Comodo Hacker Guardian

Transcription

1 TM Creating Trust Online Comodo Hacker Guardian Definition of Plug-in Categories

2 Contents Debian Local Security Checks Windows CGI Abuses Windows : Microsoft Bulletins Windows : User Management FTP (File Transfer Protocol) Gentoo Local Security Checks Useless Services Denial of Service (or rather Denial of Service attack) Service Detection CGI Abuses: XSS Backdoors Peer-To-Peer File Sharing General Misc. Default Unix Accounts Remote File Access Firewalls Gain Root Remotely SMTP Problems SNMP Port scanners

3 Gain a Shell Remotely Netware 8 Plugins CISCO Finger Abuses AIX Local Security Checks AIX Local Security Checks MacOS X Local Security Checks Red Hat Local Security Checks Solaris Local Security Checks HP-UX Local Security Checks FreeBSD Local Security Checks Mandrake Local Security Checks SuSE Local Security Checks Fedora Local Security Checks Slackware Local Security Checks Web Servers NIS Ubuntu Local Security Checks About Comodo

4 Debian Local Security Checks Debian, organized by the Debian Project, is a widely used distribution of free software developed through the collaboration of volunteers from around the world. Since its inception, the released system, Debian GNU/Linux, has been based on the Linux kernel, with many basic tools of the operating system from the GNU project. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. Windows Microsoft Windows is a family of operating systems by Microsoft. They can run on several types of platforms such as servers, embedded devices and, most typically, on personal computers. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. CGI Abuses The Common Gateway Interface (CGI) is a standard protocol for interfacing external application software with an information server, commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the output from the application to the web browser. This information can consist of confidential consumer data. A CGI abuse occurs when a hacker intercepts the requests from the web browser to the application. Windows : Microsoft Bulletins When necessary, Microsoft provides a new security update on the second Tuesday of each month and sends a bulletin announcing the update. More details can be found here: Hacker Guardian detects whether any vulnerabilities outlined in these bulletins are present on a server. Windows : User Management Windows User management services provide the ability to maintain a user's preferences and privileges. Hacker Guardian checks for any vulnerabilities in the Windows OS user management functionality (User account management and security). FTP (File Transfer Protocol) The protocol used on the Internet for exchanging files. FTP uses the Internet's TCP/IP protocols to enable data transfer. FTP is most commonly used to download a file from a server using the Internet or to upload a file to a server (eg,

5 uploading a Web page file to a server. Hacker Guardian checks whether a server could be putting sensitive data at risk by running insecure or outdated FTP services. Gentoo Local Security Checks Gentoo Linux is a Linux distribution named after the Gentoo Penguin. It is designed to be modular, portable, easy to maintain, flexible, and optimized for the user's machine. This is accomplished by building all tools and utilities from source code, although, for convenience, several large software packages are also available as precompiled binaries for various architectures. Gentoo achieves this via the Portage system. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. Useless Services A program that can be automatically started as part of the operating system start-up process and that runs continuously in the background. Hacker Guardian detects any unused services running on an operating system and notifies the administrator. Furthermore, Hacker Guardian checks that these unused services are secure and not vulnerable to attack. Denial of Service (or rather Denial of Service attack) In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers where the attack is aiming to cause the hosted web pages to be unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB). DoS attacks have two general forms: - Force the victim computer(s) to reset or consume its resources such that it can no longer provide its intended service. - Obstruct the communication media between the intended users and the victim in such that they can no longer communicate adequately. Hacker Guardian tests whether a server is vulnerable to DoS attacks and provides immediate remediation advice if any are found. Service Detection Service detection protocols are network protocols which allow automatic detection of devices and services offered by these devices on a computer network. If a server is open to attacks on these protocols, then the server is vulnerable to, amongst others, a Denial of Service Attack Hacker Guardian tests whether a server is vulnerable to DoS attacks and provides immediate remediation advice if any are found.

