I A L P a g e 10 Using this highly-targeted brute force, a valid username and password were confirmed MAnthony acmedev1. Rhino Security consultants gained access to the administrative console and began exploitation. From here, the tester engaged the system, uploading a malicious WAR file (Java Applet) and created a backdoor to the system, allowing initial access to the system although with limited privileges. Using this foothold, the tester quickly identified the operating system as Windows 2003, uploaded a local exploit, and escalated to system level privileges. With these privileges, the tester was able to dump the local system hashes. After inserting these hashes into Rhino Security Labs password cracking box, 95% were cracked within just a few hours, and provided access to additional publically-accessible services. Upon further enumeration of the system, it was identified as being connected to the internal network, and thus could be used as a pivot onto internal resources a total breach of perimeter systems and the primary objective for the assessment, as outlined by the client.
11 C O N F I D E N T I A L P a g e 11 External Network Details Exploited Vulnerabilities The vulnerabilities listed in the tables below were exploited by Rhino Security Labs during the course of the assessment. Evidence of the exploit is provided, along with recommended remediation steps to correct these vulnerabilities. Subdomain Takeover Vulnerability Report ID C1 Risk Critical IP(s) Critical During the subdomain enumeration process, a CNAME record was found pointing to a hosted community site (ning.com) no longer being used. Since the DNS record is still in place, it can be purchased/registered on the community hosting site and seized by an unauthorized user. Remove the affected CNAME record which is no longer being used. This issue was identified by first enumerating subdomains, which were then tied to specific DNS records and IP addresses. The given CNAME record was identified as pointing to a forum site which is no longer being utilized by the company. JBoss Credentials Brute Forced Report ID C2 Risk Critical IP(s) Critical
12 C O N F I D E N T I A L P a g e 12 The administrative credentials for a publicly facing JBoss server are easily bruteforced (admin::admin). See the above narrative for more details. Increase the administrative password complexity, remove the administrative account if possible, and remove public access to JMX Console if possible. See above narrative manually tested. Sensitive Public Information Identified Report ID H1 Risk IP(s) N/A Critical A number of major sources of sensitive information were publically identified, eventually being leveraged in a targeted brute-force against public resources. Remove sensitive information on the company from public resources, including social media and the corporate website. Sources such as Linkedin, Twitter, and multiple company websites were scraped for information, as well as documents mined for metadata. See above narrative for additional details.
13 C O N F I D E N T I A L P a g e 13 Notable Vulnerabilities The following vulnerabilities were not exploited by Rhino Security Labs. However, they still represent a risk to ACME s network security. Nameserver es Recursive Queries Report ID H2 Risk IP(s) Allowing nameservers to process recursive queries coming from any system may, in certain situations, help attackers conduct denial of service or cache poisoning attacks. Restrict the processing of recursive queries to only systems that should be allowed to use this nameserver. NSE (Nmap Scripting Engine) was used to test for Recursive DNS queries with a given list of domains. Multiple Unpatched Apache Vulnerabilities Report ID H3 Risk App(s) Multiple Apache HTTPD vulnerabilities were found on the external network.
14 C O N F I D E N T I A L P a g e 14 Update all Apache services and associated modules to the newest version available, and ensure appropriate patch management policies are in place. Using a port scanner, ports 80 and 443 were tested to verify the Apache version and associated vulnerabilities. Multiple Unpatched PHP Vulnerabilities Report ID H4 Risk App(s) Multiple Unpatched PHP Vulnerabilities were found on the external network. Update all PHP services and associated modules (such as Apache) to the newest version available, and ensure appropriate patch management policies are in place. Using port scanners and version detection tools, the web server was tested for its version of Apache, which was correlated to a corresponding version of PHP. Multiple Unpatched OpenSSH Vulnerabilities Report ID H5 Risk App(s) Multiple OpenSSH vulnerabilities, which compromises the confidentiality, integrity, and availability of SSH services.
15 C O N F I D E N T I A L P a g e 15 Ensure all OpenSSH servers remain up-to-date by regularly patching OpenSSH and associated modules. A port scanner and version-detection tools were used to verify service versions and vulnerabilities. Public Telnet Service Report ID H6 Risk App(s) Public telnet services were found on the external network. For command-line access, disable telnet and replace with SSH, which utilizes encrypted sessions. Using a telnet client, port-23 was checked to verify telnet connectivity. Minor Vulnerabilities The following vulnerabilities are of lower risk to the environment NTP Clock Variables Information Disclosure Report ID M1 Risk Medium App(s) Medium Critical This system allows the internal NTP variables to be queried. These variables contain potentially sensitive information, such as the NTP software version, operating system version, peers and more.
