Prova Ebooks

Confidential Information This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and 826 Ocean Drive LLC .

Copyright 2010 Trustwave, All Rights Reserved

Full Vulnerability Scan

826 Ocean Drive LLCApr 17, 2013

Trustwave Scan Report Attestation of Compliance

Confidential Information This document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination,distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and 826 Ocean Drive LLC .

Copyright 2010 Trustwave, All Rights Reserved

Scan Customer Information Approved Scanning Vendor Information

Company:826 Ocean Drive LLC Company: Trustwave

Contact:Elizabeth Cruz Title Contact: Trustwave Support Email: [email protected]

Telephone: Email:[email protected] Telephone: 1-800-363-1621 (US Toll free) or +1-312-267-3212 (US Toll) or+44 (0) 845 456 9613 (UK Toll Free)

Business Address:826 Ocean Drive Business Address: 70 West Madison St., Ste 1050

City:miami beach State/Province:FL City: Chicago State/Province: Illinois

Zip:33139 Country:US Zip: 60602 Country: USA

URL: URL: www.trustwave.com

Scan Status:

• Compliance Status:Fail

• Number of unique components scanned:10

• Number of identified failing vulnerabilities:5

• Number of components not scanned by TrustKeeper because the customer confirmed they were out of scope:6

• Date scan completed:Apr 17, 2013

• Scan expiration date (3 months from date scan completed):Jul 17, 2013

Scan Customer Attestation826 Ocean Drive LLC attests that: "This scan includes all components which should be in scope for PCI DSS, any component considered out-of-scope forthis scan is properly segmented from my cardholder data environment, and any evidence submitted to the ASV to resolve scan exceptions is accurate andcomplete. 826 Ocean Drive LLC also acknowledges the following: 1) proper scoping of this external scan is my responsibility, and 2) this scan result only indicateswhether or not my scanned systems are compliant with the external vulnerability scan requirement of the PCI DSS; This scan does not represent 826 Ocean DriveLLC's overall compliance status with PCI DSS or provide any indication of compliance with other PCI DSS requirements."

Signature Name Title Date

ASV AttestationThis scan and report were prepared and conducted by Trustwave under certificate number 3702-01-05, according to internal processes that meet PCI DSSrequirement 11.2 and the PCI DSS ASV Program Guide.Trustwave attests that the PCI DSS scan process was followed, including a manual or automated QualityAssurance process with customer boarding and scoping practices, review of results for anomalies, and review and correction of 1) disputed or incomplete results,2) false positives, and 3) active interference. This report and any exceptions were reviewed by the Trustwave Quality Assurance Process.

Full Vulnerability Scan : Contents Apr 17, 2013

Confidential Information Page i

CONTENTS

Report Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Security Compliance Dashboard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Scan Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Discovered Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Scanning Results and Recommended Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Vulnerabilities Fundamentals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Vulnerability Scoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Vulnerabilities By Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Appealing Report Findings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

System Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Inventory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Accessible Web Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24SSL/TLS Certificate Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Full Vulnerability Scan : Icon Overview Apr 17, 2013

Confidential Information Page 1

ICON OVERVIEWThe following icons are used throughout the report to identify the severity and compliance-affecting nature of the findings presented in the report.

Icon Name Description

Compromised Compromised events indicate there is evidence that a system has previously been successfully attacked. Youshould investigate and validate these issues immediately.

(PCI Level 4 and 5 vulnerabilities are included here)

High Severity High Severity vulnerabilities indicate problems which could result in immediate compromise. These issues should beinvestigated and validated as soon as possible in order to reduce the risk of a successful attack.

(PCI Level 3 and 4 vulnerabilities are included here)

Medium Severity Medium Severity vulnerabilities indicate issues which could potentially result in information or system compromise.

(PCI Level 2 vulnerabilities are included here)

Low Severity Low Severity vulnerabilities indicate low risk problems or warnings, such as configurations which might revealinteresting reconnaissance information that could be used to facilitate a compromise (e.g., application "banners").

(PCI Level 1 vulnerabilities are included here)

Informational Details about your systems that might be of interest but that do not represent a security threat are indicated byInformational events

Pass This icon indicates that the item has passed a security scan.

Full Vulnerability Scan : Compliance Dashboard Apr 17, 2013


COMPLIANCE DASHBOARD

Network Scan Vulnerabilities

3 High Vulnerabilities

3 PCI Non-Compliant issues.

You have 3 high-severity security vulnerabilitie(s) in your systems that put you and your customersat risk. Please refer to the Scanning Results and Recommended Actions section of this document fordetails on how to resolve these issues to become compliant.

2 Medium Vulnerabilities

2 PCI Non-Compliant issues.

You have 2 medium-severity security vulnerabilitie(s) in your systems. Although not an immediateproblem, you should begin to develop a remediation plan for these items.

3 Low Vulnerabilities

You have 3 low-severity security vulnerabilitie(s) in your systems. Although not an immediate problem,you should begin to develop a remediation plan for these items.

24 Informational Vulnerabilities

You have 24 informational notices for your systems.

Full Vulnerability Scan : Scan Parameters Apr 17, 2013


SCAN PARAMETERSThis section provides details on the scan that was completed on your network. The vulnerability scan is conducted using parameters which describe the subject IP addresses. Theseparameters include specific IP addresses, blocks of IP addresses and domain names. Domain names are resolved to one or more IP addresses using an enhanced DNS query thatallows the scanner to identify multiple servers if certain types of load balancing are used in your network.

Scan Completed On: 2013-04-17 19:33:38.767418 GMT

Network blocks are described using Classless Interdomain Routing (CIDR) notation. Individual IP addresses are notated with a "/32" CIDR suffix.

The following parameters were used as input to this scan:

Scan Parameters

# -10 Type Parameter

1. IP Address 108.132.28.44 (medi)

2. IP Address 207.231.222.115 (Pelican)

3. IP Address 66.184.163.154 (victor)

4. IP Address 68.153.170.239 (kitchen)

5. IP Address 68.153.182.156 (carlyle)

6. IP Address 71.249.134.226 (Bice NY)

7. IP Address 72.153.64.81 (007)

8. IP Address 74.246.113.106 (bice palm beach)

9. IP Address 74.246.22.122 (cardozo)

10. IP Address 74.246.24.219 (deco)

The following systems were removed from your scan profile at your request. If you see a parameter listed here that is also listed in the Scan Parameters table above, then it's likelythat the parameter was removed after the scan was completed.

