Scribd Logo
Carica

Benvenuto in Scribd!

  • Security Audit

    Caricato da

    mraiyan4590
    137 visualizzazioni29 pagine
    The document provides a summary of a security assessment conducted by Perimeter eSecurity for Resonant Technology Partners in February 2012. The assessment found some vulnerabilities in the internal network and network operating system, including insecure applications and services running, and weak login and password settings. The report recommends short term actions to disable unnecessary services, ensure latest patches, strengthen access controls, and enable auditing. No long term recommendations are provided.

    Descrizione originale:

    audit

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    The document provides a summary of a security assessment conducted by Perimeter eSecurity for Resonant Technology Partners in February 2012. The assessment found some vulnerabilities in the internal network and network operating system, including insecure applications and services running, and weak login and password settings. The report recommends short term actions to disable unnecessary services, ensure latest patches, strengthen access controls, and enable auditing. No long term recommendations are provided.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    137 visualizzazioni29 pagine

    Security Audit

    Caricato da

    mraiyan4590
    The document provides a summary of a security assessment conducted by Perimeter eSecurity for Resonant Technology Partners in February 2012. The assessment found some vulnerabilities in the internal network and network operating system, including insecure applications and services running, and weak login and password settings. The report recommends short term actions to disable unnecessary services, ensure latest patches, strengthen access controls, and enable auditing. No long term recommendations are provided.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 29

    Security Assessment Volume I Executive Report

    Resonant Technology Partners

    February 2012 CONFIDENTIAL

    RESONANT TECHNOLOGY PARTNERS VOLUME I EXECUTIVE REPORT

    Table of Contents
    EXECUTIVE SUMMARY........................................................................................................................... 3 NETWORK ASSESSMENT ........................................................................................................................ 4 Network Assessment Overview .................................................................................................................................5 External Network Findings ........................................................................................................................................6 Internal Network Findings .........................................................................................................................................7 Network Operating System Findings .........................................................................................................................8 Sample Host Findings................................................................................................................................................9 Key Recommendations ............................................................................................................................................ 10

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 2 of 10

    RESONANT TECHNOLOGY PARTNERS VOLUME I EXECUTIVE REPORT

    Executive Summary
    Resonant Technology Partners has become increasingly dependent on systems operating on their network to provide adequate security of private information and prevent the disclosure of such information. However, these systems are increasingly vulnerable to a variety of common attacks that take place frequently on corporate networks. To assess how vulnerable their systems may be, Resonant Technology Partners engaged Perimeter eSecurity to conduct an extensive review of their security infrastructure in February 2012. During the review, Perimeter performed a comprehensive security assessment, which involved assessing the overall integrity of the network and critical IT resources. To effectively protect private information and company resources from exposure, Resonant Technology Partners should address the identified key findings noted in this report. PLEASE NOTE: Professional judgment was used in reaching the conclusions and recommendations presented, and while Perimeter has exercised due care in the performance of this engagement, it should be recognized that other parties may evaluate the results differently and draw different conclusions.

    The following summarizes the key recommendations resulting from the assessment: Short Term Recommendations Disable all unnecessary network services. Ensure that all equipment has the latest security patches installed. Implement stronger network access controls. Enable comprehensive security event auditing on all systems. Secure all necessary network services. Long Term Recommendations None

