Free Essay

Vulnerability Assessment Penetration Analysis

In:

Submitted By planetlane
Words 972
Pages 4
Vulnerability Assessment Penetration Analysis

A. Memo For Record: IDS upgrade or replacement

Summary of Events: The health care clinic’s network security appliance (combined router/firewall/wireless access point) was hacked and passwords were cracked. Configuration changes to this device opened the network to a Denial-of-Service (DoS) attack. The result of this attack prevented access to patient records and insurance claims as part of their daily routine. The network Intrusion Detection System (IDS) sensor had been previously disabled because of degradation of network performance caused by the device. No advanced notification of system degradation caused by the DoS attack was identified until employees were unable to use the network to perform the jobs.

IDS Definition: Network IDS is part of the external boundary protection and monitoring system.
Threats to the network from external sources are identified and reported using a management console.
With the sensor disabled attacks against the network can be accomplished undetected and reduce response time. “An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSs.” An Intrusion Detection Protection System (IDPS) combines the functions of IDS and IPS into a single hardware/software application package. Sensors can be configured as passive and/or active. A passive IDPS sensor will look at traffic but cannot block or prevent attacks. An active IDPS sensor is designed to inspect all traffic and has to capability to block traffic hence respond to active attacks.

Denial-of-Service Defined: “A denial-of-service (DoS) is an action that prevents or impairs the authorized use of network, systems, or applications by exhausting resources such as central processing units (CPUs), memory, bandwidth, and disk space.” The hacker modified the firewall/router configuration allowed otherwise block addresses, protocols, and traffic. Allowing them to pass through the network security boundary and use up vital resources.

Recommendations: Upgrade existing IDS system verses replacement with a state of the art IDPS sensor. The current sensor was disabled because it was unable to actively filter traffic on the network without causing degradation. Normal causes of this is older equipment not capable of processing traffic fast enough to avoid degradation. Second limitation to IDS it only has the ability to monitor traffic and alert employee of an attack.

New IDPS sensors provide minimal to no degradation to network traffic and can be used as both active and passive device at the same time. In addition to monitoring traffic an IDPS sensor is capable of reacting to events in real time. All the features of an IDS sensor are present with the addition of automated attack responses and anomaly detection. State-of-the-art IDPS sensors use real-time daily definition updates and database threat comparisons to identify attacks. Like anti-virus programs that automate the process of definition updates, IDPS sensors use a similar process to keep the threat database current. Management applications automate the alerting and reporting process to aid in vulnerability assessments and real-time responses to threats. Baseline thresholds can be adjusted and configured to network specific needs rather than cookie cutter one configuration fits all methodology.

The recommendation would be to identify a costing solution for both an upgrade to the existing IDS sensor and the replacement cost for a IDPS. Short term solution is to get the IDS working and project a
IDPS solution as needed and budget allows.

Incident Prevention: In this case a working IDS system could have alerted key staff of an on-going
DoS attack. Steps to harden existing Router/Firewall devices to prevent password cracking will need to be implemented. A Vulnerability Assessment (VA) needs to be completed to identify weaknesses in the current network security configuration and suggest changes. A check list needs to be created that identifies the process of responding to a DoS attack.

VA should clearly establish Internet Service Provider (ISP) procedures that should be followed to request assistance during DoS attacks. Examine IDS or IDPS sensor configuration, alerting, and reporting processes. Network staff notification via email or phone during attacks using IDPS should be covered. Baseline system configurations, network usage, and log file audit processes should be reviewed. Use Internet health monitoring using known websites that provide statistics on latency. Create checklists on how to respond to attacks such as, DoS and have them in paper form for use during attacks. A crash book or continuity folder that provides all these items in one location that provides network topography, administrative password lists, configuration diagrams, emergency contact information, and established checklists/procedures should be included.

Conclusion: Having a plan on how to respond to problems or attacks against the companies network is the key. Documentation of how the systems are configured is critical to this process. Vulnerability
Assessments are designed to identify weaknesses and help to improve network security. A review of the system configurations, processes, and logs will help to determine threats and the associated risks to company assets. An IDS/IDPS sensor is a valuable device that works in conjunction with firewall, router, antivirus applications, and authentication/access lists (ACLs) to provide network security. Establishing checklists and/or procedures on how to respond to attacks, such as DoS are extremely important.
Hardening of equipment, password management, disaster recovery procedures, and restoral processes should be included in a comprehensive VA report. After a significant event or attack a review of these processes and procedures should analysis the effectiveness of this plan. Network security is best performed by providing layers of protection that work together to protect the network and associated
devices.

Similar Documents

Free Essay

Vulnerability Asses Vulnerability Assessment System Penetration and Analysis Testingsment System Penetration and Analysis Testing

...| Vulnerability Assessment System Penetration and Analysis Testing | |Memo | Internal Penetration Testing Tool and Purchase | | | | With the recent attack/hack on agency's network town police department authorities came to a decision to conduct a complete assessment on network vulnerabilities. The main goal of this memo is to assess or evaluate the network penetration tools available in the market. Compare the tools. Cost to buy and implement these tools internally. Hire a professional service to evaluate these tools. In this memo we will cover the internal implementation at high level. In the market there are many penetration tools like a. Nmap - Worlds Best Port Scanner b. Nessus - Vulnerability Scanner c. Metasploit - Exploit framework For testing Vulnerabilities I picked the above three mentioned tools which are widely used in many organizations and would be perfect for this scenario. The penetration tools that could be used to conduct a vulnerability analysis are; Nmap and Nessus which provide a number of penetration testing techniques such as port scanning, Credentialed and uncredentialed scans, enumeration, patch...