Full Vulnerability Scan : Scan Parameters Apr 17, 2013


Previous Scan Parameters (Not Scanned)

Type Parameter

IP Address 207.244.184.130

IP Address 12.54.209.98

IP Address 200.200.200.158

IP Address 207.244.177.64

IP Address 68.213.219.88

IP Address 74.169.104.220

Full Vulnerability Scan : Related Hosts (Not Scanned) Apr 17, 2013


RELATED HOSTS (NOT SCANNED)The following systems were discovered to be related to your network during this scan. TrustKeeper only scans those systems which are explicitly identified by you; however, thefollowing systems were identified using reconnaissance techniques based on the information you provided. While not scanned for this assessment, you should be aware that anattacker could identify the same information.

Please review this information and update your TrustKeeper Scan Parameters if any of the following systems are relevant to the assessment being performed. In many cases, someof these systems will not be relevant to the assessment. Common examples include domain name servers (DNS) and mail servers maintained by your ISP. The scanner may alsoidentify internal systems that are not directly accessible from the Internet.

Full Vulnerability Scan : Vulnerabilities Fundamentals Apr 17, 2013


SCANNING RESULTS AND RECOMMENDED ACTIONS

Common Vulnerabilities and Exposures (CVE)TrustKeeper utilizes the industry-standard CVE Identifiers as the primary reference for vulnerability findings. CVE Identifiers provide references to the official CVE databasemaintained by MITRE, as well as the National Vulnerability Database (NVD). CVE Identifiers are included, with links to both the CVE database and the NVD, in the "Description"column of the findings tables included in this report. You may search for specific CVE references in the report using the native search function of your PDF viewer.

Vulnerabilities FundamentalsVulnerabilities vs. Exploits

The terms "vulnerability" and "exploit" are used throughout this report. A vulnerability represents a threat to your systems and information. It may be a technical threat, such as aprogram which contains potential buffer overflows, or it may be a configuration, such as leaving certain network services exposed to the Internet, or not requiring authentication toaccess a certain feature of a program (e.g., remote authoring with Microsoft FrontPage).

An exploit is a program (e.g., a worm, virus, trojan horse, buffer overflow, etc.) or procedure which actually takes advantage of a vulnerability. An example of a well-known exploit isthe Blaster/LovSAN worm which takes advantage of a buffer overflow vulnerability in Microsoft's networking software. The time window between the announcement of a vulnerabilityand the release of a software patch or upgrade to fix the vulnerability is a critical period in the life of an exploit. Unfortunately, exploits for new vulnerabilities have been appearingfaster, increasing the need for system and network administrators to maintain vigilance in their patching and configuration procedures.

Exploit Impact

Successful exploits can result in numerous consequences to your network. A denial-of-service (DoS) may be accomplished by either crashing a server (the system or a particularservice) or consuming all or most of a system resource (e.g., bandwidth on your Internet connection, memory or CPU on your server, and number of allowed network connections).Information theft, loss or corruption may result if an attacker is able to read or write files on a system. If these files contain configuration information (e.g., a list of allowed users)additional attacks may be enabled. Many exploits can also result in arbitrary code execution. This means that an attacker will be able to upload his own code to your system and runit, often times with the privileges of the Administrator or "root" user. It is at this point that an attacker can be said to "own your system."

Network Vulnerabilities

A major class of vulnerabilities occurs at the network layer. Fortunately, these are relatively easy to address by common filtering or access control devices, such as firewalls orrouter access control lists (ACL's). As a general rule, only those services which must be offered to the public should be exposed to the Internet. Common examples of services youprobably want to offer to the public include Web, mail and DNS. Many systems are compromised because the network they are in does not properly restrict incoming network traffic.For example, Microsoft networking protocols (NetBIOS over TCP, RPC, etc.) should not be exposed to the Internet, as they are intended to offer file and printer sharing, as well asnetwork browsing, on a local network. Also, databases (e.g., Microsoft SQL Server, Oracle, Sybase, MySQL, PostgreSQL, etc.) which contain sensitive information should never bedirectly exposed to the Internet. Similarly, monitoring and management protocols such as SNMP and Telnet should not be accessible to the general public. Firewalls and routers canbe configured to allow restricted access to select users when remote connections to these kinds of protocols are required.

Service Vulnerabilities

A large number of vulnerabilities have been discovered (and exploited) in common software packages, especially Web, mail and database servers. Most of these involve bufferoverflows. While buffer overflows can be a complex and technical subject to discuss in detail, they can generally be understood as problems involving the processing of user-provided data, such as a user name, password, account number, etc.. Buffer overflows are particularly concerned with malicious users sending an unusually large amount of data

Full Vulnerability Scan : Vulnerabilities Fundamentals Apr 17, 2013


(e.g., a 500 character password or filename) that the application or program was not expecting. In many cases, the "extra" data provided by the user is a small program that thevulnerable system will end up running, often at a high privilege level (e.g., as the "root" or "Administrator" user).

This report reflects the results of a scan that does not intentionally use destructive tests. For that reason, the scanner places significant emphasis on determining the versions ofapplications that are being used on your systems. If the scanner obtains misleading or inaccurate version information from a network service, it is possible that a vulnerability willeither be missed or falsely reported.

Important Notes Regarding Upgrades and Patches

The general solution to service level vulnerabilities is to either update the suspect software package with a patch or upgrade provided by the vendor, or to reconfigure the service.One of the biggest concerns in the day-to-day activities of a system administrator is that all network services (Web, mail, DNS, database, etc.) are up-to-date with security patchesand are properly configured. This is especially important on systems and services which are exposed to the Internet. Administrators must take care to ensure that a new patch orversion they intend to install will not "break" an existing business application due to some incompatibility with other software.

It is a good practice to carefully plan upgrades and to maintain at least a small test environment so that updates to critical services can be tested before being introduced to aproduction server.

This report provides links to sites which are the principal source of patches and upgrades; however, you should check with the vendor of your system, especially if you areadministering a Unix system, to see if they have specific patches for a problem.

