Vulnerability Assessment Penetration Analysis

In: Computers and Technology

Submitted By planetlane
Words 972
Pages 4
Vulnerability Assessment Penetration Analysis

A. Memo For Record: IDS upgrade or replacement

Summary of Events: The health care clinic’s network security appliance (combined router/firewall/wireless access point) was hacked and passwords were cracked. Configuration changes to this device opened the network to a Denial-of-Service (DoS) attack. The result of this attack prevented access to patient records and insurance claims as part of their daily routine. The network Intrusion Detection System (IDS) sensor had been previously disabled because of degradation of network performance caused by the device. No advanced notification of system degradation caused by the DoS attack was identified until employees were unable to use the network to perform the jobs.

IDS Definition: Network IDS is part of the external boundary protection and monitoring system.
Threats to the network from external sources are identified and reported using a management console.
With the sensor disabled attacks against the network can be accomplished undetected and reduce response time. “An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSs.” An Intrusion Detection Protection System (IDPS) combines the functions of IDS and IPS into a single hardware/software application package. Sensors can be configured as passive and/or active. A passive IDPS sensor will look at traffic but cannot block or prevent attacks. An active IDPS sensor is designed to inspect all traffic and has to capability to block traffic hence…...

Similar Documents

Web Server Vulnerability Analysis

...1. What vulnerabilities where found? 1.1. Outdated software 1.2. Configuration files shown to guest users 1.3. Non sanitized data shown in URL strings using (GET/POST Methods) 1.4. Setup files/folders found in web documents 1.5. DDoS using low level http attack methods to fill ports 1.6. Folder indexing enabled 2. What risk do they create? 2.1. Security risks/vulnerabilities/exploits are released to public 2.2. Able to identify services to attack 2.3. Injection 2.4. Recreation or modifying current configurations 2.5. Deny service to normal users, black hole the IP 2.6. Listing of all files even hidden ones 3. How could they be remediated? 3.1. Upgrade update regularly 3.2. Move outside of htdocs or limit access/file permissions 3.3. Fix source code 3.4. Do not list folders in the robots.txt file, and do not link over to the folders see 3.6 3.5. Firewall icmp and other protacal’s not used for web 3.6. Change in the web service configuration or create an index.html or default “dummy” file 4. What practices should be used to prevent similar vulnerabilities? 4.1. Keep up to date software and use methods when coding to prevent attacks. Test the server for vulnerabilities weekly. Configure the web services using best practices. 5. What protective measure could be used if applications or servers could not be fixed? 5.1. Firewall/hardware 5.2. Proxy services 5.3. 3rd party monitoring solution such as Cloudflaretm...

Words: 257 - Pages: 2

Hazard Vulnerability Assessment

...The Philadelphia Water Department, Baxter Water Treatment Plant Anthony Vega, Denise Youmans, Christopher Williams, Stephen Glenn, Darnell Jessie Immaculata University EPM 301 Report Summary The purpose of this assessment is designed to look at the hazard vulnerability and exploitation potential surrounding The Philadelphia Water Department, Baxter Water Treatment Plant located at 9001 State Road in Philadelphia, Pa. The treatment plant must be prepared for every emergency when considering the safety of the community. This assessment is a detailed analysis of the possible catastrophic events that could occur in or near the water treatment plant and an inquisition into the possible contingency plans in the event that a catastrophe occurs. This assessment is designed to identify and assess hazards to which the Baxter Treatment Plant is ill-prepared to respond and strengthen these weak areas. Methods We, as a group, conducted site visits and surveys of the property. A point of contact was established within the Philadelphia Water Department, but the Water Department policies dictate that written approval for a site visit must be approved by higher level management. These policies and the limited amount of time in the accelerated semester did not allow us to complete an internal site visit. As a contingency, we evaluated the site from the exterior. Physical surveillance was conducted allowing us to observe the visible security of the premises. The building is......