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 3 of 10

    RESONANT TECHNOLOGY PARTNERS VOLUME I EXECUTIVE REPORT

    Network Assessment
    Perimeter eSecurity conducted a network vulnerability assessment for Resonant Technology Partners in February 2012. The primary objective of the vulnerability assessment was to assess the overall security level of Resonant Technology Partnerss network environment. This review involved a comprehensive assessment of critical network resources and systems. The following is a detailed breakdown of the methodology utilized by Perimeter to perform this part of the assessment. 1. Information gathering - Documentation on the network is gathered during this phase, such as server/device listings, IP address ranges, and network diagrams. Initial discovery scans are run on all applicable address ranges in the network to verify the accuracy of the information provided from the documentation and identify any discrepancies. 2. Vulnerability testing - A variety of methods and techniques are used during this phase to assess the integrity and overall level of security of the network. Network vulnerability scans, host vulnerability scans, manual checks, and password audits, among other tasks, are performed on the external network, internal network, network operating system, and specific hosts. The scans and checks incorporate testing of the latest vulnerabilities and exploits. 3. Analysis of findings - The data generated from the vulnerability tests are compiled and a thorough and comprehensive analysis is performed. Findings are analyzed to determine the criticality and potential impact each can have on the environment. Checks are performed on the affected systems to eliminate false positives and mitigated vulnerabilities. 4. Development of recommendations - Upon completion of the findings analysis, steps and recommendations are developed to address or mitigate the risks associated with the various vulnerabilities identified. Recommendations are made based on security best practices and commonly accepted security principals.

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 4 of 10

    RESONANT TECHNOLOGY PARTNERS VOLUME I EXECUTIVE REPORT


    Network Assessment Overview
    The following graph depicts the relative risk level of each category covered during the assessment and the overall risk rating of the network. The overall rating is calculated by factoring the risk level of each area and adjusting the factor appropriately based on how important that particular area is. Network Security Rating = 2

    Area Assessed External Network

    Importance

    Category High

    Risk Level Medium Low

    High

    Application Integrity System Integrity

    Internal Network

    Medium

    Application Integrity System Integrity

    Network Operating System

    Medium

    Access Control Audit Settings User Account Security

    Sample Hosts

    Low

    Audit Settings File Security Security Patches User Account Security

    1 (Excellent) 2 (Good) 3 (Average)

    Organization exhibits a very strong and secure network environment overall. Organization exhibits a safe and sound network overall, only modest vulnerabilities exist. Organization exhibits a generally safe network, vulnerabilities that range from moderate to somewhat serious exist. Organization exhibits an unsafe network, some serious vulnerabilities exist. Organization exhibits a very unsafe network, several critical vulnerabilities exist.

    4 (Poor) 5 (Inadequate)

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 5 of 10

    RESONANT TECHNOLOGY PARTNERS VOLUME I EXECUTIVE REPORT


    External Network Findings
    The following outlines the categories covered during the external network assessment and the associated findings of each. Application Integrity reflects the overall security level of third party applications and programs running on external devices. System Integrity reflects the overall security level of processes and features that are inherent to the external devices tested.
    Category Risk Key Findings No significant application integrity findings identified. There were no significant weaknesses identified in the configuration and setup of the network components. An adequate and acceptable level of security has been attained in this category with regards to best practices.

    Application Integrity

    Low

    System Integrity

    Low

    No significant system integrity findings identified. There were no significant weaknesses identified in the configuration and setup of the network components. An adequate and acceptable level of security has been attained in this category with regards to best practices.

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 6 of 10

    RESONANT TECHNOLOGY PARTNERS VOLUME I EXECUTIVE REPORT


    Internal Network Findings
    The following outlines the categories covered during the internal network review and the associated findings of each. Application Integrity reflects the overall security level of third party applications and programs running on internal machines. System Integrity reflects the overall security level of processes and features that are inherent to the internal machines tested.
    Category Risk Key Findings Insecure application services running. There were application services identified that have not been properly secured. This increases the exposure and risk to the network by potentially providing channels for attackers to exploit.

    Application Integrity

    Med

    System Integrity

    High

    Insecure services running. There were network services identified that have not been properly secured. This increases the exposure and risk to the network by potentially providing channels for attackers to exploit.