Application Vulnerabilities

One of the most serious issues facing many Web sites today is the number of vulnerabilities introduced to the site by custom Web applications which are running on their Webservers. "Web apps" include anything beyond simple, static content on a Web site. Common Web applications include shopping carts and home banking services. Essentially, if aWeb site accepts and processes any data from a remote user (e.g., through a form on a Web page), then there is an opportunity for an attacker to take advantage of weaknesses inthe code which processes that data. A Web application can be built from popular scripting languages such as Perl and PHP, dynamic HTML technologies such as Microsoft ASP'sand Java JSP's, and many other programming languages. Complex Web apps may include Web servers, application servers and dedicated database servers. Common securityissues which face Web apps include improper "cleansing" of user-provided data (e.g., does the username you asked for contain too many characters, or include an embeddeddatabase query in it) and weak user authentication mechanisms.

SQL Injection & Cross-Site Scripting

Two well known application-level vulnerabilities are "SQL Injection" and "Cross-Site Scripting" (XSS). Both of these types of attacks take advantage of the fact that an applicationdeveloper has not checked the input provided by users before processing or acting on that input. SQL Injection refers to attempts to send commands directly through to the back-end database used by an application. If successful, such an attack may return content from the database to the attacker, or possibly alter or destroy the data within the database.Cross-site scripting vulnerabilities allow an attacker to trick a web application into returning Javascript (or other executable code) to unsuspecting web browsers, potentially puttingthat user's data (especially information stored in cookies) at risk.

While it is usually only possible to fully validate these vulnerabilities in a test or QA environment, the TrustKeeper scanner attempts to detect indicators of an application'svulnerability to these two classes of attacks. In both cases, the scanner searches for web forms and embedded links and attempts to submit information which could provoke anerror message or other detectable content that would be returned to a web browser. If your report includes such findings, you should review the returned data in any evidence linksprovided in the report. Obvious error messages, such as "500 Errors," or messages returned with references to "ODBC Errors" or similar sounding problems should be investigatedat once. At a minimum, these messages indicate that the application is not handling errors appropriately. In the worst case, such findings may indicate that the application is indeedvulnerable to a SQL Injection or Cross-Site Scripting attack.

Another good way to evaluate these findings is to check your log files. You should review any log files generated by your application in order to see if they indicate that an applicationerror of some kind has occurred around the time of the scan.

Full Vulnerability Scan : Vulnerability Scoring Apr 17, 2013


VULNERABILITY SCORING

Common Vulnerability Scoring System (CVSS)Where appropriate, vulnerabilities are assigned a score ranging from 0 to 10, based on the Common Vulnerability Scoring System, Version 2 (CVSSv2). CVSSv2 is the emergingsecurity-industry standard for scoring the severity of vulnerabilities and provides a consistent algorithm for assesing the severity of a vulnerability. TrustKeeper uses the CVSSv2Base Score, which is comprised of six factors, as follows:

Exploitability:

AV: Access Vector Can the attacker be remote, or does he need local network, physical access, etc. ? Network, Adjacent, Local Network, Undefined

AC: Access Complexity Is the attack easy or hard to perform? None, Single, Multiple

Au: Level of Authentication Are credentials (e.g., username and password) needed to perform the attack? None, Single, Multiple

Impact of Attack:

C: Confidentiality Impact Can information be read or downloaded (includes both system and business information)? None, Partial, Complete, Undefined

I: Integrity Impact Can information be destroyed or modified? None, Partial, Complete, Undefined

A: Availability Impact Can legitimate users be denied access to information (e.g., denial of service)? None, Partial, Complete, Undefined

An example of a CVSSv2 Base Vector and Base Score is: AV:N/AC:L/Au:N/C:P/I:N/A:N (Base Score: 5.0)

This vector describes a low-complexity, remote-network based attack that requires no authentication and results in partial information compromise.

Note that TrustKeeper uses the CVSSv2 scores as published by the National Vulnerability Database (NVD) whenever possible. Also, in cases where a finding reflects multipleCVE's, the highest-scoring vector is used to calculate the score.

PCI ScoringPer the requirements set forth for Approved Scanning Vendors (ASVs's) by the PCI Security Standards Council (PCI SSC), vulnerabilities with a CVSSv2 Base Score greater than4.0 will cause a component to be non-compliant with the PCI Data Security Standard (DSS). There are several cases identified by the PCI SSC that require special handling:

• Any application-level vulnerabilities related to Cross-Site Scripting or SQL Injection must be considered non-compliant with the PCI DSS, regardless of their CVSSv2Base Score.

• Any vulnerabilty that is purely related to denial of service, and does not endanger cardholder information, should not negatively affect a component's compliance with thePCI DSS.

Please note that the new CVSSv2-based scoring system may result in new findings which must be remediated in order to maintain compliance with the PCI DSS.

http://www.first.org/cvss/

http://nvd.nist.gov

Full Vulnerability Scan : Vulnerabilities By Device Apr 17, 2013


Vulnerabilities By DeviceThe scan indicates that vulnerabilities were found in your systems. The table below contains the name, level of severity (compromise, high, medium, low or informational), affectedservice, description, and a recommended remediation action for each of the vulnerabilities on each system in your network.

68.153.182.156 (carlyle) (adsl-068-153-182-156.sip.mia.bellsouth.net.)

# Severity Score Port Vulnerability Remediation Action

1. 0.00 tcp /80 TCP Timestamp Options Enabled

The remote service supports TCP Timestamps, which are detailedin RFC1323. This information can potentially be used to discover theuptime of the remote system.

Service: mini_httpd/1.19 19dec2003Evidence:

• Timestamp: 386066483

Reference: http://www.ietf.org/rfc/rfc1323.txt

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N (Base Score:0.00)

If you are concerned about the exposure of uptime of your systems,disable support for TCP Timestamps, if possible. This would be vendorspecific.

74.246.22.122 (cardozo) (adsl-074-246-022-122.sip.mia.bellsouth.net.)

# - 2 Severity Score Port Vulnerability Remediation Action

1.

9.40

tcp /23Unencrypted CommunicationChannel Accessibility

The service running on this port (most often Telnet, FTP, etc…)appears to make use of a plaintext (unencrypted) communicationchannel. Payment industry policies (PCI 1.1.5.b, 2.2.2.b, 2.3, & 8.4.a)forbid the use of such insecure services/protocols. Unencryptedcommunication channels are vulnerable to the disclosure and/ormodification of any data transiting through them (including usernamesand passwords), and as such the confidentially and integrity of the datain transit cannot be ensured with any level of certainty.

