Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.



Similar documents
Foundstone ERS remediation System

Internet Security and Acceleration Server 2000 with Service Pack 1 Audit. An analysis by Foundstone, Inc.

Recommended IP Telephony Architecture

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Windows Remote Access

Networking for Caribbean Development

PCI Requirements Coverage Summary Table

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Security Considerations for DirectAccess Deployments. Whitepaper

COORDINATED THREAT CONTROL

Achieving PCI-Compliance through Cyberoam

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Chapter 9 Firewalls and Intrusion Prevention Systems

information security and its Describe what drives the need for information security.

Barracuda Web Site Firewall Ensures PCI DSS Compliance

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

74% 96 Action Items. Compliance

NETWORK SECURITY (W/LAB) Course Syllabus

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

INFORMATION SECURITY TRAINING CATALOG (2015)

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Firewalls. Chapter 3

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A Systems Engineering Approach to Developing Cyber Security Professionals

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Goals. Understanding security testing

March

Network and Host-based Vulnerability Assessment

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Passing PCI Compliance How to Address the Application Security Mandates

Network Virtualization Network Admission Control Deployment Guide

This chapter covers the following topics:

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Consensus Policy Resource Community. Lab Security Policy

PCI Requirements Coverage Summary Table

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Payment Card Industry Self-Assessment Questionnaire

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Certified Ethical Hacker Exam Version Comparison. Version Comparison

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

F5 and Microsoft Exchange Security Solutions

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Global Partner Management Notice

Topics in Network Security

Cisco Advanced Services for Network Security

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

Web Security School Final Exam

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Protecting Your Organisation from Targeted Cyber Intrusion

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Inspection of Encrypted HTTPS Traffic

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Building A Secure Microsoft Exchange Continuity Appliance

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:

Using Skybox Solutions to Achieve PCI Compliance

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Today's security needs in networking

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

SonicWALL PCI 1.1 Implementation Guide

How To Protect Your Network From Attack

How To Protect Your Network From Attack From Outside From Inside And Outside

TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS

GiftWrap 4.0 Security FAQ

Ovation Security Center Data Sheet

CS5008: Internet Computing

Achieving PCI Compliance Using F5 Products

Implementing Cisco IOS Network Security

Transcription:

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc. Foundstone Labs October, 2003

Table of Contents Table of Contents...2 Introduction...3 Scope and Approach...3 Assumptions...4 Findings and Recommendations...6 Conclusion...10 About Foundstone...11 Resources...12 www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 2

Introduction This paper presents an overview of the security assessment of Microsoft s System Architecture (MSA) 2.0 performed by Foundstone. The assessment entailed a detailed review of the appropriate documentation, interviews with key personnel and a penetration test of a pilot deployment to ensure that the architecture enforced a strong security posture. The goal of the exercise was to identify significant strengths and issues of concern both from an architectural and deployment perspective. Foundstone conducted the assessment in October 2003 in accordance with their comprehensive architecturereview methodology that employs an array of security penetration techniques and commercial-grade stress testing and monitoring. Foundstone s analysis showed that the MSA 2.0 architecture is in unison with the defense-in-depth principle of security, and is an in-depth reference for secure enterprise-network deployment using Microsoft technologies. Scope and Approach Foundstone analyzed the security framework of the MSA 2.0 architecture through design review and technical analysis of the framework as it was implemented in Microsoft s pilot laboratory environment. The following areas were examined: Documentation of Microsoft Systems Architecture 2.0 MSA Build Guide 2.0 MSA Planning Guide 2.0 MSA Operations Guide 2.0 MSA Deployment Kit 2.0 Reference Architecture Kit version 2.0 Implementation Kit versions 2.0 Pilot Deployment Security posture of Internet-facing MSA environment Logical controls to segment network zones Configurations of component servers and network devices Potential threat vectors to environment Foundstone s testing approach consisted of interviews with MSA development staff, design reviews, and technical analysis. Key design features and assumptions were documented, tested, and analyzed. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 3

