Vulnerability scanning report by Tareq Hanaysha
-
Upload
tareq-hanaysha -
Category
Technology
-
view
370 -
download
5
description
Transcript of Vulnerability scanning report by Tareq Hanaysha
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
0
0
Vulnerability Scanning Executive Summary Using Tenable Nessus & Nsauditor Network Security auditor In this executive summary, we will go visually through the vulnerability scan we`ve done using Nessus and Nsauditor by providing the reader with screen shoots to clarify our scan and to make it easier for the readers to understand our vulnerability scan procedures, then we will introduce our work and give a summary of our findings, vulnerabilities, risks and threats, and try to find solutions or recommendations for these security problems in our conclusion.
2008
By: Tareq Hanaysha Submitted to: Ali Shan Ahmad Francis Gichohi Maysara Hamdan Concordia University College of Alberta
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
1
1
Table of Contents
1. Introduction………………………………………………………………………….……………………….……2
I. Purpose………………………………………………………………………………………………………………………………..……..2
II. Scope ………………………………………………………………………………………………………………………………..………..3
2. Risk Assessment Approach……………………………………..………..3
I. The participants………………………………………………………………………………………………………………..…………3
II. Techniques used to gather information…………………………………………………………………………………..…..4
III. Development & descriptions of risk scale…………………………………………………………………………………….5
3. System Characterization………………………………………………………….8
I. Technology Component …………………………………………………………………………………………………………………….8
II. Physical Location…………………………………………………………………………………………………………………..…………..8
III. Data Used By the system …………………………………………………………………………….……..…………………….………9
4. Threat Statement……………………………………………………….…………………………….9
5. Risk Assessment Results …………………………….………………………...10
6. Scan & Assessment Results …………………………….……………….10
7. Summary ……………………………………………………………………………………………………………….21
8. Conclusion …………………………………………………………………………………………………………22
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
2
2
1. Introduction
The Internet is virtual minefield of vulnerabilities and exploits, in which it is no longer
possible to review and identify all of the possible holes in network systems. Security scanning and
auditing are critical in identifying and closing holes in system and network defenses. Security holes
come in many forms and can happen on any network connected device.
Tenable's Nessus Vulnerability Scanner and Nsauditor are counted among the world's
premier security scanners. An active security scanner is a piece of software that connects to network
machines and determines if the machine is vulnerable to any flaws which might place it at risk of
being successfully attacked. The job of the Nessus Vulnerability Scanner is to help the security
team and administrators gain an understanding of the current level of security on the network.
I. Purpose
The purpose of this risk assessment or scan is to evaluate the security holes and the missing
windows patches that might help to protect our system and harden it against know vulnerabilities as
well as assessing our network like TCP protocols, ports, and the vulnerabilities using Nessus client
analyser.
The ultimate objective is to learn to install, configure, and use an open-source security
auditing tool; our utilities of choice in this lab are NESSUS and Nsauditor. Nessus is one of the
most widely used security auditing tool in the open source community. This lab will cover not only
the installation and use of the utility, but also how to interpret the results.
There are many unique features of the Nessus technology which can help any organization
to assess and remediate threats. When looking at scanning technologies, it is important to
understand the technical merits of the scanner in order to ensure that you get the best results.
Scanners are typically evaluated for their:
Accuracy
Stability
Speed
Ability to detect network and host-based flaws
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
3
3
II. Scope
This Risk Assessment Report will be done on the local host of my system, and will evaluates
the confidentiality, integrity and availability of the information on or pass through my system .we
will do port scanning too using the network in the house, and try to find out which patches are
missing in the systems through the patch hot fix scan.
2. RISK ASSESSMENT APPROACH
To conduct our risk assessment and vulnerability scan we used Nessus and Nsauditor
software on my computer, and we tried to scan the rest of the computers on the same network from
my machine, Nessus reported the vulnerabilities of my system and classified them as high, medium
and low risks, with color codes, red, orange and green, a report were provided by Nessus after the
scan and the report is attached with this summary for more details.
I. Participants In the assessment
Role Participant
System Owner Tareq Hanaysha
System Custodian Ali Shan
Security Administrator Maysara Hamdan
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
4
4
II. Techniques used
Technique Description
Nessus client Scan Proprietary comprehensive vulnerability
scanning software. It is free of charge for
personal use in a non-enterprise
environment. Its goal is to detect potential
vulnerabilities on the tested systems.