Service: (none) login:

CVSSv2: AV:N/AC:L/Au:N/C:C/I:C/A:N (Base Score:9.40)

Transition to using more secure alternatives such as SSH instead ofTelnet and SFTP in favor of FTP, or consider wrapping less secureservices within more secure technologies by utilizing the benefitsoffered by VPN, SSL/TLS, or IPSec for example. Also, limit accessto management protocols/services to specific IP addresses (usuallyaccomplished via a “whitelist”) whenever possible.

http://www.ietf.org/rfc/rfc1323.txt



74.246.22.122 (cardozo) (adsl-074-246-022-122.sip.mia.bellsouth.net.)


2. 0.00 tcp /23

Remote Access Service Detected

One or more remote access services were detected on the remotehost. As defined by the PCI ASV Program Guide: "remote accesssoftware includes, but is not limited to: VPN (IPSec, PPTP, SSL),pcAnywhere, VNC, Microsoft Terminal Server, remote web-basedadministration, ssh, Telnet."

Service: (none) login:


Note to scan customer: Due to increased risk to the cardholder dataenvironment when remote access software is present, please 1) justifythe business need for this software to the ASV and 2) confirm it iseither implemented securely per Appendix C or disabled/ removed.Please consult your ASV if you have questions about this Special Note.

207.231.222.115 (Pelican) (h-207-231-222-115.isnbroadband.net.)


1.

10.00

- Windows Server 2003 MissingService Pack 2

This host is running an instance of Microsoft Windows Server 2003that does not have Service Pack 2 installed. As noted below, there aremany Windows vulnerabilities that are addressed by this service pack.Service Pack 1 for Windows Server 2003 is no longer supported byMicrosoft as of April 14, 2009.

Evidence:• Match: version: 'Windows Server 2003 SP 1' is greater than or

equal to 'Windows Server 2003', version: 'Windows Server 2003SP 1' is less than 'Windows Server 2003 Service Pack 2'

CVE: CVE-2006-4697, CVE-2007-0219, CVE-2007-0217,CVE-2006-1311, CVE-2007-0026, CVE-2006-5559, CVE-2007-0214,CVE-2007-0211, CVE-2007-0024, CVE-2006-4702, CVE-2006-6134,CVE-2006-2386, CVE-2006-5585, CVE-2006-5583, CVE-2006-5579,CVE-2006-5581, CVE-2006-5578, CVE-2006-5577, CVE-2006-3445,CVE-2006-4777, CVE-2006-4446, CVE-2006-4687, CVE-2006-4688,CVE-2006-4689, CVE-2006-4692, CAN-2004-0790, CAN-2004-0230,CAN-2005-0688, CVE-2004-0790, CVE-2006-4696, CVE-2006-3942,CVE-2006-4685, CVE-2006-4686, CVE-2006-3730, CVE-2006-4868,CVE-2006-0032, CVE-2006-3443, CVE-2006-3648, CVE-2006-3086,CVE-2006-3438, CVE-2006-3357, CVE-2006-3281, CVE-2006-2766,CVE-2006-3873, CVE-2006-3280, CVE-2006-3450, CVE-2006-3451,CVE-2006-3637, CVE-2006-3638, CVE-2006-3639, CVE-2006-3640,

Microsoft released Windows Server 2003 Service Pack 2 to addressthese issues. Refer to the provided URLs for more information.

Note: This finding is based on version information which may not havebeen updated by previously installed patches (e.g., Red Hat "backports"). Please submit a "Patched Services" appeal in TrustKeeper ifthis vulnerability has already been patched.