6 CGI Abuses: XSS Cross site scripting (XSS) is a type of computer security exploit where information from one context, where it is not trusted, can be inserted into another context, where it is trusted. From the trusted context, an attack can be launched. For example, a hacker may create a bogus login box hosted on his own server where customers enter their details. The login box html is then inserted inside the real, trusted website. The rest of the page is the genuine page, but the login box part of the page is hosted on the attacker s server. The customer assumes they are entering information into the real website. but are in fact entering information into the fake login box. Hacker Guardian tests whether a server is vulnerable to this type of attack. Backdoors Backdoors are a way for computer hackers to illegitimately gain access to a computer or server. A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection. The backdoor may take the form of an installed program (e.g., Back Orifice or the Sony/BMG rootkit backdoor installed when any of millions of Sony music CDs were played on a Windows computer), or could be a modification to a legitimate program. Peer-To-Peer File Sharing File sharing is the practice of making files available for other users to download over the Internet and smaller networks. Usually file sharing follows the peer-to-peer (P2P) model, where the files are stored on and served by personal computers of the users. Most people who engage in file sharing are also downloading files that other users share. Whilst P2P represents a great way to share files, it has become a notorious source of malware and vulnerability exploits. Hacker Guardian tests whether a server is vulnerable to any known P2P vulnerabilities. General As the name suggests, these are types of attacks that don t fall under the heading of the other attack categories. Misc. As the name suggests, these are types of attacks that don t fall under the heading of the other attack categories. Default Unix Accounts If a server is running the UNIX operating system, Hacker Guardian checks that all user accounts have been password protected. It also checks all UNIX user accounts to ensure they have changed their password from the default password that UNIX shipped with. If a user has not changed their password from the widely known default password then this presents an easy way for a hacker to break into a system. Remote File Access This type of vulnerability allows a malicious user to access important system or confidential files on a server. Hacker Guardian detects if a server is vulnerable to this type of attack and provides remediation advice if it is. These attacks are

7 most likely to occur on servers using the Network File System (NFS) which allows different makes of computers running different operating systems to share files and disk storage. Firewalls A firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy. The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle. By their very nature, firewalls have to leave certain ports open for the operation of web, mail, ftp and other Internet based services - leaving you vulnerable to exploitation on these very ports. Hacker Guardian vulnerability scans identify and deliver fix recommendations on all these avenues of insecurity. Gain Root Remotely A flaw that can allow a remote attacker to gain root privileges. If remote connections are allowed and vulnerable, then an attacker can exploit the vulnerability to gain root access. SMTP Problems Simple Mail Transfer Protocol is the de facto standard for transmission across the Internet. SMTP is a relatively simple, text-based protocol, where one or more recipients of a message are specified (and in most cases verified to exist) and then the message text is transferred. SMTP problems exist when a server is vulnerable to attacks on this protocol and are usually detected if there is a problem with the mail server. Therefore, if a server has SMTP problems, the possibility exists that messages could be intercepted by a hacker. SNMP Simple Network Management Protocol. The network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security. This family of tests examines a server to identify if it is vulnerable to attacks on the SNMP protocol. Port scanners A port scanner is a piece of software designed to search a network host for open ports. This is often used by administrators to check the security of their networks and by crackers to compromise it. Hacker Guardian detects whether or not a server is open to illicit port scanning or snooping.

8 Gain a Shell Remotely When the remote login/remote shell service trusts every host on the network, a malicious super user on an arbitrary host can gain access as any user (except perhaps root). Once inside, the intruder can replace system programs or configuration files (such as the password file) and take over the machine. In addition, there are guest or administrative accounts that might not have passwords protecting the account, which allows anyone to remotely login as that user and gain access to the host. Hacker Guardian runs a series of tests to determine whether a server is vulnerable to such attacks. Netware 8 Plugins Netware 8 is a popular local-area network (LAN) operating system developed by the Novell Corporation. It runs on a variety of different types of LANs, from Ethernet to IBM token-ring networks. Netware8 Plugins are small programs that integrate with and expand the functionality of the Netware 8 operating system. Often these are written by 3 rd party vendors and sometimes are installed whilst still in beta version. Hacker Guardian checks that any Netware plugins installed on a server pose no threat to security. If they do, the user is provided with effective remediation advice. CISCO CISCO is one of the leading manufacturers of network equipment. Cisco s primary business is in Internet working products, such as routers, bridges, and switches. Hacker Guardian tests whether a server is open to any CISCO equipment specific vulnerabilities. Finger Abuses A Unix program that displays information about a particular user or all users logged on the system, or a remote system. Finger typically shows full name, last login time, idle time, terminal line, and terminal location. A finger abuse happens when a hacker remotely activates this program to discover information about the server. Hacker Guardian detects and helps remediate any vulnerability to finger abuse on a server. AIX Local Security Checks AIX (Advanced Interactive executive) is a proprietary operating system developed by IBM based on UNIX System V. Before the product was ever marketed, the acronym AIX originally stood for Advanced IBM UNIX. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. RPC (Remote Procedure Call) A protocol which allows a program running on one host to cause code to be executed on another host without the programmer needing to explicitly code for this. An RPC is initiated by the caller (client) sending request message to a remote system (the server) to execute a certain procedure using the arguments supplied. RPC attacks can be executed remotely or local and leave the server open to a number of attack vectors, including Gain the Root Remotely (which gives an attacker complete control over a server) and Denial of Service attacks (overloading a server with thousands of