Nsauditor network security analysis tool Network auditing software which combines
in one product Vulnerability Scanning,
Network Monitoring and Network
Inventory. Nsauditor allows monitoring
network computers for possible
vulnerabilities, checking enterprise network
for all potential method that hackers might
use to attack it and create a report of
potential problems that were found.
Nsauditor is a complete networking utilities
package that includes more than 45
network tools and helps network
administrators to identify security holes
and flaws in their networked systems. The
program also includes firewall system, real-
time network monitoring, packet filtering
and analyzing.
Software description is taken from the lab requirements belongs to mike
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
5
5
III. Risk Scale
In determining risks associated with our systems, we used the following formula for classifying
risk:
Risk = Threat level X Magnitude of Impact
And the following definitions:
Level Definition
Level Definition
High
(1.0)
The threat source is highly motivated and sufficiently capable, and
controls to prevent the vulnerability from being exercised are
ineffective.
Medium
(0.5)
The threat source is motivated and capable, but controls are in place
that may impede successful exercise of the vulnerability.
Low
(0.1)
The threat source lacks motivation or capability, or controls are in
place to prevent, or at least significantly impede, the vulnerability
from being exercised.
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
6
6
Impact Definition
Magnitude
of Impact
Impact Definition
High
(100)
The loss of confidentiality, integrity, or availability could be expected to
have a severe or catastrophic adverse effect on my computer operations, on
my assets, or on me personally.
• Major damage to my assets
• Major financial loss
Medium
(50)
Significant degradation in mission capability to an extent and duration that
my computer won’t be able to perform its primary functions, but the
effectiveness of the functions is significantly reduced.
• Significant damage to my assets
• Significant financial loss
• Significant harm to me that does not involve loss of my life or serious life
threatening injuries.
Low
(10)
Degradation in mission capability to an extent and duration that my
computer won`t perform its primary functions, but the effectiveness of the
functions is noticeably reduced
• Minor damage my assets
• Minor financial loss
• Minor harm on me.
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
7
7
Corrective action needed based on the impact of the risk
Magnitude
of Impact
Corrective action needed
High There is a strong need for corrective measures. An existing system
may continue to operate, but a corrective action plan must be put in
place as soon as possible.
Medium Corrective actions are needed and a plan must be developed to
incorporate these actions within a reasonable period of time.
Low The system’s Authorizing Official must determine whether corrective
actions are still required or decide to accept the risk.
Risk was calculated as follows:
Threat
Level
Low (10) Medium (50) High (100)
High (1.0) Low Risk (10 x 1.0 =
10)
Medium Risk (50 x 1.0 =
50)
High Risk (100 x 1.0 =
100)
Medium
(0.5)
Low Risk (10 x 0.5 =
5)
Medium Risk (50 x 0.5 =
25)
Medium Risk (100 x 0.5 =
50)
Low (0.1) Low Risk (10 x 0.1 =
1)
Low Risk (50 x 0.1 = 5) Low Risk (100 x 0.1 = 10)
Risk Scale: High (>50 to 100); Medium (>10 to 50); Low (1 to 10)
Personally Includes:
identifiable • Name
information
• Address (current and previous)
• Phone Number • SSN # • DOB
Vehicle
information
Includes • Vehicle identification
number • Tag # • Date of last
emissions test
Financial • Credit card #
information • Verification code • Expiry date
• Card type • Authorization
reference • Transaction
reference
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
8
8
3. SYSTEM CHARACTERIZATION
I. Technology components
Component Description
Applications Apache server is running on my system and the
local host is being used be Nessus to test the ports
and vulnerabilities.
Databases MySQL database system
Operating Systems Microsoft Windows vista 32 bit service pack 1
Interconnections Interface to Broadcom card
Protocols TCP,UDP and SSL used for transmission between
client web browser and web server
Networks Checkpoint Firewall
D-link Routers
II. Physical Location
Location Description
Personnel Computers Tareq`s house, hosts 4 computers
connected through wireless network and a
modem.