The pilot deployment consisted of a full array of servers including DHCP, Database, Active Directory, Management, Web, WINS, DNS, Proxy, VPN, Backup, Print, DFS, Deployment, Storage Management, and Firewall servers. These servers were configured in a multi-tier environment, including Boarder, Perimeter, and Internal network zones. The few protocols that were available from the Internet consisted primarily of http and https Web services. From the Perimeter network, only services that were required to operate the business were explicitly allowed, including Web (http and https) and DNS (53). This deployment simulated a real-world enterprise environment which included servers, various protocols, and the diversity of platforms found in large modern companies. The guidelines in the MSA 2.0 documentation allow for scaling to smaller environments while still following the underlying principles of defense in-depth. Foundstone approached the review with standardized test methodologies to review the pilot deployment. This approach focused on real-world vulnerabilities and exploits applied against varying attack vectors. Multiprotocol discovery and vulnerability scans were utilized from various zones within the MSA to test the adequacy of ingress and egress network controls. Foundstone utilized Foundstone Enterprise, a vulnerability analysis and remediation software package during this testing phase. Foundstone also reviewed the configuration of servers and network devices to determine the appropriateness of host-based controls and security features such as auditing, logging, and host-based access. Assumptions Foundstone identified areas that require additional attention to ensure against negligence during the deployment process. Due to the existence of other Microsoft guidance, the following topics are outside of the scope of the MSA guidance. Although the architecture is believed to impart a sound security posture to an implementation in accordance with it, Foundstone and Microsoft believe that consideration and deployment of the followings technologies is important. Anti-Virus Software Development Anti-virus software deployment serves not only to protect the subject machines against virus and worm outbreaks, but also makes an attacker s task of uploading malicious executables extremely arduous. This further reinforces the compliance to a defense-in-depth approach to security. Patch Management Solutions and their Significance Effective patch management solutions such as Microsoft s Software Update Service (SUS) are addressed in the Microsoft Solution for Management (MSM). Hence, Patch Management is not addressed in the MSA guidance. Patch management is fundamental for an organization to keep up-to-date on security patches and hot fixes. Patch management also helps ensure that critical servers are not compromised by exploitation of well-known vulnerabilities. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 4

Use of IPsec Encryption between Critical Servers As discussed earlier, confidentiality is one of the three primary tenets of security. Foundstone recommended that due importance be given to the maintenance of confidentiality of data passing between critical servers (e.g., between a Web server and database) and appropriate solutions to achieve it (viz. IPSec encryption). IPSec encryption is discussed in the Security Architecture documentation as a mechanism to mitigate the impact of packet sniffing on the network. Un-Patched Internal Servers The Microsoft lab being assessed was updated with patches up to a specific date for testing purposes. Patches released after that date were not applied. This allowed Foundstone to attempt several exploits against vulnerabilities that were not patched, providing an accurate simulation of an un-patched or inadequately patched environment a common scenario. Attempts to exploit these vulnerabilities, however, were in vain due to appropriate application-level access controls in the form of an ISA server between the attacker's machine and the victim. This re-enforced the defense-in-depth strategy recommended by the MSA 2.0 architecture documentation. Secure Configuration of Wireless Deployments Wireless technologies are being deployed as a last-hop solution in corporate environments at an everincreasing rate. Wireless networking implementation was not covered in the current MSA release. However, this topic was covered to some extent in the Microsoft Solutions for Security Securing Wireless Networking guide. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 5