Patches: http://technet.microsoft.com/en-us/windowsserver/bb229701.aspx

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4697

























http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0790


























http://technet.microsoft.com/en-us/windowsserver/bb229701.aspx






CVE-2004-1166, CVE-2006-3869, CVE-2006-3440, CVE-2006-3441,CVE-2006-3439, CVE-2006-2372, CVE-2006-1314, CVE-2006-1315,CVE-2006-0026, CVE-2006-2379, CVE-2006-2373, CVE-2006-2374,CVE-2006-2370, CVE-2006-2371, CVE-2006-0025, CVE-2006-1313,CVE-2006-2378, CVE-2006-2218, CVE-2006-2382, CVE-2006-2383,CVE-2006-1303, CVE-2005-4089, CVE-2006-2384, CVE-2006-2385,CVE-2006-1626, CVE-2006-0015, CVE-2006-0014, CVE-2006-0012,CVE-2006-0003, CVE-2006-1359, CVE-2006-1245, CVE-2006-1388,CVE-2006-1185, CVE-2006-1186, CVE-2006-1188, CVE-2006-1189,CVE-2006-1190, CVE-2006-1191, CVE-2006-1192, CAN-2006-0008,CVE-2006-0008, CVE-2006-0013, CAN-2006-0021, CVE-2006-0021,CVE-2006-0010, CVE-2005-4560, CAN-2005-2829, CAN-2005-2830,CAN-2005-2831, CAN-2005-1790, CAN-2005-2123, CAN-2005-2124,CAN-2005-0803, CAN-2005-2127, CAN-2005-2119, CAN-2005-1978,CAN-2005-1979, CAN-2005-1980, CAN-2005-2128, CAN-2005-2122,CAN-2005-2118, CAN-2005-2117, CAN-2005-1987, CAN-2005-1985,CAN-2005-2307, CAN-2005-1981, CAN-2005-1982, CAN-2005-1218,CAN-2005-0058, CAN-2005-1983, CAN-2005-1988, CAN-2005-1989,CAN-2005-1990, CAN-2005-1219, CAN-2005-1205, CAN-2005-1214,CAN-2005-1206, CAN-2005-1208, CAN-2005-1211, CAN-2002-0648,CAN-2005-0048, CAN-2004-1060, CAN-2004-1319, CAN-2004-0575,CAN-2004-0206, CAN-2003-1041, CAN-2004-0201NVD: CVE-2006-4697, CVE-2007-0219, CVE-2007-0217,CVE-2006-1311, CVE-2007-0026, CVE-2006-5559, CVE-2007-0214,CVE-2007-0211, CVE-2007-0024, CVE-2006-4702, CVE-2006-6134,CVE-2006-2386, CVE-2006-5585, CVE-2006-5583, CVE-2006-5579,CVE-2006-5581, CVE-2006-5578, CVE-2006-5577, CVE-2006-3445,CVE-2006-4777, CVE-2006-4446, CVE-2006-4687, CVE-2006-4688,CVE-2006-4689, CVE-2006-4692, CAN-2004-0790, CAN-2004-0230,CAN-2005-0688, CVE-2004-0790, CVE-2006-4696, CVE-2006-3942,CVE-2006-4685, CVE-2006-4686, CVE-2006-3730, CVE-2006-4868,CVE-2006-0032, CVE-2006-3443, CVE-2006-3648, CVE-2006-3086,CVE-2006-3438, CVE-2006-3357, CVE-2006-3281, CVE-2006-2766,CVE-2006-3873, CVE-2006-3280, CVE-2006-3450, CVE-2006-3451,CVE-2006-3637, CVE-2006-3638, CVE-2006-3639, CVE-2006-3640,CVE-2004-1166, CVE-2006-3869, CVE-2006-3440, CVE-2006-3441,CVE-2006-3439, CVE-2006-2372, CVE-2006-1314, CVE-2006-1315,CVE-2006-0026, CVE-2006-2379, CVE-2006-2373, CVE-2006-2374,CVE-2006-2370, CVE-2006-2371, CVE-2006-0025, CVE-2006-1313,CVE-2006-2378, CVE-2006-2218, CVE-2006-2382, CVE-2006-2383,CVE-2006-1303, CVE-2005-4089, CVE-2006-2384, CVE-2006-2385,CVE-2006-1626, CVE-2006-0015, CVE-2006-0014, CVE-2006-0012,CVE-2006-0003, CVE-2006-1359, CVE-2006-1245, CVE-2006-1388,CVE-2006-1185, CVE-2006-1186, CVE-2006-1188, CVE-2006-1189,CVE-2006-1190, CVE-2006-1191, CVE-2006-1192, CAN-2006-0008,CVE-2006-0008, CVE-2006-0013, CAN-2006-0021, CVE-2006-0021,CVE-2006-0010, CVE-2005-4560, CAN-2005-2829, CAN-2005-2830,CAN-2005-2831, CAN-2005-1790, CAN-2005-2123, CAN-2005-2124,
























































































http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4697

























http://nvd.nist.gov/nvd.cfm?cvename=CAN-2004-0790


















































































CAN-2005-0803, CAN-2005-2127, CAN-2005-2119, CAN-2005-1978,CAN-2005-1979, CAN-2005-1980, CAN-2005-2128, CAN-2005-2122,CAN-2005-2118, CAN-2005-2117, CAN-2005-1987, CAN-2005-1985,CAN-2005-2307, CAN-2005-1981, CAN-2005-1982, CAN-2005-1218,CAN-2005-0058, CAN-2005-1983, CAN-2005-1988, CAN-2005-1989,CAN-2005-1990, CAN-2005-1219, CAN-2005-1205, CAN-2005-1214,CAN-2005-1206, CAN-2005-1208, CAN-2005-1211, CAN-2002-0648,CAN-2005-0048, CAN-2004-1060, CAN-2004-1319, CAN-2004-0575,CAN-2004-0206, CAN-2003-1041, CAN-2004-0201Reference: http://technet.microsoft.com/en-us/windowsserver/bb286898.as pxReference: http://support.microsoft.com/lifecycle/?LN=en-us&x=9&y=15&p1 =3198

CVSSv2: AV:N/AC:L/Au:N/C:C/I:C/A:C (Base Score:10.00)

2.

7.80

tcp /443 Microsoft ASP.NET w3wp.exeCOM component DoS

The version of Microsoft .NET identified running on this server isvulnerable to a Denial of Service attack. Remote attackers can causea resource exhaustion on the server by repeatedly requesting each ofseveral documents that refer to COM components, or are restricteddocuments located under the ASP.NET application path.

Service: Microsoft-IIS/6.0Evidence:

• Virtual Host: 207.231.222.115• Match: '1.1.4322' is greater than or equal to '1.0.2204.0'• Match: '1.1.4322' is less than '1.1.4322.2310'

CVE: CVE-2006-1364NVD: CVE-2006-1364Bugtraq: 17188Reference: http://xforce.iss.net/xforce/xfdb/25392

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:C (Base Score:7.80)

Apply patches available from the vendor.


3.

5.00

tcp /443 Microsoft ASP.NET SOAP RequestDenial of Service

The version of ASP.NET detected running on this host is vulnerableto a remote denial of service attack. An attacker can send a speciallycrafted XML request, the 'aspnet_wp.exe' executable enters into aninfinite loop, spiking the CPU utilization until the process is stopped.


• Virtual Host: 207.231.222.115

Upgrade your version of ASP.NET to the most recent version availablefrom the vendor.







































http://support.microsoft.com/lifecycle/?LN=en-us&x=9&y=15&p1=3198

http://support.microsoft.com/lifecycle/?LN=en-us&x=9&y=15&p1=3198



http://www.securityfocus.com/bid/17188

http://xforce.iss.net/xforce/xfdb/25392





• Match: '1.1.4322' is greater than or equal to '1.0.2204.0'• Match: '1.1.4322' is less than '1.1.4322.2310'

CVE: CVE-2005-2224NVD: CVE-2005-2224Bugtraq: 14217Reference: http://secunia.com/advisories/16005

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P (Base Score:5.00)

4.

4.30

tcp /443 Microsoft ASP.NET Unicode XSSDetection Bypass

The version of Microsoft .NET identified running on this server isvulnerable to a security restriction bypass attack. An attacker canuse unicode encoded strings to bypass cross site scripting detectionmethods built in to .NET.


• Virtual Host: 207.231.222.115• Match: '1.1.4322' is greater than or equal to '1.0.2204.0'• Match: '1.1.4322' is less than '1.1.4322.2310'

CVE: CVE-2005-0452NVD: CVE-2005-0452Bugtraq: 12574Reference: http://secunia.com/advisories/14214

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N (Base Score:4.30)

Apply patches available from the vendor.


