Solutions must accommodate clients needs - and not vise versa Capable of proper control and audit oversight

Transcription

1 AUTOMATED II..T.. SECURIITY ASSESSMENT Are you confident that your company s computer network is secure and not vulnerable to unauthorised intrusions? specializes in finding security holes in hosts and networks, exposing vulnerabilities in the corporate network, and checking computer systems for the possibility of hostile external attacks. As our information systems become more complex and the demands for uptime become more pressing, system administrators are overwhelmed with the burden of keeping their systems in step with the business that they mean to be supporting. System owners and administrators are looking for simple, effective and timely feedback on the technical state of the security of their systems. has developed Automated Scanning - a vulnerability assessment engine this ASP based service offering is used to identify technical vulnerabilities on the Network in a clear, easy to understand, competitively priced & logical methodology. The elements are as follows: o Full suite solution internal & external vulnerability assessment services - to IT managers / CIO's: Network security risk assessment 'know what's broken before you can fix it?' Network security management better allocate resources to the implementing of simple security solutions Network Security supervision - were vulnerabilities fixed since last week? Are my system administrators doing their work properly and on time? o o Solutions must accommodate clients needs - and not vise versa Capable of proper control and audit oversight We help clients maximize network security by providing a complete risk assessment SOLUTION using their available resources!

2 Remote (external) Automated Scanning Service External vulnerability assessment is defined as the assessment of network from an external network that is considered to be physically and politically external to that of the network. In reference to the Automated Scanning service offered by Beyond Security, external is defined as the scanning of the network from its scanning services located at s premises. This scanning occurs across the Internet allows viewing the security of the systems as seen by potential external attackers. As an added value, has the facility, through a secured mail request feature to perform Vulnerability Assessment Scanning Services for Internet exposed networks. The system will initiate a scan request, and the remote Automated Scanning server will conduct the requested scans over the Internet, giving clients a unique hackers eye view of their Internet exposed IP addresses. Typically the kinds of servers scanned are Web Servers, FTP Servers, Mail Servers, Exchange Servers, SQL Servers and Internet exposed Firewalls. Scans are not limited by operating system and the service includes general security tests, along with specific tests for Windows 9x/NT/2000/XP, UNIX, Novell, AS-400, Mainframe, etc. Among these tests are special firewall and network router checks, application level tests, and more. Scan Reports are sent in much the same way as internal network scan reports, and vulnerabilities are updated to our server using the same secure-pull mechanism, ensuring that resultant Vulnerability Assessment reports are always up to date. Deployed (internal) Automated Scanning Service The threat of insiders to computer security and the subsequent financial losses cannot be underestimated. A study by the FBI and the Computer Security Institute found that insiders carried out 71% of security breaches. Disgruntled employees may steal information and sell it to competitors, try to bilk their employers, delete important files, destruct proprietary information, insert malicious code, take servers offline or corrupt vital services.

3 A report by PricewaterhouseCoopers concluded that breaches of security are now costing businesses a staggering 18 billion pounds every year. Indeed, the news gets even worse with two out of every five of those surveyed indicating that they suffered some form of an internal breach during the calendar year 2001, a rise of almost one hundred percent on the previous year's figures. offers innovative Deployed Security Solution, which check and expose vulnerabilities within the internal network of an organization. Further to the constant vulnerability assessments of a LAN, the Deployed Security solutions incorporate the important aspect of managing client s security policies on a constant basis using a powerful differential reporting system. 's innovative Deployed Security Solution is defined as the assessment of a network from within typically the customer s own network. This Deployed Security Solution platform is designed so it could be especially configured per every client s unique security needs and desires. The solution is very similar to the unique external Remote Automated Scanning service, with the variation that the automated scan audits are performed from inside the network or Intranet using an on-site dedicated appliance / server. The Deployed Security Solution is performed by an Automated Scanning appliance / server - which are configured and updated by. The security audit results are sent directly to the network administrator / IT manager / CIO, and the appliance / server does not have to be connected to the Internet at all. The appliance / server is updated daily or weekly according to the client s needs using a secure and automated Pull method from a central update server. Updates will be digitally signed and will be checked by the server automatically before installation. Update can be performed using a CD on a weekly / monthly basis if no external connection to the Internet is available. Differential Reporting Capabilities Differential Reporting is a key security management tool in monitoring and assessing changes in network vulnerabilities and policies, on an ongoing basis.