Findings and Recommendations Following interviews, the documentation review, and laboratory testing, Foundstone presented the results and recommendations to Microsoft s System Architecture team. Documentation and Architecture Foundstone believes that the extensive coverage of the following subjects in the documentation and design will contribute to a strong security posture when appropriately applied. The following areas are highlighted requirements within the Microsoft Systems Architecture 2.0 documentation: Findings Segregation of the Network into Pertinent Zones Segregation of the network into security zones not only facilitates the implementation of mitigation strategies through aggregation but also limits the influence of an attacker in case of a compromise. Hardening of Servers at the Host Level Hardening at the host level ensures against extensive compromise of the entire environment, even in the event of circumvention of the firewall rule sets. This step entails running minimal services on the host, implementing appropriate password complexity requirements, and setting appropriate registry settings to prevent unauthorized access to the machine over the network. Encryption Mechanisms Implementation of strong encryption mechanisms protects the confidentiality of critical data traversing the network by making it undecipherable to packet sniffers. This is of paramount importance in maintaining confidentiality one of the three tenets of security, along with integrity and availability. Application Level Security Enhancements Application level attacks are transparent to conventional firewalls. Thus, additional inspection of layer-7 data is necessary to prevent the acceptance of malicious URLs which may result in system or data compromise. The documentation stresses this fact through the discussion of HTML filters. Physical Security Mechanisms for Critical Servers Physical security is an often-neglected aspect of IT security. However, it is a vital component of a secure implementation. The overall security posture of the network can be severely undermined by an attacker gaining unauthorized physical access to critical servers. Emphasis on Defense-in-depth The documentation appropriately emphasizes conformance to the defense-in-depth principle, to ensure that a single compromise due to potential zero-day vulnerabilities does not allow the attacker to expand his or her influence throughout the environment. This is achieved by implementing multiple layers of security mechanisms at the host, network, data, and application layers to ensure a safe fail throughout the network. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 6

Establishment of a Risk Assessment Process The risk assessment process has been given due significance in the documentation. A well-defined risk assessment process ensures that all threats to the environment have been identified and that the consequential risks have been accepted, rejected, or mitigated. The continuity of the process also ensures that the security posture of the environment is maintained at a high level, despite the advent of new threats. Recommendations Although an implementation in accordance with the described architecture may impart a sound security posture, Foundstone identified areas that could be further emphasized in the documentation to ensure against negligence through the deployment process. Additional attention to these topics will aide in creating a more secure infrastructure. The following list describes these topics: Use of IPsec Host-Based Filtering on Key Infrastructure Components Although the DMZ domain controllers were on a physically separate network segment than the front-side of the multi-homed, Internet-connected servers, Foundstone still recommended utilizing the additional protection that IPsec host-based port filters provide. This helps protect the components against unauthorized access in case other elements in the DMZ are compromised. Centralized logging mechanisms to effectively support intrusion detection Intrusion detection can by facilitated through the implementation of centralized logging mechanisms. Centralized logs not only sufficiently mitigate the deletion of security logs by a potential attacker but also greatly simplify the correlation process to effectively detect an intrusion at the earliest possible moment. Ethernet Port Security The MSA 2.0 architecture addresses packet sniffers as a potential intrusion threat, and it references various techniques to limit the effects of sniffing with malicious intent. These techniques include the use of strong authentication, a switched infrastructure, anti-sniffing technology, and cryptography to good effect. However, the architecture does not cover the subject of binding Ethernet ports to specific MAC addresses to limit sniffing in a switched environment through ARP spoofing. Foundstone believes that this topic requires more coverage as an anti-sniffing measure that can be easily deployed by most organizations. Penetration Test Foundstone performed the penetration test, both from the perspective of an anonymous Internet surfer with malicious intent, and an attacker who had gained access to the DMZ and was attempting to expand his influence and penetrate into the internal corporate network. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 7