5. 2.60 tcp /443tcp /80

Microsoft IIS 6.0 Log InjectionVulnerability

In some configurations Internet Information Server version 6.0 isvulnerable to an issue which allows attackers to inject malicious textinto log files via an HTTP request in conjunction with a crafted DNSresponse. According to the version of IIS detected, this issue may existif the server is configured with client IP address resolution enabled. Ifenabled, there is a chance that an attacker could exploit this issue toperform an "Inverse Lookup Log Corruption (ILLC)" attack.

Service: (443) Microsoft-IIS/6.0Evidence:

• Virtual Host: 207.231.222.115• Match: '6.0' is greater than or equal to '6.0'• Match: '6.0' is less than '7.0'

Service: (80) Microsoft-IIS/6.0

Ensure reverse DNS resolution is disabled in IIS if it not needed.





http://secunia.com/advisories/16005




http://secunia.com/advisories/14214





Evidence:• Virtual Host: 207.231.222.115• Match: '6.0' is greater than or equal to '6.0'• Match: '6.0' is less than '7.0'

CVE: CVE-2003-1582NVD: CVE-2003-1582Reference: http://www.securityfocus.com/archive/1/313867Reference:http://support.microsoft.com/kb/245574

CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N (Base Score:2.60)

6. 0.00 - Predictable IP ID SequenceNumber

If the IP ID value is predictable, a host can be used as a third partyto perform IP ID header scanning, also known as idle scanning. IP IDheader scanning requires the ID values returned from the third party tobe incremental so that accurate scan results can be gathered.

Evidence:• IP ID Sequence Number Analysis: Incremental• IP ID Sequence Number Sample: 26373, 26374, 26375, 26376,

26377, 26378

Reference: http://en.wikipedia.org/wiki/Idle_scan


Contact your vendor for a fix.

7. 0.00 tcp /443 SSL Certificate is Not Trusted

It was not possible to validate the SSL certificate, and thus it couldnot be trusted. Users may receive a security warning when using thisservice. This occurs because either the certificate or a certificate inits chain has issues that prevent validation. Some examples of theseissues are, but not limited to, a certificate having expired, the hostnamedoes not have match the name on the certificate, or the certificate isnot signed by a well-known Certificate Authority (CA).


• Subject: /CN=PELICAN.pelicanhotel.com• Issuer: /C=US/CN=Fidelio• Certificate Chain Depth: 0• Reason: The hostname on the certificate does not match any of the

hostnames provided to the scanner.• Reason: One or more certificates in the chain cannot be validated.


If this certificate is associated with a service accessible to the generalpublic, you may want to consider acquiring a certificate from a well-known CA, and that it is not expired.



http://www.securityfocus.com/archive/1/313867

http://support.microsoft.com/kb/245574

http://en.wikipedia.org/wiki/Idle_scan





8. 0.00 tcp /443 OV/DV Certificate Detected

This SSL service appears to be using an SSL certificate that has beenvalidated at either the organizational (OV) or domain (DV) levels.Modern web browsers recognize certificates that have been issuedusing a higher level of validation. Such certificates are known asExtended Validation, or "EV" certificates.


• Subject: /CN=PELICAN.pelicanhotel.com• Issuer: /C=US/CN=Fidelio• Certificate Chain Depth: 0


Consider contacting your Certificate Authority (CA) about theavailability of Extended Validation certificates. Since the number ofCA's that are authorized to issue EV certificates increases regularly, itis possible that this finding may not be accurate. If you believe that youare already using an EV certificate, please submit an appeal via theTrustKeeper user interface.

9. 0.00 tcp /443 SSL Certificate Common NameDoes Not Validate

This SSL certificate has a common name (CN) that does not appearto match the identity of the server. Modern browsers may present awarning to users who attempt to browse this service as it is currentlyconfigured. Note that in some networks in which load balancersare used, it may not be possible for the scanner to perform this testcorrectly.


• Subject: /CN=PELICAN.pelicanhotel.com• Issuer: /C=US/CN=Fidelio• Certificate Chain Depth: 0• Hostnames provided to scanner: 207.231.222.115• Subject CN: PELICAN.pelicanhotel.com• Subject Alternative Name: PELICAN.pelicanhotel.com


Check your certificate to ensure it is installed on the correct service.Verify that you have added the domain name or fully qualified virtualhost name of the system to your Network Questionnaire. Additionally,check your DNS servers to ensure that the domain name is properlymapped to the correct IP address.

10. 0.00 tcp /443 SSL Certificate Chain Not Trusted

An SSL certificate in the certificate chain does not validate with a well-known Certificate Authority (CA). Users may receive a security warningwhen using this service. The certificate chain includes all intermediarycertificates, in addition to the root certificate, that is used to validateyour certificate.


• Subject: /CN=PELICAN.pelicanhotel.com

Ensure that intermediary certificates that are provided via the SSLservice are the correct ones, and that they have not been revoked orexpired.





• Issuer: /C=US/CN=Fidelio• Certificate Chain Depth: 0• Reason: The certificate's issuer certificate could not be identified.• Reason: Errors in the certificate chain prevent the certificate from

being verified.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N (Base Score:0.00)

11. 0.00 tcp /443 Discovered HTTP Methods

Requesting the allowed HTTP OPTIONS from this host shows whichHTTP protocol methods are supported by its web server. Note that,in some cases, this information is not reported by the web serveraccurately.


• Virtual Host: 207.231.222.115• URL: https://207.231.222.115/• Methods: OPTIONS, TRACE, GET, HEAD


Review your web server configuration and ensure that only thoseHTTP methods required for your business operations are enabled.

12. 0.00 tcp /443 Discovered Web Directories

It was possible to guess one or more directories contained in thepublicly accessible path of this web server.


• Virtual Host: 207.231.222.115• URL: https://207.231.222.115:443/certsrv/• HTTP Response Code: 200• URL: https://207.231.222.115:443/exchange/• HTTP Response Code: 302• URL: https://207.231.222.115:443/public/• HTTP Response Code: 302


Review these directories and verify that there is no unintentionalcontent made available to remote users.

13. 0.00 tcp /443tcp /80

No Hostname Entered For ThisWeb Server

This host is running a web server and does not have a fully-qualifieddomain name (i.e. www.example.com) associated with it.