4 The Automated Scanning solution correlates & consolidates the security assessment results into the scan reports - These reports can be customised as desired (e.g. into network scan reports or into a single host report). s differential reporting facility empowers clients to generate 3 levels of reports: 1. A management report, identifying trends in the management of security vulnerabilities and fixes; 2. A management report representing problems by age analysis, and categorizing problems into high, medium and low risk; and 3. A technical report specifying the security holes that were revealed, their severity (identified by high, medium and low risk) their location and effect, and how to repair them. In addition, the report shows the complete list of security tests that were performed. Policy management and supervision as well as vulnerability audits are conducted periodically. By assigning individual scans, security policies can be enforced and supervised automatically - reduces security breaches dramatically. Using the differential reports which includes a summary of all vulnerabilities found on the network, and highlights differences from previous scans (new holes discovered, security holes fixed) IT managers can really manage and monitor the solution implementation procedure with very little effort. Vulnerability Assessment Capabilities Automated Scanning does not break down the security testing into its components, nor does it require any kind of software installation on remote hosts/servers. Due to the advanced technology which supports our solution, we are able to scan such items as databases or systems without the need for additional agents or software installations on hosts/servers. Our solution is therefore cost efficient and reliable. The following is a non-exhaustive list of tests that we currently perform:

5 Sample test list: 1. Passwordless access to databases. 2. Brute forcing of passwords (Database, System, and Internet access, via telnet, FTP, auth, VPN, etc). 3. Inadequate database configuration permissions. 4. Database vulnerabilities (SQL alterations, Overflows, Authentication bypassing, MSSQL, MySQL, Oracle). 5. System vulnerabilities (DoSs, Vulnerable system services, etc). 6. Internet vulnerabilities (TCP/IP protocol, FTP, HTTP, DNS, Kerberos, SSL, SSH, SMTP, SNMP, RPC, NFS, DoS, DDoS, SPAM relay). 7. Application vulnerabilities. 8. Web based applications vulnerabilities (Customer made applications, Cross Site Scripting, SQL Injection checks, Price modification). 9. Backdoor, Trojan, and Virus detection (Detects both malicious code infecting a remote server, and detects the vulnerabilities that allow them to enter). 10.Username and Password retrieval (either from UNIX based machine or from Windows based machines) and policy confirmation (testing for password strength). 11.IDS evasion testing. 12.Registry attacks (Accessing, Information gathering, Password revealing, Modem detection, etc). 13.Firewall security vulnerabilities (DoS, Bypassing, etc). 14.Router, Switch, Gateway based security vulnerabilities. 15.Printer security vulnerabilities (DoSs, Bounce attacks, etc). 16.Data storage vulnerabilities (StorageTek, Network Appliances, Hitachi, etc). Policy Enforcement Capabilities Utilizing our scanning engine an administrator can enforce a security policy on his network. A policy will usually consist of several security tests that should be present on the network. Often security policies are present, but are not adhered to and often such policies are not even present on the network. Our solution allows for easier and thus improved management of security policies, which in turn frees up resources, and unlocks true value in Information Systems. The following is a typical example of a security policy:

6 Policy type: FTP Scan used: 1. FTP Service (Detection of the presence of the service). 2. FTP Guest Access (Checks whether access using the guest user is possible). 3. FTP Anonymous Access (Checks whether accounts other than guest are able to connect to the FTP service). 4. FTP Writeable Directory (Checks whether users that have access, as detected above, are able to write on the remote FTP server). 5. FTP Service security vulnerabilities (Checks for different types of security vulnerabilities that are caused by flawed FTP software). When the FTP policy is used, each open port that is found will be tested for each of the above plug-ins. If any of the above is found to be positive (i.e. that the remote FTP service is running, even if it is not on its assigned port, port TCP/21), a vulnerability will be reported. When this policy is executed on a complete network, hosts that do not conform to the FTP policy can be easily spotted. A differential scan (a scan that will reveal only changes in the vulnerabilities found on the network from the last performed scan) of the network can be even more effective when it is used in this case, since new hosts or existing hosts that have suddenly stopped conforming to the policy will show up on the report.