16 C O N F I D E N T I A L P a g e 16 Remove NTP from the given systems or apply an ACL that restricts NTP readvar queries from unauthorized clients. NTP 'readvar' queries are sent to the given NTP server, which then respond with identifying information. Adobe Flash permissive crossdomain.xml policy Report ID M2 Risk Medium App(s) Medium Medium Permissive crossdomain.xml policy files allow external Adobe Flash (SWF) scripts to interact with your website. Depending on how authorization is restricted on your website, this could inadvertently expose data to other domains or allow invocation of functionality across domains. Edit the crossdomain.xml file, ensuring permissions are restricted to only what's necessary. A web browser was used to verify the following HTTP response: '...domain-policy><site-control permitted-cross-domain-policies='all'' TCP Sequence Number Approximation Vulnerability Report ID L1 Risk Low App(s) Low Low
17 C O N F I D E N T I A L P a g e 17 Certain conditions make it easier for remote attackers to cause denial-of-service (DoS) against local users by injecting TCP RST packets and ending current sessions. On Windows systems, install the necessary patches for the given version of Windows. On Linux Systems, enable TCP MD5 signatures to prevent this type of TCP injection attack. Vulnerability was found using a vulnerability scanner. Explicit testing against this vulnerability was not performed due to the results of the attack (Denial of Service). Web Directory is Publicly Browsable Report ID L2 Risk Low App(s) Medium Low A web directory was found to be browsable, which means that anyone can see the entire contents of the web directory. In the httpd.conf file, disable the Indexes option for the appropriate <Directory> tag by removing it from the Options line. View the directories found in the scanner output and verify the vulnerability.
18 C O N F I D E N T I A L P a g e 18 Appendix A: Definitions and Criteria The risk ratings assigned to each vulnerability are determined through averaging several aspects of the exploit and the environment, including reputation, difficulty, and criticality. Risk Rating Definitions CRITICAL HIGH MEDIUM LOW INFORMATIONAL Critical vulnerabilities pose very high threat to a company's data, and should be fixed on a top-priority basis. They can allow a hacker to completely compromise the environment or cause other serious impacts to the security of the application severity vulnerabilities should be considered a top priority in terms of mitigation. These are the most severe issues and generally cause an immediate security concern to the enterprise Medium severity vulnerabilities are a lower priority, but should still be remediated in a timely manner. These are moderate exploits that have less of an impact on the environment. Low severity vulnerabilities are real but trivially impactful to the environment. These should only be remediated after the HIGH and MEDIUM vulnerabilities are resolved. Informational vulnerabilities have no impact as such to the environment by themselves. However, they might provide an attacker with information to exploit other vulnerabilities.
Penetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More information2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report
2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report 28 September 2012 Submitted to: Donald Lafleur IS Audit Manager ND State Auditor
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationPenetration Test Report
Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationAndreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.
Testing of Network and System Security 1 Testing of Network and System Security Introduction The term security when applied to computer networks conveys a plethora of meanings, ranging from network security
More informationPenetration Testing and Vulnerability Scanning
Penetration Testing and Vulnerability Scanning Presented by Steve Spearman VP of HIPAA Compliance Services, Healthicity 20 years in Health Information Technology HIPAA Expert and Speaker Disclaimer: Nothing
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationClient logo placeholder XXX REPORT. Page 1 of 37
Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company
More informationSECURITY TRENDS & VULNERABILITIES REVIEW 2015
SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall
More informationRedhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.
Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July
More informationThe Nexpose Expert System
Technical Paper The Nexpose Expert System Using an Expert System for Deeper Vulnerability Scanning Executive Summary This paper explains how Rapid7 Nexpose uses an expert system to achieve better results
More information!!!!!!!!!!!!!!!!!!!!!!
Infrastructure Security Assessment Methodology January 2014 RSPS01 Version 2.1 RandomStorm - Security Assessment Methodology - RSPS01 Version 2.1-2014 - Page 1 Document Details Any enquires relating to
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationPenetration Test Report
Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System
More informationWhat is Penetration Testing?
White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationInternal Penetration Test
Internal Penetration Test Agenda Time Agenda Item 10:00 10:15 Introduction 10:15 12:15 Seminar: Web Application Penetration Test 12:15 12:30 Break 12:30 13:30 Seminar: Social Engineering Test 13:30 15:00
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationAn Introduction to Network Vulnerability Testing
CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability
More informationCyber Essentials. Test Specification
Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationCertified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) Course Number: CEH Length: 5 Day(s) Certification Exam This course will help you prepare for the following exams: Exam 312 50: Certified Ethical Hacker Course Overview The
More informationPenetration Testing. Presented by
Penetration Testing Presented by Roadmap Introduction to Pen Testing Types of Pen Testing Approach and Methodology Side Effects Demonstration Questions Introduction and Fundamentals Penetration Testing
More informationPenetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.