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 7 of 10

    RESONANT TECHNOLOGY PARTNERS VOLUME I EXECUTIVE REPORT


    Network Operating System Findings
    The following outlines the categories covered during the network operating system security review and the associated findings of each. Access Controls govern the network login process and password requirements. Audit settings reflect the type of network activity that is being logged. User Account Security reflects the overall integrity of network user accounts and account administration.
    Category Risk Key Findings Some weak login settings identified. Settings governing the login process are not stringent enough. Weak login settings increase the exposure and risk of the network by making it easier for attackers to attempt to gain access the network. Significant settings noted were: lockout time is too low, number of failed login attempts too high Med Some weak password settings identified. Settings governing the design and administration of passwords are not stringent enough. Weak settings increase the exposure and risk of the network by making it easier for attackers to compromise passwords. Significant settings noted were: maximum password age too high

    Access Controls

    Audit Settings

    Med

    Some security events are not being audited. Security event auditing is enabled, however, some critical events are not selected for audit. Not auditing all critical events may allow suspicious or unauthorized activity to occur unnoticed.

    User Account Security

    Low

    No significant user account security findings identified. There were no significant weaknesses identified in the network accounts and account settings. An adequate and acceptable level of security has been attained in this category with regards to best practices.

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 8 of 10

    RESONANT TECHNOLOGY PARTNERS VOLUME I EXECUTIVE REPORT


    Sample Host Findings
    The following outlines the categories covered during the host security review and the associated findings of each. Audit settings reflect the type of security activity that is logged. File/Directory Security reflects the security level and integrity of critical folders. Security Patch Levels indicate the extent to which patches have been applied. User Account Security reflects the overall integrity of user accounts and account administration.
    Category Risk Key Findings Some security events are not being audited. Security event auditing is enabled, however, some critical events are not selected for audit. Not auditing all critical events may allow suspicious or unauthorized activity to occur unnoticed.

    Audit Settings

    Med

    File Security

    Low

    No significant file/directory security findings identified. There were no significant weaknesses identified in the file/directory security of the servers tested. An adequate and acceptable level of security has been attained in this category with regards to best practices.

    Security Patches

    Med

    Some security patches not installed. Patches address known security vulnerabilities on servers. Because the latest patches are not installed, attackers may exploit these vulnerabilities to compromise or gain access to the server.

    User Account Security

    Low

    No significant user account security findings identified. There were no significant weaknesses identified in the network accounts and account settings. An adequate and acceptable level of security has been attained in this category with regards to best practices.

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 9 of 10

    RESONANT TECHNOLOGY PARTNERS VOLUME I EXECUTIVE REPORT


    Key Recommendations

    Disable all unnecessary network services. The best way to protect against attack through a network service is to disable it altogether. Disabling unnecessary services will limit the possible options and opportunities an attacker has in attempting to access the network. Ensure that all equipment has the latest security patches installed. Vendor supplied security patches address known exploits and weaknesses. Installing the latest security patches will ensure that equipment is protected against such known flaws and vulnerabilities. Enable comprehensive security event auditing on all systems. Auditing all critical and important security events will provide the information needed to identify and detect malicious and unauthorized activity, as well as provide logs and data that can serve as key evidence in legal procedures. Implement stronger network access controls. Implementing and enforcing strict network access controls, such as login, authentication, and password requirements, will reduce the risk of unauthorized use of the network and company resources. Secure all necessary network services. Services are typically the only means by which external parties can gain access to the network. Restricting and securing network services will help to prevent the exploitation and misuse of such services by unauthorized and malicious users.