Words: 4007 - Pages: 17

Vulnerability Asses Vulnerability Assessment System Penetration and Analysis Testingsment System Penetration and Analysis Testing

...| Vulnerability Assessment System Penetration and Analysis Testing | |Memo | Internal Penetration Testing Tool and Purchase | | | | With the recent attack/hack on agency's network town police department authorities came to a decision to conduct a complete assessment on network vulnerabilities. The main goal of this memo is to assess or evaluate the network penetration tools available in the market. Compare the tools. Cost to buy and implement these tools internally. Hire a professional service to evaluate these tools. In this memo we will cover the internal implementation at high level. In the market there are many penetration tools like a. Nmap - Worlds Best Port Scanner b. Nessus - Vulnerability Scanner c. Metasploit - Exploit framework For testing Vulnerabilities I picked the above three mentioned tools which are widely used in many organizations and would be perfect for this scenario. The penetration tools that could be used to conduct a vulnerability analysis are; Nmap and Nessus which provide a number of penetration testing techniques such as port scanning, Credentialed and uncredentialed scans, enumeration,......

Words: 1156 - Pages: 5

Penetration Testing

...Penertation testing Methodology 2.1 Penetration test plans 2.2 NIST penertation testing documentation 2.3 Web application penertation testing 2.4 E-commerece penertation testing 2.5 Network penetration testing 2.6 Common tools and applications for peneration testing 7 2.7 Black box testing, grey box testing, Black/grey box testing 2.8 Social engineering testing 7 3. Test Plan 15 3.1 Task 3.1 Reporting 3.1 Schedule 3.2 Limitation of Liability 3.3 End of Testing 3.1 Unanswered Questions 10 3.4 Signatures 8 3.1 Authorization Letter 8 4. Conclusion 11 5. Bibiography 11 Acronyms 22 Appendix A – Test Case Procedures 23 Abstract This document is a proposal with a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented. This proposal provides an understanding of penetration testing. It discusses the benefits, the strategies and the mythology of conducting penetration testing. The mythology of penetration testing includes three phases: test preparation, test and test analysis. Key Words: Security Testing, Vulnerability Assessment, Penetration Testing, Web Application Penetration Testing. What is a Penetration test? Penetration tests are a great way to identify vulnerabilities that exists in a system or Network that......

Words: 1995 - Pages: 8

Lab 2 Performing a Vulnerability Assessment

...Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. Zenmap is the official GUI for the Nmap Security Scanner. It is a multi-platform, free and open-source application designed to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. This can be used for example to audit a network on a specific IP scheme. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? OpenVAS 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Written permission must be obtain before performing an intrusive penetration test or vulnerability assessment scan on a live network. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures. It is sponsored by the office of Cybersecurity at the US Department of Homeland Security. The site is managed by the MITRE Corp. 5. Can Zenmap detect which operating systems are present on IP servers and workstations? Which option includes that scan? Yes, by using TCP/IP stack fingerprinting......

Words: 406 - Pages: 2

Vulnerability Analysis

...Over the past twelve months Microsoft has announced several vulnerabilities. Some of them included Microsoft Security Advisory (MSA) 3009008, MSA 3010060, MSA 2982792, MSA 2977292, and MSA 2974294. MSA 3009008 is a vulnerability in SSL 3.0. This vulnerability could allow information disclosure, meaning a man in the middle attack would be effective. It was first published in October 2014 then later updated in December 2014. Next we have MSA 3010060 could cause Microsoft OLE (Object Link & Embedding) to allow remote code execution. This is technically not a privilege escalation vulnerability; the exploitation of this vulnerability runs at the privileges of the logged on user. The mitigation for this vulnerability is to turn on UAC (user account control) and log in as a normal user and us the “run as” command. This vulnerability is classified as critical and needs to be patched right away. Microsoft Security Advisory 2982792 talks about improperly signed certificates. It was published July 10, 2014 and updated on July 17, 2014. An improperly signed certificate could allow for website spoofing. To mitigate this issue is to turn off the automatic updating of root certificates. The extensible authentication protocol (EAP) was compromised this year. MSA 2977292 covered all the details on this vulnerability. This compromise would allow encrypted traffic to be read in clear text during a man in the middle attack. The new guide to implementing the higher version......