1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, juaorteg@uat.edu 1 Juan Ortega, juaorteg@uat.edu 2 Document Properties Title Version V1.0 Author Pen-testers
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationApril 11, 2011. (Revision 2)
Passive Vulnerability Scanning Overview April 11, 2011 (Revision 2) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationPenetration Testing Workshop
Penetration Testing Workshop Who are we? Carter Poe Nathan Ritchey Mahdi Shapouri Fred Araujo Outline Ethical hacking What is penetration testing? Planning Reconnaissance Footprinting Network Endpoint
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More information1 Scope of Assessment
CIT 380 Project Network Security Assessment Due: April 30, 2014 This project is a security assessment of a small group of systems. In this assessment, students will apply security tools and resources learned
More informationIBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing
IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed
More informationREPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationNetwork Security Audit. Vulnerability Assessment (VA)
Network Security Audit Vulnerability Assessment (VA) Introduction Vulnerability Assessment is the systematic examination of an information system (IS) or product to determine the adequacy of security measures.
More informationFinal Audit Report AUDIT OF THE INFORMATION SECURITY POSTURE OF THE U.S. OFFICE OF PERSONNEL MANAGEMENT'S USAJOBS SYSTEM FY 2012
u.s. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Subject: AUDIT OF THE INFORMATION SECURITY POSTURE OF THE U.S. OFFICE OF PERSONNEL MANAGEMENT'S USAJOBS
More informationComplete Web Application Security. Phase1-Building Web Application Security into Your Development Process
Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationSpigit, Inc. Web Application Vulnerability Assessment/Penetration Test. Prepared By: Accuvant LABS
Web Application Vulnerability Assessment/enetration Test repared By: Accuvant LABS November 20, 2012 Web Application Vulnerability Assessment/enetration Test Introduction Defending the enterprise against
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationCyber Essentials PLUS. Common Test Specification
Cyber Essentials PLUS Common Test Specification Page 1 Version Control Version Date Description Released by 1.0 07/08/14 Initial Common Test Specification release SR Smith 1.1 19/08/14 Updated Scope SR
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationWHITE PAPER. An Introduction to Network- Vulnerability Testing
An Introduction to Network- Vulnerability Testing C ONTENTS + Introduction 3 + Penetration-Testing Overview 3 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationApplication Security Testing
Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the
More informationRapid Vulnerability Assessment Report
White Paper Rapid Vulnerability Assessment Report Table of Contents Executive Summary... Page 1 Characteristics of the Associated Business Corporation Network... Page 2 Recommendations for Improving Security...
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationNETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER
A C a s e s t u d y o n h o w Z e n Q h a s h e l p e d a L e a d i n g K - 1 2 E d u c a t i o n & L e a r n i n g S o l u t i o n s P r o v i d e r i n U S g a u g e c a p a c i t y o f t h e i r f l
More informationhttps://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting
https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests
More informationVulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad
Vulnerability Assessment and Penetration Testing CC Faculty ALTTC, Ghaziabad Need Vulnerabilities Vulnerabilities are transpiring in different platforms and applications regularly. Information Security
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationNational Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...
NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area
More informationAttack and Penetration Testing 101
Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing
More informationPenetration Testing //Vulnerability Assessment //Remedy
A Division Penetration Testing //Vulnerability Assessment //Remedy In Penetration Testing, part of a security assessment practice attempts to simulate the techniques adopted by an attacker in compromising
More informationProtecting Critical Infrastructure
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More informationComputer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)
Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2) Course number: CFED Length: 5 days Certification Exam This course will help you prepare for the following exams: CCE --
More informationLearn Ethical Hacking, Become a Pentester
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationTaxonomic Modeling of Security Threats in Software Defined Networking
Taxonomic Modeling of Security Threats in Software Defined Networking Recent advances in software defined networking (SDN) provide an opportunity to create flexible and secure next-generation networks.
More informationUsing Foundstone CookieDigger to Analyze Web Session Management
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationIDS and Penetration Testing Lab ISA 674
IDS and Penetration Testing Lab ISA 674 Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible Use
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationiscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi
iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent
More informationlocuz.com Professional Services Security Audit Services
locuz.com Professional Services Security Audit Services Today s Security Landscape Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System layer.
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationPCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker
PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS
More informationEthical Hacking Agreement for External Network Security Unannounced Penetration Test
Ethical Hacking Agreement for External Network Security Unannounced Penetration Test Agreement made on the (date), between (Name of Consultant) of (street address, city, state, zip code), referred to herein
More informationCourse Title: Penetration Testing: Network Threat Testing, 1st Edition
Course Title: Penetration Testing: Network Threat Testing, 1st Edition Page 1 of 6 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationSCP - Strategic Infrastructure Security
SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character
More informationHow-to: DNS Enumeration
25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS
More informationNEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015
NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps
More informationPenetration Testing: Lessons from the Field
Penetration Testing: Lessons from the Field CORE SECURITY TECHNOLOGIES SCS SERVICES May 2009 1 Agenda: About me: Alberto Soliño Director of Security Consulting Services at Core Security One of first five
More informationAn ICS Whitepaper Choosing the Right Security Assessment
Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available
More informationAudience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
More informationCORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG)
CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG) Extending automated penetration testing to develop an intelligent and cost-efficient security strategy for enterprise-scale information systems CAG
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationSecurity Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More information