Internet Security and Acceleration Server 2000 with Service Pack 1 Audit. An analysis by Foundstone, Inc.



Similar documents
Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

RSA SecurID Ready Implementation Guide

Firewall Firewall August, 2003

Locking down a Hitachi ID Suite server

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Security Technology: Firewalls and VPNs

Owner of the content within this article is Written by Marc Grote

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

CS5008: Internet Computing

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Networking for Caribbean Development

ICSA Labs Web Application Firewall Certification Testing Report Web Application Firewall - Version 2.1 (Corrected) Radware Inc. AppWall V5.6.4.

Foundstone ERS remediation System

Potential Targets - Field Devices

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

HoneyBOT User Guide A Windows based honeypot solution

10 Configuring Packet Filtering and Routing Rules

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Firewall Architectures of E-Commerce

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

CQG Trader Technical Specifications. December 1, 2014 Version

PROFESSIONAL SECURITY SYSTEMS

74% 96 Action Items. Compliance

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Vulnerabilities in SOHO VoIP Gateways

Network Configuration Settings

Network Security Audit. Vulnerability Assessment (VA)

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

CSCI Firewalls and Packet Filtering

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

IDS / IPS. James E. Thiel S.W.A.T.

Name. Description. Rationale

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Linux Network Security

Windows Remote Access

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Multi-Homing Dual WAN Firewall Router

IBM. Vulnerability scanning and best practices

RSA SecurID Ready Implementation Guide

Passing PCI Compliance How to Address the Application Security Mandates

Fifty Critical Alerts for Monitoring Windows Servers Best practices

The Nexpose Expert System

CMPT 471 Networking II

Chapter 4 Firewall Protection and Content Filtering

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

Installation and configuration guide

SECURITY ADVISORY FROM PATTON ELECTRONICS

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Total Defense Endpoint Premium r12

Learn Ethical Hacking, Become a Pentester

NEFSIS DEDICATED SERVER

Ignify ecommerce. Item Requirements Notes

Protecting Your Organisation from Targeted Cyber Intrusion

The Trivial Cisco IP Phones Compromise

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG)

Basic & Advanced Administration for Citrix NetScaler 9.2

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

Course Title: Penetration Testing: Security Analysis

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

GFI Product Manual. Deployment Guide

MANAGED SECURITY SERVICES

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Network Security Administrator

Targeted attacks: Tools and techniques

Cisco Advanced Services for Network Security

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson

Firewall VPN Router. Quick Installation Guide M73-APO09-380

How to set up popular firewalls to work with Web CEO

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

IBM Managed Security Services Vulnerability Scanning:

1. Server Microsoft FEP Instalation

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

How To Understand A Firewall

Cisco Application Networking Manager Version 2.0

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

Installation and configuration guide

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

Protecting Critical Infrastructure

Transcription:

Internet Security and Acceleration Server 2000 with Service Pack 1 Audit An analysis by Foundstone, Inc.

Internet Security and Acceleration Server 2000 with Service Pack 1 Audit This paper presents an overview of a security assessment conducted by Foundstone, Inc. of Microsoft Internet Security and Acceleration (ISA) Server 2000 after the addition of Service Pack 1 (SP1). This is the second security assessment of ISA Server 2000 performed by the experts at Foundstone. The initial audit was completed in February 2001, prior to the public release of the first version of ISA Server 2000. Foundstone conducted the current audit in the months preceding the public release of SP1 on 15-Feb-02. Foundstone s comprehensive product testing methodologies employed an array of security penetration techniques, commercial-grade stress testing and monitoring, and Foundstone s custom toolkit based on its FoundScan technology. Foundstone s analysis showed that SP1 improves the already solid security of ISA Server 2000. Foundstone is confident that ISA Server 2000 properly configured is an effective firewall in enterprise environments. Microsoft continues to subject ISA Server 2000 to regular audits by Foundstone, demonstrating the company s ongoing commitment to improving product security.

TABLE OF CONTENTS Introduction 1 Scope and Objectives 2 Background 4 Solution 5 Conclusion 6 Resources 7

Introduction Foundstone has conducted independent security evaluations for ISA Server 2000 since the product s initial release in late 2000. Foundstone s most recent audit, performed in late 2001, evaluated the ISA Server 2000 Service Pack 1 (SP1) update to the original product. Spanning more than 250 man-hours, the SP1 review involved a dedicated security team from Foundstone, including Joel Scambray, the author of Hacking Exposed Windows 2000. During the audit, Foundstone had full access to the ISA Server 2000 product and development teams. The Foundstone and ISA Server 2000 teams met weekly to discuss the assessment s progress. The audit employed Foundstone s product testing methodologies, which include the most up-to-date security tools and penetration techniques. Foundstone designed its ISA Server 2000 testing to circumvent selected network access control features and gauge SP1 s resistance to a denial-of-service (DoS) attack that would render a typical deployment inoperable. This whitepaper focuses on Foundstone s assessment of the enhanced security offered by SP1. It is based on test results and the ongoing communication between Foundstone and the ISA Server 2000 development team. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved 1

