Security Audit Ppt
Transcript of Security Audit Ppt
-
8/14/2019 Security Audit Ppt
1/24
Security Audit Page 1www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Security Testing:Step by Step System Audit with Rational
Tools
First Presented for:
The Rational User's Conference
Orlando, FL 2002
with:Chris Walters
Scott Barber
Chief Technology Officer
PerfTestPlus, Inc.
-
8/14/2019 Security Audit Ppt
2/24
Security Audit Page 2www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Agenda
Threat Analysis
Security Arenas & Policies
Arsenal of Tools
Security Audits
-Security Test Plan
- Systems Lockdown- Internal Testing-
External Testing- Reporting
-
8/14/2019 Security Audit Ppt
3/24
Security Audit Page 3www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Threat Analysis
Statistics of Breaches
Reported denial of service (DOS) attacks55%
Will or able to quantify losses totaling $455,848,00044%
Acknowledged financial loss due to breach80%
Detected computer security breach90%
-
8/14/2019 Security Audit Ppt
4/24
Security Audit Page 4www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Threat Analysis Cont.
Examples
-NIMDA Virus
- Code Red- Remote Denial Of Service
-AOL Instant Messenger Buffer OverflowExamples
-
8/14/2019 Security Audit Ppt
5/24
Security Audit Page 5www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Security Arenas
Access Control Systems
Telecommunications & NetworksSecurity ManagementApplication & System Development
CryptographyArchitecture & ModelsOperations SecurityLaw, Investigation, & EthicsBusiness Continuity & Disaster RecoveryPhysical Security
-
8/14/2019 Security Audit Ppt
6/24
Security Audit Page 6www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Security Policy
Risk Management- Incident Response- Point of Contact
Disaster Recovery
-Personal DataBackup
Security Training- Social Engineering
- Best Practices
The Site Security PoliciesProcedure Handbookhttp://www.ietf.org/rfc/rfc2196.txt?Number=2196
The SANS Security PolicyProjecthttp://www.sans.org/newlook/resources/policies/policies.htm
http://www.sans.org/newlook/resources/policies/policies.htmhttp://www.sans.org/newlook/resources/policies/policies.htm -
8/14/2019 Security Audit Ppt
7/24
-
8/14/2019 Security Audit Ppt
8/24
Security Audit Page 8www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Arsenal of Tools Cont.
Tools that assist in auditing security- Rational TestStudio- Nessus- Internet Security Scanner
-
8/14/2019 Security Audit Ppt
9/24
Security Audit Page 9www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Security Audits
Security Test Plan
Systems Lockdown
Internal Testing
External Testing
Reporting
-
8/14/2019 Security Audit Ppt
10/24
Security Audit Page 10www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Security Test Plan Gathering Data
Hardware Architecture-Firewalls, Routers, Gateways, Switches-Web Servers-Database Servers
Software Architecture-Client/Server-Web Based
User Model-SysAdmin-DBA-General User
-
8/14/2019 Security Audit Ppt
11/24
Security Audit Page 11www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Security Lockdown
Hardening Systems
-Windows
- Solaris- Linux
Viruses etc.- Trojan Horses- Worms- Macros
-Viruses
-
8/14/2019 Security Audit Ppt
12/24
Security Audit Page 12www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
System Lockdown
Firewalls
-DMZ
- Open Ports- Bypassing
-
8/14/2019 Security Audit Ppt
13/24
Security Audit Page 13www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Internal Penetration Test
Port Sniffing#include
string host = "www.rational.com"; int port, bytes;
{
push [Timeout_val=10, Think_avg=0,Connect_retries=0];
for (port=20; port < 81; port++) {
display (itoa(port));
sut = sock_connect("sut", host + ":" +
itoa(port));
if (sut > 0) { setServer_connection = sut;
sock_send "";bytes = sock_isinput();
sock_nrecv ["sut~" + itoa(port)]
bytes;
}
}
}
IP Aliasing in TestStudio
-
8/14/2019 Security Audit Ppt
14/24
Security Audit Page 14www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
DEMO Hacking from the Inside
-
8/14/2019 Security Audit Ppt
15/24
Security Audit Page 15www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
External Penetration Test
Packet Sniffing
-Network Recording between servers
ClearText Transmissions- Record possible unencrypted data traffic
(Distributed) Denial Of Service Attack- Simulate using Virtual Testers with no delays in
multiple locations
Buffer Overflow- Playback with larger that allowed fields for POST
data submissions
-
8/14/2019 Security Audit Ppt
16/24
Security Audit Page 16www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
External Penetration Test Cont.
Brute Force Cracking- Playback with DataPools of usernames and passwords
#include
string host = "www.rational.com";{
push [Timeout_val=10, Think_avg=0, Connect_retries=0];
do {
rational_com = http_request [Brute F~001]"www.rational.com:80",
HTTP_CONN_DIRECT,"POST /login/loginprocess.jsp HTTP/1.1\r\n"
"Accept: image/gif, image/x-xbitmap, image/jpeg,image/pjpeg, applicat"
"ion/vnd.ms-powerpoint, application/vnd.ms-excel,application/msword, */*\r\n"
"Accept-Language: en-us\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; WindowsNT 5.0)\r\n"
"Host: www.rational.com\r\n"
"Connection: Keep-Alive\r\n\r\n";
-
8/14/2019 Security Audit Ppt
17/24
Security Audit Page 17www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
DEMO Breaking in with Robot
-
8/14/2019 Security Audit Ppt
18/24
Security Audit Page 18www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Wireless Security
WAP & ECC
-Audit security at the gateway and beyond withTestStudio
Emulators & TestStudio-
Audit security between device and gateway802.11 & WEP
- Audit security using TestStudio just like on a wirednetwork
-
8/14/2019 Security Audit Ppt
19/24
Security Audit Page 19www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Reporting the Results
Defect reporting
-Incorporate ClearQuest
Coverage reporting- Incorporate RequisitePro
Custom reporting using TestStudio- Incorporate Manual test- Created using Crystal Reports and SoDA
-
8/14/2019 Security Audit Ppt
20/24
Security Audit Page 20www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Common Security Holes
Vulnerable CGI Programs
Global File Shares
Weak Passwords
Default SNMP Settings
Microsoft IIS HolesSocial EngineeringVulnerable
-
8/14/2019 Security Audit Ppt
21/24
Security Audit Page 21www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Other Resources
Websites
-www.sans.org
- www.happyhacker.org- www.antionline.com- www.securityfocus.com
-csrc.nist.gov
- www.antionline.com- And many more!
RFC Documents
-www.ietf.org/rfc.html
Training
Periodicals
Books
-Maximum Security
- Practical UNIX & InternetSecurity
- Web Security &Commerce
- Building InternetFirewalls
-
And many more!
-
8/14/2019 Security Audit Ppt
22/24
Security Audit Page 22www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Conclusion
If you are connected, you are at risk
Security policies are requiredIncident response forms are a must
Security audits are the only way to test your
security
-
8/14/2019 Security Audit Ppt
23/24
Security Audit Page 23www.PerfTestPlus.com 2006 PerfTestPlus, Inc. All rights reserved.
Questions?
Rational User Conferenc 2002
C t t I f
-
8/14/2019 Security Audit Ppt
24/24
Security Audit Page 24www.PerfTestPlus.com 2006 PerfTestPlus Inc All i ht d
Contact Info
Scott BarberChief Technology Officer
PerfTestPlus, Inc
E-mail:
Web Site:
www.PerfTestPlus.com
mailto:[email protected]://www.perftestplus.com/http://www.perftestplus.com/mailto:[email protected]