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 10 of 10

    Network Security Assessment Volume II Detailed Findings

    Resonant Technology Partners

    February 2012 CONFIDENTIAL

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS <CLIENT> Table of Contents VOLUME II DETAILED FINDINGS
    ASSESSMENT OVERVIEW ................................................................................................................. 3 EXTERNAL NETWORK ASSESSMENT ............................................................................................ 4 External Assessment Approach ..................................................................................................... 4 External Vulnerabilities Overview................................................................................................. 5 External Vulnerabilities Detail ...................................................................................................... 6 External Services Detected ............................................................................................................ 7 INTERNAL NETWORK ASSESSMENT ............................................................................................. 8 Internal Assessment Approach ...................................................................................................... 8 Internal Vulnerabilities Overview.................................................................................................. 9 Internal Vulnerabilities Detail...................................................................................................... 10 NETWORK OPERATING SYSTEM ASSESSMENT ....................................................................... 13 Network Operating System Assessment Approach ...................................................................... 13 Network Operating System Vulnerabilities Overview.................................................................. 14 Network Operating System Vulnerabilities Detail ....................................................................... 15 HOST ASSESSMENT .......................................................................................................................... 17 Host Assessment Approach ......................................................................................................... 17 Host Vulnerabilities Overview .................................................................................................... 18 Host Vulnerabilities Detail .......................................................................................................... 19

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 2 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS <CLIENT> Assessment Overview

    VOLUME II DETAILED FINDINGS

    Resonant Technology Partners has become increasingly dependant on systems operating on their network. Many of these systems have become critical to business operations. However, these systems are increasingly vulnerable to a variety of common attacks that take place frequently on corporate networks. To assess how vulnerable their business critical systems may be to these types of attacks, Resonant Technology Partners asked Perimeter ESecurity to conduct an extensive security review of their network environment. Perimeter performed a comprehensive network assessment, which involved assessing the overall design and integrity of the external network, internal network, network operating system, and a representative sample of servers. Perimeter used a variety of assessment tools, techniques, and methods to identify existing deficiencies and vulnerabilities. Our analysis of these areas was compared against security industry best practices and recommendations were made on the basis of those comparisons. To effectively protect company resources from exposure, Resonant Technology Partners should address the identified key improvement areas and findings noted in this report. PLEASE NOTE: All vulnerabilities recorded and identified in this assessment are regarded as POTENTIAL vulnerabilities and need to be further validated in order to determine if they are real and exploitable in your environment. Many vulnerabilities cannot be completely confirmed due to the potential disruption or damage doing so may cause. In addition, due diligence and care must be taken before implementing any of the recommended changes, as changes to production systems may cause disruptions or irreparable damage. Perimeter ESecurity is not responsible for any problems or issues resulting from the implementation of these recommendations.

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 3 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS

    External Network Assessment <CLIENT>


    External Assessment Approach

    VOLUME II DETAILED FINDINGS

    As part of the network vulnerability assessment, Perimeter conducted an assessment targeting publicly accessible devices/servers. The objective of the review was to perform controlled diagnostic activities to assess the level of security on devices and servers accessible from the Internet. The following were included in the scope of the assessment.

    Ranges Scanned
    IP Address Range

    24.242.162.242

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 4 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    External Vulnerabilities Overview

    <CLIENT> II DETAILED FINDINGS A variety of vulnerabilities were discovered as a VOLUME result of the external assessment. The following summary graph was
    compiled outlining the total vulnerabilities grouped by criticality.

    Total External Vulnerabilities

    5 4 3 2 1 0 Total High 0 Medium 0 Low 0

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 5 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    External Vulnerabilities Detail

    <CLIENT> VOLUME II DETAILED FINDINGS The following is a detailed breakdown of the specific vulnerabilities identified during the external assessment.
    ** There are no vulnerabilities identified as a result of the external assessment **
    Risk Level Vulnerability Description Recommendation Equipment Affected

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 6 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    External Services Detected

    <CLIENT> VOLUME II DETAILED FINDINGS The following section is a detailed breakdown of the services identified during the external assessment.
    IP Address 24.242.162.242 Service Name ssl/http MICROSOFT-RDP Port Number 443 3389 Type TCP TCP

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 7 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS

    Internal Network Assessment <CLIENT>


    Internal Assessment Approach

    VOLUME II DETAILED FINDINGS

    As part of the network vulnerability assessment, Perimeter conducted an assessment targeting network devices/servers on the private LAN/WAN. The objective of the review was to perform controlled diagnostic activities to assess the level of security on devices and servers accessible from the internal network. The following were included in the scope of the assessment.