Service: (443) Microsoft-IIS/6.0Service: (80) Microsoft-IIS/6.0

If your organization owns a domain name that corresponds to thisweb server, add it to the scan parameters from within the TrustKeeperportal.

https://207.231.222.115/

https://207.231.222.115:443/certsrv/

https://207.231.222.115:443/exchange/

https://207.231.222.115:443/public/






14. 0.00 tcp /443tcp /443tcp /443tcp /443tcp /443tcp /443

HTTP Responses MissingCharacter Encoding

During the crawl of the HTTP service, we detected HTML and/orXML documents that were missing any indication of their characterset encoding. The server and the pages it serves are responsible forindicating the character set used to encode the documents. Typically,these are indicated within the "Content-type" HTTP header, a 'meta'HTTP-equiv HTML tag, or an XML document encoding header.Without these, some web browsers may attempt to guess the characterset encoding of the document by making a guess based on whatsavailable. The danger in this is when browsers guess the incorrectencoding, resulting in a misinterpretation of the document. In caseswhere a webpage will reflect user-supplied information, an attackercould provide a specially-crafted string that could trick a web browserinto decoding the document as a specific character set. If this specially-crafted string were HTML code encoded in the character set, theattacker could perform a cross-site scripting attack.


• Virtual Host: 207.231.222.115• URL: https://207.231.222.115:443/certsrv/


• Virtual Host: 207.231.222.115• URL: https://207.231.222.115:443/certsrv/Default.asp


• Virtual Host: 207.231.222.115• URL: https://207.231.222.115:443/certsrv/certcarc.asp


• Virtual Host: 207.231.222.115• URL: https://207.231.222.115:443/certsrv/certckpn.asp


• Virtual Host: 207.231.222.115• URL: https://207.231.222.115:443/certsrv/certrqbi.asp


• Virtual Host: 207.231.222.115

It's important that all documents served by the HTTP server providethe correct character set for their encoding. The provided links willprovide information on the proper ways for indicating the character setencoding.

https://207.231.222.115:443/certsrv/

https://207.231.222.115:443/certsrv/Default.asp

https://207.231.222.115:443/certsrv/certcarc.asp

https://207.231.222.115:443/certsrv/certckpn.asp

https://207.231.222.115:443/certsrv/certrqbi.asp





• URL: https://207.231.222.115:443/certsrv/certrqma.asp

Reference: http://code.google.com/p/browsersec/wiki/Part2#Character_set _handling_and_detectionReference: http://wiki.whatwg.org/wiki/Web_Encodings


15. 0.00 tcp /443tcp /443tcp /80tcp /80

Enumerated Applications

The following applications have been enumerated on this device.


• Virtual Host: 207.231.222.115• CPE: microsoft:asp.net• Version: 1.1.4322


• Virtual Host: 207.231.222.115• CPE: microsoft:iis• Version: 6.0


• Virtual Host: 207.231.222.115• CPE: microsoft:asp.net• Version: unknown


• Virtual Host: 207.231.222.115• CPE: microsoft:iis• Version: 6.0


No remediation is required.

16. 0.00 tcp /443tcp /80

No X-FRAME-OPTIONS Header

This host does not appear to utilize the benefits that the X-FRAME-OPTIONS HTTP header element offers. This header may beimplemented to prevent pages on this system from being used in partof a click-jacking scenario. The X-FRAME-OPTIONS header specifieswhat systems (if any) are allowed to refer to pages on this system(when the page is to appear within a HTML frame type of object).


Consider utilizing the X-FRAME-OPTIONS header option to preventclick-jacking type of attacks.

https://207.231.222.115:443/certsrv/certrqma.asp

http://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection

http://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection

http://wiki.whatwg.org/wiki/Web_Encodings

http://wiki.whatwg.org/wiki/Web_Encodings





• Virtual Host: 207.231.222.115


• Virtual Host: 207.231.222.115

Reference: https://www.owasp.org/index.php/Clickjacking#X-FRAME-OPTIONS


17. 0.00 tcp /443 Enumerated SSL/TLS CipherSuites

The finding reports the SSL cipher suites for each SSL/TLS serviceversion provided by the remote service. This finding does not representa vulnerability, but is only meant to provide visibility into the behaviorand configuration of the remote SSL/TLS service. The informationprovided as part of this finding includes the SSL version (ex: TLSv1) aswell as the name of the cipher suite (ex: RC4-SHA). A cipher suite is aset of cryptographic algorithms that provide authentication, encryption,and message authentication code (MAC) as part of an SSL/TLSnegotiation and through the lifetime of the SSL session. It is typical thatan SSL service would support multiple cipher suites. A cipher suite canbe supported by across multiple SSL/TLS versions, so you should beof no concern to see the same cipher name reported for multiple


• Cipher Suite: SSLv3 : DES-CBC3-SHA• Cipher Suite: SSLv3 : RC4-SHA• Cipher Suite: SSLv3 : RC4-MD5• Cipher Suite: TLSv1 : DES-CBC3-SHA• Cipher Suite: TLSv1 : RC4-SHA• Cipher Suite: TLSv1 : RC4-MD5

Reference: http://www.openssl.org/docs/apps/ciphers.html


No remediation is necessary.

18. 0.00 tcp /61031 TCP Timestamp Options Enabled

The remote service supports TCP Timestamps, which are detailedin RFC1323. This information can potentially be used to discover theuptime of the remote system.

Service:\xc1\x02\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Evidence:

If you are concerned about the exposure of uptime of your systems,disable support for TCP Timestamps, if possible. This would be vendorspecific.

https://www.owasp.org/index.php/Clickjacking#X-FRAME-OPTIONS

https://www.owasp.org/index.php/Clickjacking#X-FRAME-OPTIONS

http://www.openssl.org/docs/apps/ciphers.html





• Timestamp: 12209650

Reference: http://www.ietf.org/rfc/rfc1323.txt


http://www.ietf.org/rfc/rfc1323.txt

Full Vulnerability Scan : Appealing Report Findings Apr 17, 2013


Appealing Report FindingsIn some cases, you may find it necessary to submit an appeal of one of the vulnerability findings in the report. The TrustKeeper Appeal Process is an easy-to-use service offeredthrough the TrustKeeper Web site which you may use to request that one or more of the findings be reconsidered or removed from the report.