9 simultaneous requests until it crashes or slows down). Hacker Guardian tests whether a server is vulnerable to all known RPC exploits. MacOS X Local Security Checks Mac OS, which stands for Macintosh Operating System, is the trademarked name for a series of graphical user interfacebased operating systems developed by Apple Computer for their Macintosh line of computer systems. The Mac OS is often credited with popularizing the graphical user interface. It was first introduced in 1984 with the original Macintosh 128K. Hacker Guardian runs series of tests to determine whether there are any security flaws in the Macintosh Operating System (Mac OS) and the services that Mac OS runs on the target server. Red Hat Local Security Checks Red Hat is one of the largest and most recognized companies dedicated to open source software. The name "Red Hat" is also frequently used to refer to the two variants of Linux the company produces under that name, Red Hat Enterprise Linux and the now-superseded Red Hat Linux. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating systems (OS) and the services that the OS s run on the target server. Solaris Local Security Checks Solaris is a computer operating system developed by Sun Microsystems. It is certified as a version of Unix. Although Solaris proper is still proprietary software, the core OS has been made into an open source project, OpenSolaris. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. HP-UX Local Security Checks HP-UX (Hewlett Packard UniX) is Hewlett-Packard's proprietary implementation of the Unix operating system, based on System V (initially System III). It runs on their PA-RISC range of processors and Intel's Itanium processor, and was also available for later Apollo/Domain systems. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. FreeBSD Local Security Checks FreeBSD is a Unix-like free operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD) branch through the 386BSD and 4.4BSD operating systems. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. Mandrake Local Security Checks Mandriva Linux (formerly Mandrakelinux or Mandrake Linux, and an acquisition of Conectiva and Lycoris) is a Linux distribution created by Mandriva (formerly Mandrakesoft). The first release was based on Red Hat Linux (version 5.1) and KDE (version 1.0) in July It has since diverged from Red Hat and has included a number of original tools mostly to

10 ease system configuration. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. SuSE Local Security Checks SUSE is a major retail Linux distribution, produced in Germany. The company is owned by Novell, Inc. SUSE is also a founding member of the Desktop Linux Consortium. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. Fedora Local Security Checks Fedora Core is an RPM-based Linux distribution, developed by the community-supported Fedora Project and sponsored by Red Hat. The name derives from Red Hat's characteristic fedora used in its "Shadowman" logo. However, the Fedora community project had existed as a volunteer group providing extra software for the Red Hat Linux distribution before Red Hat got involved as a direct sponsor. Fedora aims to be a complete, general-purpose operating system built from open source software. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. Slackware Local Security Checks Slackware was one of the earliest Linux distributions, and is the oldest distribution still being maintained. It was created by Patrick Volkerding of Slackware Linux, Inc. It has a policy of incorporating only stable releases of applications, standing mainly for stability and simplicity. For a good while, other Linux distributions that came after it were in fact evaluated for their "Slackware compatibility". Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server. Web Servers The term Web server can mean one of two things: 1. A computer that is responsible for accepting HTTP requests from clients, which are known as Web browsers, and serving them Web pages, which are usually HTML documents and linked objects (images, etc.). 2. A computer program that provides the functionality described in the first sense of the term. The two most widely used web servers are Microsoft IIS and the open source Apache web server. Hacker Guardian identifies which web server(s) is/are running on a machine and runs a series of tests to determine whether they are vulnerable to attack. NIS The Network Information Service or NIS is Sun Microsystems' "Yellow Pages" (YP) client-server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. It is used for maintenance and distribution of a central directory of user and group information, hostnames, aliases and other text-based tables of information in a computer network. Obviously if the NIS was compromised, an attacker could have almost complete access to any user and server configuration data on a server. Hacker Guardian runs a set of stringent tests to determine whether the Network Information Service is vulnerable to exploit and attack.

11 Ubuntu Local Security Checks Ubuntu is a Linux distribution offering an operating system predominantly targeted at personal computers. Based on Debian GNU/Linux, Ubuntu concentrates on usability, freedom from restriction of use, regular releases, and ease of installation. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target server.

12 About Comodo Comodo is a leading global provider of Identity and Trust Assurance services on the Internet, with over 200,000 customers worldwide. Headquartered in Jersey City, NJ with global offices in the UK, Ukraine and India, the company offers businesses and consumers the intelligent security, authentication and assurance services necessary to ensure trust in online transactions. As a leading Certification Authority, and in combination with the Digital Trust Lab (DTL), Comodo helps enterprises address digital ecommerce and infrastructure needs with reliable, third generation solutions that improve customer relationships, enhance customer trust and create efficiencies across digital ecommerce operations. Comodo s solutions include SSL certificates, integrated Web hosting management solutions, web content authentication, infrastructure services, digital e-commerce services, digital certification, identity assurance, customer privacy and vulnerability management solutions. For additional information on Comodo Creating Trust Online please visit Comodo US Headquarters, 525 Washington Blvd., Jersey City, NJ Tel : COMODO.1 sales@comodo.com Comodo Group Inc., 3rd Floor, Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ, United Kingdom. Tel Sales: +44 (0) Fax Sales: +44 (0)