Words: 296 - Pages: 2

Vulnerability Assessment Scan

...Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to 
perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings of the vulnerability assessment scan and identify critical......

Words: 559 - Pages: 3

Lab 4 Performing a Vulnerability Assessment

...similar tools, are typically used during the scanning and vulnerability phase of the ethical hacking process 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? OpenVAS, and similar tools, perform vulnerability assessment of Unix, Windows, and network infrastructures and can perform a network discovery of devices, operating systems, applications, databases, and services running on those devices. These tools are typically used to complete the scanning and vulnerability assessment phase of the ethical hacking process once the network-mapping scan (that was in Part 1 of this lab) is completed. Conducting a vulnerability scan on entire subnets can be noisy (making them easily detected) and time-consuming. You can limit the breadth and scope of the scan by specifying the hosts you want to scan in a simple text file. 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Written permission must be obtained before performing an intrusive penetration test or vulnerability assessment scan on a live network. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures. CVE is co-sponsored by the office of......

Words: 466 - Pages: 2

Lab #2: Performing a Vulnerability Assessment

...Lab #2 – Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? 5. Can Zenmap detect which operating......

Words: 307 - Pages: 2

Vulnerability Assessment

...Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? 5. Can Zenmap detect which operating systems are present on IP......

Words: 297 - Pages: 2

Vulnerability-Assessment

... Chapter 1 Vulnerability Assessment Solutions in this Chapter: I What Is a Vulnerability Assessment? I Automated Assessments I Two Approaches I Realistic Expectations Summary Solutions Fast Track Frequently Asked Questions 1 285_NSS_01.qxd 2 8/10/04 10:40 AM Page 2 Chapter 1 • Vulnerability Assessment Introduction In the war zone that is the modern Internet, manually reviewing each networked system for security flaws is no longer feasible. Operating systems, applications, and network protocols have grown so complex over the last decade that it takes a dedicated security administrator to keep even a relatively small network shielded from attack. Each technical advance brings wave after wave of security holes. A new protocol might result in dozens of actual implementations, each of which could contain exploitable programming errors. Logic errors, vendor-installed backdoors, and default configurations plague everything from modern operating systems to the simplest print server.Yesterday’s viruses seem positively tame compared to the highly optimized Internet worms that continuously assault every system attached to the global Internet. To combat these attacks, a network administrator needs the appropriate tools and knowledge to identify vulnerable systems and resolve their security problems before they can be exploited. One of the most powerful tools available today is the vulnerability assessment, and this......

Words: 9203 - Pages: 37

Vulnerability Assessment

...multi-dimensional password, IP scanning, or outright packet refusal (at the router) because of traffic from an outside source. Those physical hardware solutions need to be monitored on their own to avoid being compromised and affording another avenue of attack, but the combination of both active security and training work together to make single pieces of information that are usually sought by a social engineer almost useless. Date retention policies identify how data is stored, protected and or/destroyed. Addressing how your data lives, and eventually dies, and the responsibilities of personnel at all levels with regards to how data is handled prevents one of the easiest methods in a social engineers arsenal. Combining this training with an analysis of how data is classified helps determine what security level is adequate for different kinds of information. PII (Personally Identifiable Information) or HIPAA data, financial records, may require federally mandated special handling, while Research and Development documents might require specific practices that detail proper handling, and by whom. A labeling program that correctly and easily identifies data makes that data more difficult to conceal or access, especially if paired with proper training of staff of the different levels of authorization required for the possession or access of that data. Policies that outline physical access to data must also be addressed to help prevent social engineering. Employees......