The TrustKeeper Appeal Process may be useful to you if one of the following circumstances apply:

• You or your hosting center applies upgrades, patches or "back ports" which do not alter the versioning information gathered by the scanner• You are in a shared environment, such as a hosting center, and you believe that an identified policy violation does not apply to you. For example, an Internet-accessible

database may be identified as a policy violation; however, you do not use that database to store any sensitive information.• You believe that one of the findings is inaccurate.

Please note that if you make changes to your network in order to address a finding (e.g., you install or reconfigure a firewall), you should request a new scan to validate that thechanges adequately addressed the relevant issue. Appeals should only be used to make administrative changes to your report in cases where a new scan would not detect anydifferences.

Full Vulnerability Scan : Accessible Systems and Services Apr 17, 2013


ACCESSIBLE SYSTEMS AND SERVICESReading Your Scan Inventory

The vulnerability scan reveals Internet-accessible hosts and network services available on your network. The following systems (e.g., servers, routers, etc.) and network services(e.g., Web and mail servers) were discovered during the vulnerability scan. As a general rule, all unnecessary network services should be disabled, and all other services should beprotected by either firewall rulesets of router access control lists (ACL's). Only those services which must be available to the public should be visible from the Internet.

Pings

Hosts which respond to ICMP "pings" are explicitly identified in the Device column. It is generally considered to be good practice to block inbound pings in either router ACL's orfirewall rulesets; however, this decision may be affected by network monitoring needs and other considerations.

Names

A system may be known by many names. For example, a server that offers Web and mail services may be known as both www.mycompany.com and mail.mycompany.com. Thisreport includes as many names as could be identified, including public domain names, Windows domain/workgroups, Windows name, and the "real" name assigned in your DNSserver.

Service State

A large number of services (e.g., TCP and UDP ports) are probed during the scan. Ports will either be listed as being open, closed, or filtered, as described below:

• Open: The service is "up" and waiting for connections from remote users.• Closed: The service (or a filtering device "in front of" the service) explicitly rejected the connection attempt.• Filtered: There was neither a positive nor negative response. The connection request "timed out," meaning either no service was present, or a filtering device is configured to

ignore requests to connect to the port in question.

You should review this list to ensure that only those services you intend to offer to the public are accessible (i.e., "open"). All other "internal" services should be protected using eitherrouter access control lists (ACL's) or firewall rulesets.

Full Vulnerability Scan : Inventory Apr 17, 2013


InventoryService Information# - 6 Device ICMP

PingPossible SystemType(s)

Port Protocol Application Details

1. 66.184.163.154 (victor)PING

There were no open ports found at this address.

All other scanned ports were CLOSED

2. 68.153.170.239 (kitchen)adsl-068-153-170-239.sip.mia.bellsouth.net.

PINGThere were no open ports found at this address.

All other scanned ports were UNKNOWN

3. 68.153.182.156 (carlyle)adsl-068-153-182-156.sip.mia.bellsouth.net.

PINGDigital tcp/80 http http mini_httpd/1.19 19dec2003


4. 74.246.22.122 (cardozo)adsl-074-246-022-122.sip.mia.bellsouth.net.

PINGtcp/23 telnet telnet (none) login:

tcp/80 http http Cross Web Server

tcp/6036 generic_tcp - head\x00\x00\x00\x00z\x00\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x


5. 108.132.28.44 (medi)adsl-108-132-28-44.mia.bellsouth.net.

PINGThere were no open ports found at this address.


6. 207.231.222.115 (Pelican)h-207-231-222-115.isnbroadband.net.

Microsoft (Windows) tcp/80 http microsoft:iis Microsoft-IIS/6.0

tcp/443 https microsoft:iis Microsoft-IIS/6.0

tcp/61002 generic_tcp - -

tcp/61031 generic_tcp - \xc1\x02\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0

All other scanned ports were FILTERED

Full Vulnerability Scan : Accessible Web Servers Apr 17, 2013


ACCESSIBLE WEB SERVERSIt is important to pay special attention to the security of your Web servers. This section provides a convenient list of all of the Web servers found in the course of the networkscan based on the network parameters you provided in the Network Questionnaire. Information profiled includes the server type (e.g., Microsoft IIS or Apache) and the title of thedefault Web page. You should ensure that all Web servers listed in this section are authorized and intended to be running in your network since many systems will inadvertently beconfigured with some type of Web server when they are installed. In addition, many network devices (e.g., routers, switches and print servers) may have Web-based managementinterfaces of which you may not have been aware. Whenever possible, unused Web interfaces should be disabled or, at a minimum, password protected.

# -4 System IP Address Domain Name Port Server Type Default Status and Title/Redirect

1. 68.153.182.156 tcp / 80 mini_httpd/1.19 19dec2003

2. 74.246.22.122 tcp / 80 Cross Web Server

3. 207.231.222.115 tcp / 80 Microsoft-IIS/6.0 (403) The page must be viewed over a secure channel Redirectto unknown

4. 207.231.222.115 tcp / 443 Microsoft-IIS/6.0 (200) PelicanMail Redirect to unknown

Full Vulnerability Scan : SSL/TLS Certificate Information Apr 17, 2013


SSL/TLS Certificate InformationSeveral network services, most notably HTTPS ("Secure Web"), employ certificates which contain information about the service which can be used by connecting clients toauthenticate the identity of the server. For Web servers, the certificate is intended to authenticate the domain name (e.g., www.yoursite.com) of a web site. For example, a homebanking application should be run on a web server which provides a certificate to its clients' Web browsers proving that the web server they are connected to is actually the one theyintended to use.

In order to provide users with confidence in the site they are visiting, the certificate should be issued by a well-known certificate authority instead of self-generated. In some cases,such as in a private network, self-generated certificates may be used; however, those users should have confidence in the internal issuing authority.

This table provides a summary of the certificates found in your network, including expiration date and issuer of each certificate.

# -1 Service Common Name Expires Details

1. 207.231.222.115 : 443 (https) PELICAN.pelicanhotel.com 2008-12-2303:53:27

Expired

Issued To: /CN=PELICAN.pelicanhotel.com

Issued By: /C=US/CN=Fidelio

Fingerprint: 54:41:DA:CB:03:67:1F:ED:83:57:4C:F2:7A:F3:73:D1

Prova Ebooks

Documents

Transcript of Prova Ebooks