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
9
9
III. Data Used By System
Data Description
System
identifiable
information
Includes:
• Name
• System
• Ip address
4. THREAT STATEMENT
When I was doing my risk assessment analysis and test, the following threats has been
identified to my system:
Threat source Threat action
Hacker
• Web defacement
• Social engineering
• System intrusion, break-ins
• Unauthorized system access
Computer criminal • Identity theft
• Spoofing
Environment Natural disaster
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
10
10
5. Nessus Scan and risk assessment results
The following table provides an overview of the vulnerabilities assumed to happen and
vulnerabilities founded by our scan and recommended safeguards for our systems:
No Observations Threat
source
Vulnerab
ility
Existing
control
level impac
t
Risk
rating
Recommended control
1 User system password
can be guessed or
cracked
Hackers/
Password
effectivenes
s
Passwords
must be
alphanumeric
and at least 6
characters
Medium Medium Medium Require use of special
characters
2 Cross site scripting Hackers/
Cross-site
scripting
None Medium Medium Medium Validation of all headers,
cookies, query strings, form
fields, and hidden fields (i.e.,
all parameters) against a
rigorous specification of what
should be allowed
3 Data could be
inappropriately
extracted/modified
from
MySQL database by
entering SQL
commands into input
fields
Hackers +
Criminals /
SQL
Injection
Limited
validation
checks on
inputs
High Medium Medium Ensure that all parameters are
validated before they are
used. A centralized
component or library is likely
to be the most effective, as
the code performing the
checking should all be in one
place. Each parameter should
be checked against a strict
format that specifies exactly
what input will be allowed.
4 Web server and
application server
running unnecessary
All /
Unnecessar
y
Services
None Medium Medium Medium Reconfigure systems to
remove unnecessary services
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
11
11
services
5 Disaster recovery plan
has not been
established
Environmen
t /
Disaster
Recovery
Hp backup
and recovery
Medium High Medium Develop and test a disaster
recovery plan
6 Open TCP Port :
49155
was possible
to enumerate
the
Distributed
Computing
Environment
Windows and
router firewall
low Low low Ports must be controlled by
firewall and watched from
remote attacks
7 Web Server Uses
Plain Text
Authentication Forms
An attacker
eavesdroppi
ng the
traffic might
use this
setup to
obtain
logins and
passwords
of valid
users.
No control Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Make sure that every form
transmits its results over
HTTPS
8 Debugging functions
are enabled on the
remote web server.
it has been
shown that
servers
supporting
the TRACE
method are
subject to
cross-site
scripting
attacks,
dubbed XST
for
"Cross-Site
Tracing",
when used
in
conjunction
with various
weaknessesi
n browsers.
An attacker
may use this
flaw to trick
your
No control Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Disable these methods.
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
12
12
legitimate
web users to
give him
their
credentials.
9 Weak Supported SSL
Ciphers Suites
The remote
host
supports the
use of SSL
ciphers that
offer either
weak
encryption
or no
encryption
at all.
No control Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Reconfigure the affected
application if possible to
avoid use of weak
ciphers.
Nessus Scan Process screen shoots and results
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
13
13
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
14
14
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
15
15
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
16
16
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
17
17
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
18
18
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
19
19
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
20
20
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
21
21
6. Summary
The following table provides an overview of the vulnerabilities and recommended safeguards for
my system
Risk Matrix
Vulnerability Risk Level
(High, Medium, Low)
Recommended Safeguard
Cross-site
scripting
Medium Install antivirus software and
constant update for these
programs
Password
strength
high Train the user to use strong
password that is harder to
crack or guess.
SQL
injection
high Use antivirus solution to
protect the database system
Unnecessary
services
low Turn off all uneseccary
services, the can be a hole and
make the system more
vulnerable.
Implementing the recommended safeguards will reduce the overall risk exposure associated with
the general vulnerabilities listed above.
Tareq ,Ali,Maysara
Vulnerability Scanning Executive Summary
22
22
7. Conclusion
NESSUS is not fool-proof or the only system available for vulnerability assessment, but is
one of the many systems that are available for Network Auditing and testing production systems.
With the release of NESSUS 3, there are more than 10,000 plug-in checks. NESSUS plug-in often
include cross-references with Security Focus (Bugtraq ID), CVE, OSVDB, IAVA, and more. Many
NESSUS plug-in also include CVSS severity rankings. These CVSS rankings allow an organization
to quickly categorize their level or risk.