Words: 1868 - Pages: 8

Vulnerability

...conduct vulnerability assessments is of the upmost importance if a company or organization has information that is confidential or vital in nature. The need to conduct penetration testing should be an ongoing task for organizations as new technologies emerge. Even with security measures in place hackers continue to find ways around the roadblocks which are put in place to secure our networks. Just this month alone the Federal Bureau of Investigation’s network was compromised as a hacker was able to penetrate the emails of one of the organization’s special agents (Brito, 2012). The FBI has some of the most sophisticated computer security measures in place known to man and if their systems can be hacked I assure you that no one is safe. In order to properly examine a computer network for vulnerabilities a company’s information systems manager needs to determine whether such testing can be completed in house or should be outsourced to a penetration testing contractor. It is my belief that penetration testing is best left to contractors whose sole function is in conducting these types of tests, as they are better equipped with the tools and knowledge needed to get an accurate overview of a business network. However, penetration testing should be completed periodically by a business internal IT staff as they can apply updates to prevent vulnerabilities throughout the year and can assist a third party vendor in getting the best snapshot of a network’s vulnerabilities. ......

Words: 1998 - Pages: 8

Business Analysis - Solution Assessment

...BASA module assignment PART 1 – SOLUTION ASSESSMENT 1. Case study The following is a fictitious case study of a central bank that intends to either develop a real-time gross settlement (RTGS) system for the settlement of large-value, interbank payments in the country in-house, or purchase an off-the-shelf solution. The example used in this case study is an evaluation of a vendor’s reply to a request for proposal. 2. Assess proposed solution 2.1 Assess the value delivered by the proposed solution(s) or the actual proposal The acceptance criteria were compiled during internal requirement elicitation work sessions with representatives from the different departments in the bank. These criteria were then weighted based on importance. Number | Acceptance criteria | Weight | Compliance rating |   | Weight x compliance rating |   |   |   | Vendor A | Vendor B | In-house | Vendor A | Vendor B | In-house | 1 | Application software product requirements | | | | | | | | 1.1 | All settlement shall be prefunded | 20 | 3 | 3 | 2 | 60 | 60 | 40 | 1.2 | The system shall provide for different settlement options | 30 | 1 | 3 | 1 | 20 | 60 | 20 | 1.3 | The system shall facilitate intraday credit extension against collateral | 10 | 2 | 3 | 1 | 40 | 60 | 20 | 1.4 | The system shall be able to interface with existing back-office systems | 5 | 2 | 2 | 3 | 40 | 40 | 60 | 1.5 | Settlement should be final and irrevocable | 3 | 3 | 1 | 3 | 60 | 20 | 60 | ......

Words: 2801 - Pages: 12

Penetration Test vs. Vulnerability Assessment

...Penetration Test vs. Vulnerability Assessment Ø Penetration testing ensures you that your network will not be penetrated by malicious users. Ø Vulnerability Assessment gives an organization the ability to identify potentials for intrusion to their network. Ø Penetration test are more intrusive Reason for Assessement Ø Identify the vulnerability Ø Quantify the vulnerability Ø Prioritizing the vulnerability Internal vs. External Ø Internal assessment shows the vulnerabilities that employees or anyone with access to the internal network and exploit them. Ø External assessments shows the vulnerabilities from someone without direct access to the internal network. Window of Vulnerability Ø Unknown Window of Vulnerability Ø Known Window of Vulnerability Risk Ø Vulnerability Ø Attacks Ø Threats Ø Exposure Risk = Vulnerability x Attacks x Threats x Exposure Risk of Internal Assessment Ø Can’t be truly objective Ø Fair and impartial assessment Management is force to deal with the “fox in the Hen House” problem Steps 1-3 to an Successful Assessment • Understand the consequences • Document Management buy-in • Develop manageable objectives Step 4-6 to an Successful Assessment • Determine method • Plan for disruptions • Develop an assessment in a impactful, yet understandable, way. Qualified and Experienced outside Third Party. Ø Protect yourself with an contract Ø Breadth of experience Ø Currency with the latest......

Words: 255 - Pages: 2