    Devices/Servers Tested
    IP Address 10.10.10.1 10.10.10.5 10.10.10.7 10.10.10.8 10.10.10.50 10.10.10.52 10.10.10.53 10.10.10.80 10.10.10.82 10.10.10.84 10.10.10.253 10.10.10.253 Type Firewall Switch Domain Controller Application Server Domain Controller Application Server Application Server Application Server Application Server Application Server Router Router Operating System Cisco IOS Cisco IOS Windows 2003 Server Windows 2003 Server Windows 2003 Server Windows 2003 Server Windows 2003 Server Windows 2003 Server Windows 2003 Server Windows 2003 Server Cisco IOS Cisco IOS Hostname N/A N/A RTPDC02 RTPBDR01 RTPSBS01 RTPTS01 RTPTS01 EMAIL SERVICEDESK SUPPORT N/A N/A

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 8 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    Internal Vulnerabilities Overview

    <CLIENT> II DETAILED FINDINGS A variety of vulnerabilities were discovered as a VOLUME result of the internal assessment. The following summary graph was
    compiled outlining the total vulnerabilities grouped by criticality.

    Total Internal Vulnerabilities

    12 9 6 3 0 Total

    High 1

    Medium 3

    Low 7

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 9 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    Internal Vulnerabilities Detail

    <CLIENT> VOLUME II DETAILED FINDINGS The following is a detailed breakdown of the specific vulnerabilities identified during the internal assessment.
    Risk Level 3 High Vulnerability Default community names of the SNMP Agent Description The SNMP default public community name is specified, allowing anyone the ability to change the host systems information if they use this default value. An attacker can use SNMP to obtain valuable information about the system, such as information on network devices and current open connections. A TFTP server is listening on the remote host. The remote host has a TFTP server installed that is serving one or more Cisco CallManager files. These files do not themselves include any sensitive information, but do identify the TFTP server as being part of a Cisco CallManager environment. The CCM TFTP server is an essential part of providing VOIP handset functionality, so should not be exposed to unnecessary scrutiny. 2 Med Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability The remote version of Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man in the middle attack. An attacker may exploit this flaw to decrypt communications between client and server and obtain sensitive information (passwords, ...). The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. Recommendation Disable the SNMP service if not required. If necessary, change the default community name to something that is complex and very difficult-to-guess. Equipment Affected 10.10.10.53

    2 Med

    Cisco CallManager TFTP File Detection

    If it is not required, disable or uninstall the TFTP server. Otherwise restrict access to trusted sources only.

    10.10.10.1

    Force the use of SSL as a transport layer for this service. Reference: http://www.oxid.it/download s/rdp-gbu.pdf http://www.securityfocus.co m/bid/13818 Reconfigure the affected application if possible to avoid use of weak ciphers. Reference: http://www.openssl.org/docs /apps/ciphers.html

    10.10.10.50 10.10.10.80

    2 Med

    Weak Supported SSL Ciphers Suites

    10.10.10.50 10.10.10.80

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 10 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    Risk Level 1 Low Vulnerability Deprecated SSL Protocol Usage Recommendation Equipment <CLIENT> Affected VOLUME II DETAILED FINDINGS Disable SSL 2.0 or upgrade 10.10.10.7 The remote service accepts Description connections encrypted using SSL 2.0, which reportedly suffers from several flows. An attacker may exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. The Patch level (Service Pack) of the remote IIS server appears to be lower than the current IIS service pack level. As each service pack typically contains many security patches, the server may be at risk. NOTE: This test makes assumptions of the remote patch level based on static return values (Content-Length) within a IIS Server's 404 error message. As such, the test can not be totally reliable and should be manually confirmed. 1 Low Microsoft IIS Authentication Method Enumeration The remote web server is affected by an information disclosure vulnerability The remote host appears to be running a version of IIS which allows remote users to determine which authentication schemes are required for confidential web pages. That is, by requesting valid web pages with purposely invalid credentials, you can ascertain whether or not the authentication scheme is in use. This can be used for brute-force attacks against known USerIDs. See also : http://marc.info/?l=bugtraq m=101535399100534 w=2 If the application allows, disable any authentication methods that are not used in the IIS Properties interface. 10.10.10.80 10.10.10.50 to the latest version of SSL. 10.10.10.8 10.10.10.50 10.10.10.80

    1 Low

    IIS Service Pack 404

    Ensure that the server is running the latest stable Service Pack.