7 Summary Automated Scanning by focuses on finding security holes in hosts and networks, exposing vulnerabilities in the corporate network, and checking computer systems for the possibility of hostile internal and external attacks. Key benefits of our solution 1. Automated Differential Reporting- our differential reports are fully customizable to your needs. They will enable you to track performances across your entire network easily and with minimal effort; 2. Automated Scheduling of Scans fully customizable to run scans, at any time during any given time period without the need to monitor its success or failure; 3. Minimal Staff Maintenance- no need to place an on-site person to initiate or control the scan. Ease of use and the scheduling ability of the solution, allow you to limit or better utilize staff in other IT environments. In addition, our team of security experts may be contacted, for all technical support; 4. Access to SecuriTeam - direct access to the human resources and extensive knowledgebase backing of which is today recognized, as one of the leading security portals in the world; 5. Uniquely Customizable Solution- our leading team of security specialists will develop unique solutions for your particular environment as and when required and where technically possible; 6. External Automated Scanning Service- enables you to automatically schedule scans, performed by a secure remote server, providing you with a hackers eye view of your exposed IP s; 7. Automated Updates Service - up to 3 times daily ensuring that your system is always protected from new vulnerabilities; 8. Automated Software Version Upgrades - as new features and utilities are added to our advanced security engine, you will automatically, through a secure pull update mechanism, receive these upgrades; 9. Free Telephonic and Electronic Support - our team of local and international ( security specialists are available, free of charge, to assist with technical support.

8 - Leading Security Portal The knowledge base is core to the success and continued competitive advantage of our platform. is a leading security web portal owned and managed by. Along with s internal R&D personnel, SecuriTeam works around the clock, 365 days a year, building new exploits, testing new vulnerabilities and developing new fixes, patches and workarounds to update the scanning engine with. The knowledge contained within SecuriTeam is ploughed into the automated scanners up to 3-times daily, ensuring that the system is continually and transparently up to date, all the time. Currently the SecuriTeam portal receives over one million unique impressions per month from security professionals worldwide and contains over 6000 pages of linked content, making it the second largest Internet based security portal in the world Technical IS personnel 27% Other 24% security consultants 16% 'white hat' hackers. 8% webmasters 11% network/communic ation engineers 14% *According to user definitions

9 Product Security Audit specializes in finding security holes in hosts, networks and products. The fact that we do not develop, sell, or endorse any security solution allows us complete freedom when coming to find the weakest link in any security solution. Software bugs are an inherent attribute of software products, and releasing a completely safe application is usually not a realistic goal. However, performing an effective security audit can clear out most security bugs, and provide an adequate level of assurance that the product is safe. We offer three basic inspection packages when reviewing a certain product, which vary primarily by the time invested in reviewing the product. Basic audit This is a relatively short review, which inspects the product according to its design and basic functionality. This audit can point out potential security holes, and location of dangerous functions. Source code is not reviewed in this package. This test will locate, for example, potentially erroneous design decisions (for example, checking for common security pitfalls). Executable audit This review tries to locate actual security holes by reviewing the actual package. Although source code is usually consulted as well, programming errors are not explicitly checked for. This test discovers typical security holes that are surface deep. For example functions that may allow attackers to execute malicious code on the machine, or a weak authentication mechanism. Source-Code level audit This is the most thorough test. Here source code is inspected for potential coding errors that might lead to future security holes (for example, functions that act on user input without making sanity checks).

10 - Company Profile started its operations in July 1998 as a security portal called SecuriTeam. In Oct 1999 Ltd. was officially founded with a clear vision of providing services to identify and uncover security holes in hosts, networks and products. began by providing security assessment services, including manual penetration tests, product audits / code reviews and network security testing. In the beginning of 2000, unveiled an innovative vulnerability assessment platform called Automated Scanning that automatically performs security assessment services and Managed Security Services (MSS) on periodic basis using advanced vulnerability scanning technology. Automated Scanning is sold via two subsidiaries in South Africa and Australia as well as via resellers and distributors in 14 countries such as: Spain, Portugal, Sweden, UK, France, Netherlands, Ukraine, Poland, Taiwan, Hong Kong, and the United States. currently has more than 2000 clients worldwide, serviced by a network of value added resellers. These companies include fortune 500 companies, large financial institutions, governmental agencies, hi-tech startup companies, e-commerce sites and even other security companies. is committed to developing best of bread security solutions and now employs 30 security professionals, most of which are R&D personal with a main office in Israel, and has affiliations with leading security firms globally.