Risk assesment IT Security project
-
Upload
stefan-fodor -
Category
Technology
-
view
776 -
download
2
Transcript of Risk assesment IT Security project
Risk assesment
Risk assessment for the Secret Nuclear Research
Facility
Red Team:Mads, Paul, Vlad Stefan
2nd of November 2011
Overview
Risk Assessment
Recommendations
Resulted Documentation
Planned Network Overview
Actual Network Overview Audit Result
Network Characterization
Physical Location Unknown/Undisclosed
ComponentsServers/Tech LAN : 172.16.1.0/24
Office/Lab LAN : 172.16.2.0/24
VPN connection to Headquarter
One pfSense as router, gateway and firewall
Network Characterization
Server/Tech LAN
Mail Server
Web Server
Database Server
DebManage
Office/Lab LAN
Windows XP for machines in the Research Laboratory
Windows XP as Workstations
Undisclosed number employees and workstations
Authorized User
Employees of the SRNF
System Characterization - Clients
Hardware
Desktop PC
Software
Windows XP
Firefox web browser
Thunderbird Mail Client
Office Suite
Classified Productivity Tools
Interfaces
RJ-45
CD-ROM
4 x USB port
System Characterization - Servers
Hardware
Blade Server
Software
Debian OS
(DVL OS for Web Server)
Specific Server Daemon Running
SSH Server
Interfaces
RJ-45
CD-ROM
4 x USB port
System Characterization
Data & info
Private PGP key
Confidential organization files
Work files
Secret Research Documents
System Mission
Web surfing for Work Related Issues
Workstations
Classified activities
System Characterization
System&Data criticality
Private PGP key H
Confidential organization files EH
Work files M
Secret Research Documents EH
Data & info
Private PGP key M
Confidential organization files H
Work files M
Secret Research Documents H
L = Low, M= Medium, H = High, EH = Extremely High
Threat Identification
Threat-source
Motivation
Threat action
Hackers, crackers
Challenge, Ego
Hacking
Social Engineering
Unauthorized access
Industrial Espionage
Competitive advantages
Economic exploitation
Information Theft
Social Engineering
Access to classified information
Government Espionage
Law infringement, Insufficient bribery
Information Gathering Social Engineering Access to classified information
Stupid user/administrators
Stupidity
Misplacement
Physical damage
Misconfiguration
Freelancers(Blue Leader)Money Information Gathering Social Engineering Access to classified information
Vulnerability
Threat source
Threat action
Outdated and unpatched OS(known issues) Windows XP w/o SP
Hackers
System crash
DoS
System failures
Remote Access
Misconfiguration of MySQL root is the only user
(Unauthorized) users
Access to sensitive information
Data tempering
Web Server running on the server LAN using a vulnerab. OS
Users, Hackers
Unauthorized access
PfSense running firewall, gateway, router and DNS server
Malicious users
(Single Point of Failure)
DoS
FTP server used as file serverUsers, Hackers, Secret AgentsAccess to sensitive information Data tempering
Oudates and unpatched software Malicious usersSystem crash DoS System failures Remote Access
Vulnerability Identification
Likelihood Determination
Vulnerability
Threat source
Likelihood Level
Outdated and unpatched OS(known issues) Windows XP w/o SP
Hackers
Medium
Misconfiguration of MySQL root is the only user
(Unauthorized) users
High
Web Server running on the server LAN using a vulnerab. OS
Users, Hackers
Medium
PfSense running firewall, gateway, router and DNS server
Malicious users
Medium
FTP server used as file serverUsers, Hackers, Secret AgentsHigh
Outdated and unpatched software Malicious usersMedium
Impact Analysis
Vulnerability
Threat source
Confidentiality
Integrity Availability
Outdated and unpatched OS(known issues) Windows XP w/o SP
Hackers
Medium
Medium High
Misconfiguration of MySQL root is the only user
(Unauthorized) users
High
High High
Web Server running on the server LAN using a vulnerab. OS
Users, Hackers
Medium
Medium
Medium
PfSense running firewall, gateway, router and DNS server
Malicious users
Medium
Medium
Medium
FTP server used as file serverUsers, Hackers, Secret Agents High
High Medium
Outdated and unpatched software Malicious users Medium Medium
Medium
Risk Determination
Vulnerability
Threat source
Likelihood Level
Outdated and unpatched OS(known issues) Windows XP w/o SP
Hackers
Medium
Misconfiguration of MySQL root is the only user
(Unauthorized) users
High
Web Server running on the server LAN using a vulnerab. OS
Users, Hackers
High
PfSense running firewall, gateway, router and DNS server
Malicious users
Medium
FTP server used as file serverUsers, Hackers, Secret Agents High
Outdated and unpatched software Malicious users Medium
High Impact, High Likelihood
Authorize a penetration testing on the SNRF
Do not call a lock-downDiscreet manner for not to alert Blue Leader
Implement the recommendations resulted from the penetration testing
Control Recommendations
Will be presented in the Penetration testing Report. It is our strong recommendation to implement all the suggested security features presented on resulted after the Penetration Testing.
Resulted Documentation
Questions?
TOP SECRET-----------------U445-12B
This Document is never to be reproducedor leaked to any other except to the staff ofApplied Destruction Inc. Treason chargeswill be set to any who will not obey.