vulnerability testing approach prepared by: phil cheese nov 2008
Post on 20-Dec-2015
221 views
TRANSCRIPT
![Page 1: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/1.jpg)
Vulnerability Testing Approach
Prepared By: Phil Cheese
Nov 2008
![Page 2: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/2.jpg)
2
Outline
•Structure of Technology UK Security Team
•Why we test
•What we test
•When we test
•How we test
•Demo of a unix platform test
•Hot topics
•Questions and Answers
![Page 3: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/3.jpg)
3
UK Technology Security teams
SecurityConsultants
Security Monitoring
Mail, Logs, IDS, Firewall
Review New Systems
Vulnerability Test Team
Vulnerability
Testing
Security Operations
UK Tech. Security Mgr Group CISO
![Page 4: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/4.jpg)
4
Definition
Penetration testing v Vulnerability testing ?
•Wikepedia
“Security testing techniques scour for vulnerabilities or security holes in applications. These vulnerabilities leave applications open to exploitation. Ideally, security testing is implemented throughout the entire software development life cycle (SDLC) so that vulnerabilities may be addressed in a timely and thorough manner. Unfortunately, testing is often conducted as anafterthought at the end of the development cycle.”
Why ? – test against standards, identify misconfigurations, old vunerable versions of software, test drive
•Ethics & Legality
![Page 5: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/5.jpg)
5
Why testing
• Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost revenue due to unreliable business systems and processes.
• Proving due diligence and compliance to your industry regulators, customers and shareholders. Non-compliance can result in your organisation losing business, receiving heavy fines, gathering bad PR or ultimately failing. Protecting your brand by avoiding loss of consumer confidence and business reputation.
• vulnerability testing helps shape information security strategy through identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively; budget can be allocated and corrective measures implemented.
![Page 6: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/6.jpg)
6
Defining the scope
•Full-Scale vs. Targeted Testing
•Platform, Network, Database, Applications
•Remote vs. Local Testing
•In-house v outsourcing
![Page 7: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/7.jpg)
7
Defense in depth
• Application
• Database
• Operating System
• Network
![Page 8: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/8.jpg)
8
Tester
Sun Solaris
Application Server
HP-UX
Oracle DB
Redhat
Apache Web server
Network elements e.g SGSN’s, HLR’s
Windows File server
www.vodafone.co.uk
Nmap
Nessus
![Page 9: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/9.jpg)
9
Nmap
![Page 10: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/10.jpg)
10
Nessus
![Page 11: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/11.jpg)
11
Tester
Sun Solaris
Application Server
HP-UX
Oracle DB
Redhat
Apache Web server
Network elements e.g SGSN’s, HLR’s
Windows File server
www.vodafone.co.uk
Assuria
Agents
![Page 12: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/12.jpg)
12
Assuria Auditor Console
![Page 13: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/13.jpg)
13
Tester
Sun Solaris
Application Server
HP-UX
Oracle DB
Redhat
Apache Web server
Network elements e.g SGSN’s, HLR’s
Windows File server
www.vodafone.co.uk
NGS Squirrel
![Page 14: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/14.jpg)
14
NGS Squirrel
![Page 15: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/15.jpg)
15
Tester
Sun Solaris
Application Server
HP-UX
Oracle DB
Redhat
Apache Web server
Network elements e.g SGSN’s, HLR’s
Windows File server
www.vodafone.co.ukAppscan, Superwalk
![Page 16: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/16.jpg)
16
Appscan
![Page 17: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/17.jpg)
17
Backtrack
![Page 18: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/18.jpg)
18
Tester
Sun Solaris
Application Server
HP-UX
Oracle DB
Redhat
Apache Web server
Network elements e.g SGSN’s, HLR’s
Windows File server
www.vodafone.co.uk
Assuria CLI Remote test (Data Centre)
![Page 19: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/19.jpg)
19
Remote platform vulnerability assessment using Assuria Auditor & workbench via the command line• “It is better to voyage hopefully than to drive to Oldham”
• FTP and install scripts
• Run scans
• Copy off raw results files
• Generate csv files
• Import results into workbench
• Review scan results
• Producing reports
• Agreeing remedial actions and re-testing
![Page 20: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/20.jpg)
20
Log onto remote server
![Page 21: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/21.jpg)
21
FTP onto a remote server
![Page 22: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/22.jpg)
22
unzip tarball file
![Page 23: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/23.jpg)
23
![Page 24: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/24.jpg)
24
Areas checked by ‘Initial’ policies
The table below details the initial policies referenced against the areas checked.
Policy Name Area To Check
UNIX
NT
Initial-1 External Attack Network Services, Secure Files, Terminal Configuration
Network Services - FTP, RAS, Registry Access, Trust Relationships Logon Failure Auditing
Initial-2 Superusers Configuration Home Files, Environment Setuid Files
Accounts in Domain Admins and Administrators Groups, Audit Configuration, Examine Audit Logs
Initial-3 Ordinary Users General User Configuration, Home Files and Environment
Account Policy, User Properties, User Rights
Initial-4 Files And Devices Mount Points, Special Devices
Initial-5 System Files All Files in predefined directories(/usr/etc /lib Etc.) Frozen Files
Directories under %SYSTEMROOT%, Frozen Files. Sensitive Registry Keys
password Guessable passwords, password shadowing, user shared password, uid 0 user's home directories, default login environment
Forced password changes, password reuse settings, minimum password age and length, passwords required, password strength
![Page 25: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/25.jpg)
25
Run scans
![Page 26: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/26.jpg)
26
FTP results back to desktop
![Page 27: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/27.jpg)
27
Generate CSV files
![Page 28: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/28.jpg)
28
Import into Workbench
![Page 29: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/29.jpg)
29
Reconcile results
![Page 30: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/30.jpg)
30
Filter results
![Page 31: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/31.jpg)
31
Vulnerability testing - hot topics
• PCI-DSS – keeping Security vendor industry going!https://www.pcisecuritystandards.org/
• Appliances and automation – keep your auditors happyhttp://www.qualys.com/products/qg_suite/
http://www.ncircle.com/index.php?s=products
• Virtualisation and middleware vulnerabilities – don’t forget’em….
http://labs.mwrinfosecurity.com/
• Exploitation tools – Metasploit framework, Canvas, Core Impact. BEEF
http://www.metasploit.com/
http://www.immunitysec.com/
http://www.coresecurity.com/
http://www.bindshell.net/tools/beef
![Page 32: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/32.jpg)
32
Conclusions
• In depth, holistic approach to security testing
• Testing needs to take place during the development lifecycle
• Can be complex and time consuming
• Outsource specialist testing to third party vendors
• Commercial tools easy to maintain and use but can be expensive
• “A fool with a tool is still a fool”
• Results from tools need analysis and put into a ‘business risk’ context
![Page 33: Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008](https://reader034.vdocuments.mx/reader034/viewer/2022051315/56649d445503460f94a21409/html5/thumbnails/33.jpg)
33
Any Questions ?