    10.10.10.52 10.10.10.82 10.10.10.84

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 11 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    Risk Level 1 Low Vulnerability SSH protocol version 1 enabled Recommendation Equipment <CLIENT> Affected VOLUME II DETAILED FINDINGS The remote SSH daemon supports Disable compatibility with 10.10.10.1 Description connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. version 1 of the protocol. If you use OpenSSH, set the option 'Protocol' to '2' If you use SSH.com's, set the option 'Ssh1Compatibility' to 'no' Purchase or generate a new SSL certificate to replace the existing one. 10.10.10.50 10.10.10.80 10.10.10.254 10.10.10.5 10.10.10.254

    1 Low

    SSL Certificate Expiry

    This script checks expiry dates of certificates associated with SSLenabled services on the target and reports whether any have already expired or will expire shortly. The remote host is running Terminal Services Server. The encryption settings used by the remote service is not FIPS-140 compliant.

    1 Low

    Terminal Services Encryption Level is not FIPS-140 compliant

    Change RDP encryption level to: 4. FIPS Compliant

    10.10.10.80 10.10.10.82 10.10.10.7 10.10.10.8 10.10.10.50 10.10.10.84 10.10.10.52 10.10.10.50

    1 Low

    VNC running

    The remote server is running VNC. VNC permits a console to be displayed remotely. An attacker can potentially compromise this service to take control of the system.

    Disable the service if not necessary. If required, ensure that it is secured with a difficult-to-guess password and shut down when not in use.

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 12 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS

    Network Operating System Assessment <CLIENT>


    Network Operating System Assessment Approach

    VOLUME II DETAILED FINDINGS

    As part of the network vulnerability assessment, Perimeter conducted a vulnerability assessment targeting Resonant Technology Partnerss network operating system environment. The objective of the review was to perform diagnostic activities using host based assessment tools to assess its overall level of security. The following network operating system was included in the scope of the assessment.

    Network Operating System Tested


    Name RTP Type Windows Active Directory

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 13 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    Network Operating System Vulnerabilities Overview

    A variety of vulnerabilities summary graph was compiled outlining the total vulnerabilities grouped by criticality.

    <CLIENT> II DETAILED FINDINGS were discovered as VOLUME a result of the network operating system assessment. The following

    Total Network Operating System Vulnerabilities

    15 12 9 6 3 0 Total Hi gh 0 Medium 4 L ow 3

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 14 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    Network Operating System Vulnerabilities Detail
    assessment.

    <CLIENT> VOLUME II DETAILED FINDINGS The following is a detailed breakdown of the specific vulnerabilities identified during the network operating system

    Risk Level 2 Med

    Vulnerability Lockout time is too low.

    Description The time an account remains locked out after login failure is too short. If an account is reinstated automatically, it will allow an attacker to continue with his attack. The maximum password age is set too high. This gives anyone with a stolen password long-term access to that account. The number of bad logon attempts that is allowed before the system locks out an account is set too high. This increases the chance that a logon attack will be successful. Security event audit settings were not stringent enough in accordance with best practices. Unauthorized access and/or events may go unnoticed until systems have been completely compromised.

    Recommendation Set the account lockout time to forever in accordance with best practices.

    Equipment Affected RTP

    2 Med

    Maximum password age too high.

    Set the maximum password age to at most 60 days in accordance with best practice standards. Set the number of bad logon attempts allowed to 5 in accordance with best practices.

