Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
CONFIDENTIAL
For
VISTA
Ltd.
InfoSec
Pvt.
VERSION: 1.0
DATE:
This document contains confidential information of highly sensitive nature. Reproduction or distribution
without the express written permission of InfoSec or the client named above is strictly prohibited
Page 1
VISTA InfoSec
CONFIDENTIAL
Table of Contents
Section 1. Executive Summary
1.1
Background
1.2
Objectives
1.3
Scope of Testing
1.4
Vulnerability Summary
Methodology
1.6
Milestones
1.7
Report Presentation
Section 2.
2.1
Section 3.
3.1
Section 4.
Major Findings
Security Issues per Host
Phase 1- Discovery
Discovered Hosts
Phase 2- Vulnerability Analysis
4.1.1
IP-192.168.1.160
/ Hostname-ECCPRD1
4.1.2
IP-192.168.1.163
/ Hostname-SAPCLUSTER
4.1.3
IP-192.168.1.165
/ Hostname-FIL-HO-SVR07
4.1.4
IP-192.168.1.166
/ Hostname-FIL-HO-SVR-08
4.1.5
IP-192.168.1.167
/ Hostname-BI-PRD
4.1.6
IP-192.168.1.172
/ Hostname-SAPPI
4.1.7
IP-192.168.1.173
/ Hostname-NAVISION
4.1.8
IP-192.168.1.174
/ Hostname-FIL-NZ-SRV-018
Page 2
VISTA InfoSec
CONFIDENTIAL
4.2.1
IP-192.168.1.240
/ Hostname--
4.2.2
IP-192.168.1.200
/ Hostname--
Page 3
VISTA InfoSec
CONFIDENTIAL
1.2 Objectives
Examine IT systems for weaknesses that could be used by attackers to disrupt the
confidentiality, availability, or integrity of the network, thereby allowing the organization to
address each weakness.
Page 4
VISTA InfoSec
CONFIDENTIAL
During this test, .....hosts were discovered. The scan revealed ....high severity issues,
.....medium severity issues and ..... low severity issues.
1.4.1
Number of Issues
(Total 694)
Page 5
VISTA InfoSec
CONFIDENTIAL
Page 6
VISTA InfoSec
CONFIDENTIAL
1.5 Methodology
VISTA InfoSec consultants follow the below mentioned methodology while performing all
security audits. The methodology is broken down into three phases:
Discovery:
Foot-printing
Network Scanning
Vulnerability Analysis:
Enumeration
Vulnerability Scanning
Reporting:
Executive Summary
Business & Technical Risks and Recommendations
Details and Exposure of Vulnerabilities
VISTA InfoSec consultants used the above mentioned methodology to perform the
vulnerability assessment of the Bank Ltd. Infrastructure.
1.6 Mileston
es
Milestone / Deliverable
Date
08/07/2014
Final Deliverable
08/07/2014
Page 7
VISTA InfoSec
1.7
CONFIDENTIAL
Report Presentation
Below is the presentation used for reporting the vulnerabilities found in the Hosts during
this assessment. We have followed the following representation:
Active Services
List of active services found on that particular host at the time of assessment. The
services are mentioned with Port Numbers, the protocol they use and service
information.
Vulnerability Overview
Summarization of the list of vulnerabilities found as per severity.
Vulnerabilities
Page 8
VISTA InfoSec
Vulnerability
Severity
CONFIDENTIAL
HIGH
MEDIUM
LOW
Port
CVSS Score
Ease
of
Exploitation
Page 9
VISTA InfoSec
CONFIDENTIAL
2.1
High
Medium
Low
Total
192.168.1.160
103
26
130
192.168.1.163
106
26
133
192.168.1.165
21
22
46
192.168.1.166
44
20
66
192.168.1.167
116
35
153
192.168.1.172
71
19
92
192.168.1.173
15
192.168.1.174
27
16
45
192.168.1.200
192.168.1.240
Page 10
VISTA InfoSec
CONFIDENTIAL
3.1
Discovered Hosts
Address
Hostname
OS Name
192.168.1.160
ECCPRD1
192.168.1.163
SAPCLUSTER
192.168.1.165
FIL-HO-SVR07
192.168.1.166
FIL-HO-SVR-08
192.168.1.167
BI-PRD
192.168.1.172
SAPPI
192.168.1.173
NAVISION
192.168.1.174
192.168.1.240
192.168.1.200
Page 11
VISTA InfoSec
CONFIDENTIAL
IP-192.168.1.160
/Hostname-ECCPRD1
Please click here to view the detail vulnerability assessment for this host.
4.1.2
IP-192.168.1.163
/Hostname-SAPCLUSTER
Please click here to view the detail vulnerability assessment for this host.
4.1.3
IP-192.168.1.165
/Hostname-FIL-HO-SVR07
Please click here to view the detail vulnerability assessment for this host.
4.1.4
IP-192.168.1.166
/Hostname-FIL-HO-SVR-08
Please click here to view the detail vulnerability assessment for this host.
4.1.5
IP-192.168.1.167
/Hostname-BI-PRD
Please click here to view the detail vulnerability assessment for this host.
4.1.6
IP-192.168.1.172
/Hostname-SAPPI
Please click here to view the detail vulnerability assessment for this host.
4.1.7
IP-192.168.1.173
/Hostname-NAVISION
Page 12
VISTA InfoSec
CONFIDENTIAL
Please click here to view the detail vulnerability assessment for this host.
4.1.8
IP-192.168.1.174
/Hostname-FIL-NZ-SRV-018
Please click here to view the detail vulnerability assessment for this host.
4.2.1
IP-192.168.1.240
/Hostname--
Please click here to view the detail vulnerability assessment for this host.
4.2.2
IP-192.168.1.200
/Hostname--
Please click here to view the detail vulnerability assessment for this host.
Page 13
VISTA InfoSec
CONFIDENTIAL
Date
Name
1.0
21-3-2014
Description
Page 14