Scope and Objectives Foundstone s testing concentrated on the following features of ISA Server 2000 with SP1: Firewall Packet Filtering Application Filters SMTP HTTP Redirector POP Intrusion Detection DNS Intrusion Detection Web Publishing Intrusion Detection IP Spoofing Port Scanning Web Proxy Web Caching Management Policy Control Logging Reporting Alerts Foundstone also retested findings from its previous audit of SP1 and analyzed published SP1 vulnerabilities. Foundstone installed and configured ISA Server 2000 to simulate a real world Internet-connected environment. The product ran on a PC with dual 733Mhz Intel Pentium III CPUs, 512MB of RAM, Windows 2000 in integrated mode, including the H.323 gateway and the Message Screener. The cache size was 5GB. Intrusion detection, logging of allow packets, and IP routing were also enabled. Foundstone configured Internet Information Services (IIS) to use port 81 and IISAdmin to not use port 8080. This prevented conflicts with standard ISA Server 2000 proxy ports of 80 and 8080. SP1 installation completed the setup. Foundstone then applied its standard test methodologies, focusing on vulnerabilities and exploits present in real world environments. The first test was full network discovery and vulnerability scans of all available interfaces. Foundstone identified and analyzed all listening TCP and UDP services for vulnerabilities. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved 2

For portions of this testing, Foundstone utilized FoundScan, a vulnerability assessment and remediation tool developed by Foundstone. FoundScan remotely examines networks, databases, servers, off-the-shelf applications, and even custom web applications for vulnerabilities. Foundstone also performed a battery of firewall allowed traffic checks. These tests employ dozens of known techniques for bypassing IP packet filters, exploits which specifically target firewall products such as ISA Server 2000. Network protocol analysis helped identify potential security issues arising from session captures, replay attacks, and credential harvesting via product communications. After cataloging all product input facilities, Foundstone tested for buffer overflows using a looping, incremented test harness based on its NTOMax stress-testing tool. Foundstone also performed additional input validation testing using manual techniques. Finally, Foundstone attempted to subvert product functionality through software fault injection and various unauthorized or inappropriate activities. Although remote network penetration was its primary focus, Foundstone also attempted local exploitation and privilege escalation where appropriate. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved 3

Background: Testbed Instrumentation Foundstone uses internally developed custom hacking tools, including commercial-grade network eavesdropping devices, a diverse range of network and system-level software probes, and libraries of known exploit code covering popular applications and operating systems. During ISA Server 2000 testing, Foundstone logged all appropriate trans-firewall communications on both internal, perimeter, and external networks. To provide external confirmation and verification of its observations, Foundstone analyzed packet-level decodes both automatically and manually. Foundstone also continually monitored product performance to note any abnormal behavior. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved 4

Solution: Findings & Recommendations At the conclusion of testing, Foundstone provided a detailed report to Microsoft that included specific results, recommendations, and supporting test data. Findings highlighted ISA Server 2000 s many robust security features and recommended areas for improvement. The ISA Server 2000 development team promptly took action to improve the product and resolve concerns discovered during testing. Recommendations included: Tightening of default internal interface security Minor improvements to logging Web proxy HTTP caching Web publishing features Foundstone also noted that ISA Server 2000 s packet filters are adequately sealed against common packet manipulation attacks. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved 5

Conclusion In February 20, 2002, ISA Server 2000 celebrated its one year anniversary and the release of SP1. Based on Foundstone s assessment of SP1, the ISA Server 2000 team made several improvements to the product s security features. Additionally, Microsoft demonstrates its ongoing commitment to ISA Server 2000 security by submitting the product to periodic security audits of new Service Packs and updated versions. Foundstone is confident that ISA Server 2000 with SP1 competes well with other established products in its market. Security is a critical concern in the high-tech world. With its focus on security products such as ISA Server 2000 and its willingness to submit its products to outside technical review, Microsoft has demonstrated a strong commitment to improving enterprise-level security. Since ISA Server 2000 s initial release, Microsoft has made independent technical review of the product a top priority. Foundstone looks forward to performing additional assessments. Foundstone also notes that Microsoft has integrated independent security reviews with customer feedback to further enhance its products. SP1 adds significant improvements to the initial release of ISA Server 2000, for instance. Enhanced security features include: Improved stability Fixes for common issues reported through Microsoft Product Support Services (PSS) Fixes that allow operation within the Windows.NET Server Family Improvements in SSL publishing of Outlook Web Access (OWA) Server publishing improvements Rollup of previous patches Foundstone remains confident that Microsoft will deliver on its commitment to ISA Server 2000 security, as well as making security a top priority across its product line. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved 6

Resources Foundstone ISA Server 2000 Home ISA Server 2000 Technical Overview ISA Server 2000 Service Pack 1 ISA Server Resource Site http://www.foundstone.com http://www.microsoft.com/isaserver http://www.microsoft.com/technet/prodtechnol/isa/evaluate/isatecov.asp http://www.microsoft.com/isaserver/downloads/sp1.asp http://www.isaserver.org www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information