Findings The pilot deployment implemented in accordance with the underlying principles of the MSA 2.0 reference architecture was found to be sound from a security standpoint. Foundstone identified the following significant strengths in the deployment: Minimal Exposure of Services to the Internet Ports scanning the infrastructure deployed in accordance with the MSA 2.0 reference architecture revealed that only necessary services, defined in this case as HTTP (port 80), HTTPS (port 443), and DNS (port 53) on select servers, were accessible from the Internet,. Foundstone considered this to be a positive result from following the MSA 2.0 design, as exposure of additional (potentially unnecessary) services to the Internet may have provided an attacker with additional entry points into the DMZ. Out-of-Band Management Channel The deployment used a physically-separate network to transmit management traffic. This is a recommended practice to prevent the sniffing and/or alteration of critical management data including administrative credentials. Foundstone considered this to be a positive result from following the MSA 2.0 design. Secure Configuration of Web Servers and their Underlying Operating Systems In general, the Web servers and their underlying operating systems were found to be deployed following Microsoft s recommended build documents. They were also identified as up-to-date on security patches and hot fixes at the time the documentation was created. This mitigates the risk of a script kiddie or worm from gaining access to the server through the exploitation of an existent well-known vulnerability. Foundstone also considered this a positive result from following the MSA 2.0 design. Sound Configuration of Application-Layer Firewalls The external firewall protecting the DMZ from the Internet and the internal firewall protecting back-end databases from the DMZ servers were found to be properly configured and deployed. This prevented any attempts of unauthorized access against these critical infrastructure components. Foundstone also considered this to be a positive result from following the MSA 2.0 design. In addition, application firewall features were enabled at the perimeter; adding an even deeper level of security at the critical border between the public Internet and the enterprise DMZ. Recommendations Foundstone did identify some minor issues of concern. These issues were not considered a serious risk to the environment as they could not be successfully exploited to gain unauthorized access to any component of the infrastructure. These issues include the following: Web Servers Support Export Grade (weak) SSL Ciphers Web servers in the DMZ were found to be compatible to export grade (40 bit) SSL ciphers. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 8

Foundstone recommended the use of 128-bit ciphers only, as they alone are considered adequate to prevent against the exposure of encrypted data. To overcome limitations imposed on the export of cryptography, Foundstone recommended referring to Microsoft s Server Gated Cryptography (SGC) technology. Foundstone also recommended that this issue be given due importance in the MSA 2.0 architecture documentation. Inconsistent Permission of ICMP from the Internet into the DMZ Permitting the use of the Internet Control Message Protocol (ICMP) on the network can provide an attacker with the means of launching a denial-of-service attack against critical day-to-day business operations. It can also be leveraged as an effective covert channel. Foundstone recommended that ICMP packets be disallowed by periphery firewalls. Though the deployment under review did abide by this policy, the denial of ICMP packets was not consistent and comprehensive. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 9

Conclusion Foundstone concluded that the MSA 2.0 architecture emphasized the defense-in-depth principle of security through every step of the implementation and documentation. This can be attributed to the appropriate emphasis on segmentation of infrastructure components coupled with the extensive incorporation of accesscontrol mechanisms at appropriate places in the environment. The significance of this conformance was highlighted by the minimal impact of the high-risk buffer overflow vulnerability discovered on several servers within the internal network. Without these controls in place, the test may have resulted in the complete compromise of several critical servers. Foundstone also identified several areas requiring further emphasis to enhance the security posture imparted by the architecture. These include: patch management, IPsec filtering and encryption, anti-virus software deployment, and intrusion detection. Most of these issues can be addressed by reading the documentation referenced on several of these topics earlier in this paper. On the whole, Foundstone believes that the MSA 2.0 architecture is an excellent reference for secure enterprise network deployment providing sufficient flexibility to adapt to varying business needs and sizes. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 10

About Foundstone Foundstone Inc., experts in strategic security, offers a unique combination of software, services, and education to help organizations continuously and measurably protect the most important assets from the most critical threats. Through a strategic approach to security, Foundstone identifies and implements the right balance of technology, people, and process to manage digital risk and leverage security investments more effectively. The company has one of the most dominant security talent pools ever assembled, and has authored ten books, including the best seller Hacking Exposed. Foundstone is headquartered in Orange County, CA, and has offices in New York, Washington, D.C., and Seattle. For more information about Foundstone and Foundstone Enterprise Risk Solutions, visit www.foundstone.com, or call 877.91.FOUND within the U.S, and 949.297.5600 outside the U.S. www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 11

Resources Foundstone http://www.foundstone.com MSA 2.0 http://www.microsoft.com/wssra Microsoft Patch Management http://www.microsoft.com/technet/itsolutions/techguide/msm/default.mspx IPsec Encryption Services http://www.microsoft.com/resources/documentation/windowsserv/2003/all/techref/enus/w2k3tr_ipsec_intro.asp www.foundstone.com 2003 Foundstone, Inc. All Rights Reserved - 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information