Vulnerability Scan External Internet Assessment

Transcription

1 Summary Report Vulnerability Scan External Internet Assessment Prepared for SWERN Date: 6 th August 2009 Version: IT Network & Security Specialist Service Provider

2 Confidentiality This document is presented in strictest confidence, and shall be treated accordingly. The recipient of this document acknowledges that all information provided within is confidential, commercially sensitive and agrees not to copy, discuss, or disclose its contents, in whole or in part, by any means without the express written permission of Imerja Limited. Upon formal written or verbal request by an authorised officer of Imerja Limited this document will be immediately returned to the company. Communications with Imerja Limited All enquiries regarding the content of this document should in the first instance be directed to: Andrew McGregor Security Specialist Imerja Limited Paragon Business Park Chorley New Road Horwich BL6 6HG Telephone: Fax: Mobile: Document Control Version Author Date Status Issued to 0.1 Initial Draft circulated 0.2 Updated A McGregor QA Review 1.0 ISSUED A McGregor Page ii

3 CONTENTS 1 Introduction Scanning Parameters Port Scanner Vulnerability Scanner Target Details Scan Results Overall Security Position: Issues Found Major issues Minor Issues Informational Issues...5 Page iii

4 1 Introduction South West of England Regional Network (SWERN) asked Imerja Limited to perform a series of vulnerability assessments on each of its attached client networks. This report highlights the most potentially serious issues found and an overall assessment of your external internet security posture. The test results should not be considered an in-depth penetration test but more of a high level overview of the most obvious vulnerabilities found during the tests. New vulnerabilities are discovered all the time so to ensure the security of assets, it is prudent to ensure that patches are applied to systems as soon as feasibly possible after their release. The issues discovered during the tests have been broken down into three main categories High o These issues should be examined and addressed immediately. These issues could cause exploitation of services and possibly allow users to gain unauthorised access to the network. Medium o Whilst not critical, these issues should be examined to ensure that unauthorised users do not have access to assets or information to which they are not permitted access. Informational o These issues are generally for information only and do not indicate problems but rather areas in which security could be tightened. Swern.doc Page 1

5 2 Scanning Parameters 2.1 Port Scanner Testing Software: NMAP Scan Parameters: SYN scan for the most common 1000 TCP Ports with OS identification where possible Hosts identified with open ports were fed into the next stage of tests to scan for vulnerabilities 2.2 Vulnerability Scanner Testing Software: Tenable NESSUS Plugins enabled: All except those defined as non-safe which could cause a service outage Scanning for: All services 2.3 Target Details Number of Hosts: 896 Target Subnets: /24, /24, /24, /25 Swern.doc Page 2

6 3 Scan Results 3.1 Overall Security Position: 1. Network has very high security and low potential for abuse X 2. Network has some minor flaws with local effect only 3. Potential to affect local services with some loss of organisation-wide service 4. Potential to cause major disruption to organisation Swern.doc Page 3

7 3.2 Issues Found Major issues Severity Issue High Apache Apache Apache The versions of Apache installed on these servers is out of date and contains multiple vulnerabilities Upgrade to the latest version of Apache currently High The private SNMP community string has no password assigned which may allow an attacker to change settings Filter SNMP requests on the server or assign a password to the private SNMP community string. High The version of OpenSSL running on this server contains a bug which could be exploited to execute code. Upgrade to the latest version currently 0.9.8k High The version of Cisco IOS (12.2(19)) used by this device is out of date and contains multiple vulnerabilities which may allow an attacker to crash the device The version of IOS should be upgraded to the latest version High The version of Cisco IOS (12.4(3e)) used by this device is out of date and contains multiple vulnerabilities which may allow an attacker to crash the device. The version of IOS should be upgraded to the latest version Swern.doc Page 4

8 High The version of Cisco IOS (12.4(8c)) used by these device is out of date and contains a vulnerability which may allow an attacker to crash them. The version of IOS should be upgraded to the latest version Minor Issues Severity Issue Medium The public SNMP community string has no password assigned allowing an attacker to gain considerable information regarding the hosts Filter SNMP requests on the server or assign a password to the public SNMP community string Informational Issues Severity Issue Info Info The banner presented by the SSH and telnet daemons on this server appears to have an error in it. It states Use by authorised persons is prohibited. A large number of services are running on this server exposing a number of open ports. Investigate whether services such as finger, rlogin and sunrpc are actually needed and disable them if not by commenting out the entry in /etc/inetd.conf and restarting the inetd service Swern.doc Page 5