    RTP

    2 Med

    Number of bad logon attempts too high.

    RTP

    2 Med

    Security event settings too weak.

    Enable security event auditing for all critical events in accordance with best practices. The following events should be audited: Success and Failure: Account management Object access Policy changes System events Failure: Account logon Directory service access Logon events Privileged use

    RTP

    1 Low

    Counter reset time is too low.

    The counter reset time is set too low. Logon attempts can occur more frequently since the number of bad logon attempts is reset to 0 quicker.

    The counter rest time should be set to at least 60 minutes.

    RTP

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 15 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    Risk Level 1 Low Vulnerability Default Guest account not renamed. Description The guest account on the system has not been renamed. This account is a well-known user and is a typical first target for a break-in. Even though this account is disabled, it should be renamed in case it is accidentally or intentionally enabled. Recommendation <CLIENT> Equipment Affected

    VOLUME IIRename DETAILED FINDINGS RTP this account to


    something inconspicuous.

    1 Low

    Minimum password age too low.

    Users are permitted to change their passwords too quickly. This gives users the ability to change their passwords to a previous one or cycle through their history quickly, defeating the requirement to change the passwords on a regular basis.

    Set the minimum password age to at least 7 days in accordance with best practice standards.

    RTP

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 16 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS

    Host Assessment <CLIENT>


    Host Assessment Approach

    VOLUME II DETAILED FINDINGS

    As part of the network vulnerability assessment, Perimeter conducted a vulnerability assessment targeting a representative sample of Resonant Technology Partnerss hosts. The objective of the review was to perform diagnostic activities using host based assessment tools to assess their overall level of security. The following hosts were included in the scope of the assessment.

    Hosts Tested
    IP Address 10.10.10.7 10.10.10.8 10.10.10.50 10.10.10.52 Type Domain Controller Application Server Domain Controller Application Server Operating System Windows 2003 Server Windows 2003 Server Windows 2003 Server Windows 2003 Server Hostname RTPDC02 RTPBDR01 RTPSBS01 RTPTS01

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 17 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    Host Vulnerabilities Overview

    A variety of vulnerabilities compiled outlining the total vulnerabilities grouped by criticality.

    <CLIENT> II assessment. DETAILED FINDINGS were discovered as VOLUME a result of the host The following summary graph was

    Total Host Vulnerabilities

    10 8 6 4 2 0 Total High 0 Medium 2 Low 1

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 18 of 19

    RESONANT TECHNOLOGY PARTNERS VOLUME II DETAILED FINDINGS


    Host Vulnerabilities Detail

    <CLIENT> VOLUME II DETAILED FINDINGS The following is a detailed breakdown of the specific vulnerabilities identified during the host assessment.
    Risk Level 2 Med Vulnerability Patches not installed. Description Several patches were not installed on these systems. Many patches fix known security issues. This is a problem that can allow attackers to exploit such issues. Bulletin ID : APSB10-26 Bulletin ID : JAVA6022 2 Med Security event settings too weak. Security event audit settings were not stringent enough in accordance with best practices. Unauthorized access and/or events may go unnoticed until systems have been completely compromised. Enable security event auditing for all critical events in accordance with best practices. The following events should be audited: Success and Failure: Account management Object access Policy changes System events Failure: Account logon Directory service access Logon events Privileged use 1 Low Default Guest account not renamed. The guest account on the system has not been renamed. This account is a well-known user and is a typical first target for a break-in. Even though this account is disabled, it should be renamed in case it is accidentally or intentionally enabled. Rename this account to something inconspicuous. 10.10.10.8 10.10.10.52 10.10.10.8 10.10.10.52 Recommendation Test and apply the appropriate patches to the systems. Equipment Affected 10.10.10.50 10.10.10.52

    CONFIDENTIAL

    For use by Resonant Technology Partners only

    Page 19 of 19

    Potrebbero piacerti anche