Words: 1156 - Pages: 5

Premium Essay

Nt1310 Unit 3 Penetration Test

...using the Penetration Test Execution Standard framework (PTES) to execute the assessment. PTES consists of seven guidelines to follow during an evaluation: Pre-Engagement Interactions occurred when management approved conducting a pen test of the network. Additionally, we have defined the scope of the project, including the goals of the assessment, which tools will be used to conduct the evaluation and how long it will take to complete the penetration test. Intelligence Gathering entails collecting as much information about the network as possible to use during the vulnerability analysis and exploitation phases of the assessment. Specifically,...

Words: 449 - Pages: 2

Premium Essay

Penetration Testing

...Penertation testing Methodology 2.1 Penetration test plans 2.2 NIST penertation testing documentation 2.3 Web application penertation testing 2.4 E-commerece penertation testing 2.5 Network penetration testing 2.6 Common tools and applications for peneration testing 7 2.7 Black box testing, grey box testing, Black/grey box testing 2.8 Social engineering testing 7 3. Test Plan 15 3.1 Task 3.1 Reporting 3.1 Schedule 3.2 Limitation of Liability 3.3 End of Testing 3.1 Unanswered Questions 10 3.4 Signatures 8 3.1 Authorization Letter 8 4. Conclusion 11 5. Bibiography 11 Acronyms 22 Appendix A – Test Case Procedures 23 Abstract This document is a proposal with a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented. This proposal provides an understanding of penetration testing. It discusses the benefits, the strategies and the mythology of conducting penetration testing. The mythology of penetration testing includes three phases: test preparation, test and test analysis. Key Words: Security Testing, Vulnerability Assessment, Penetration Testing, Web Application Penetration Testing. What is a Penetration test? Penetration tests are a great way to identify vulnerabilities that exists in a system or Network that has...

Words: 1995 - Pages: 8

Premium Essay

Nothing Yet

...Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test. Copyright SANS Institute Author Retains Full Rights AD Conducting a Penetration Test on an Organization TABLE OF CONTENTS PAGE Abstract 2 Bibliography ut ho Conclusion rr Limitation of Penetration Testing eta ins The Process and Methodology Planning and Preparation Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Information Gathering and Analysis Vulnerability Detection Penetration Attempt Analysis and Reporting Cleaning Up fu ll r igh ts. What is a Penetration Test? 2 3 3 4 6 7 9 9 10 10 11 12 14 Appendix A: Netcraft (www.netcraft.com) results on www.sans.org Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Chan Tuck Wai (twchan001) © SA Full name: Chan Tuck Wai GIAC userID: twchan001 Course: Security Essentials Version: First (Original Submission) Conference Location: Malaysia NS In sti DETAILS tu te 20 Appendix B: Penetration Testing Tools 02 ,A Page 1 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights. Conducting a Penetration Test on an Organization ...

Words: 5729 - Pages: 23

Premium Essay

Conducting a Penetration Test on an Organization

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test. AD Copyright SANS Institute Author Retains Full Rights Conducting a Penetration Test on an Organization TABLE OF CONTENTS PAGE 2 What is a Penetration Test? 2 fu ll r igh ts. Abstract eta ins The Process and Methodology Planning and Preparation Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Information Gathering and Analysis Vulnerability Detection Penetration Attempt Analysis and Reporting Cleaning Up rr Limitation of Penetration Testing ut ho Conclusion 10 10 Appendix A: Netcraft (www.netcraft.com) results on www.sans.org 12 Appendix B: Penetration Testing Tools 14 tu te 20 ,A 11 02 Bibliography 3 3 4 6 7 9 9 sti DETAILS © SA NS In Full name: Chan Tuck Wai GIAC userID: twchan001 Course: Security Essentials Version: First (Original Submission) Conference Location: Malaysia Key fingerprint...

Words: 5638 - Pages: 23

Premium Essay

Operating Systems Dependency on Penetration Testing

...Operating Systems Dependency on Penetration Testing Michael S. Self University of Maryland University College-Europe Table of Contents Abstract………………………………………………………………………………..…………..3 History and Purpose of Penetration Testing……………………….......................…..………….4 Techniques and Tools for Performing Penetration Testing………….………….……..…………5 Example of Penetration Test Process………………………………....………...…….………….6 References…………………………………………………………………………………………7 Abstract This report will encompass penetration testing of operating systems. It first explains the evolution of penetration testing, and what purpose it serves. It then describes techniques and tools used to perform the tests. The report will conclude with an example of a penetration test. Operating Systems Dependency on Penetration Testing History and Purpose of Penetration Testing According to Pfleeger & Pfleeger 2011 in their book titled ‘Security in Computing’, penetration testing, or pentesting, is a technique used in computer security which an individual, or team of experts purposely tries to hack a computer system. Penetration started as a grey art that was often practiced in an unstructured and undisciplined manner by reformed or semi-reformed hackers. They used their own techniques and either their ‘home grown’ tools, or borrowed and traded ideas with associates. There was little reproducibility or consistency of results or reporting, and as a result the services were hard to integrate into...

Words: 1151 - Pages: 5

Premium Essay

Computer and Technology

...Security testing Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing security testing is not an indication that no flaws exist or that the system adequately satisfies the security requirements. Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation. Actual security requirements tested depend on the security requirements implemented by the system. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from. Confidentiality A security measure which protects against the disclosure of information to parties other than the intended recipient is by no means the only way of ensuring the security. Integrity A measure intended to allow the receiver to determine that the information provided by a system is correct. Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding information to a communication, to form the basis of an algorithmic check, rather than the encoding all of the communication. Authentication This might involve confirming...

Words: 844 - Pages: 4

Premium Essay

Rfp Templete

...developed this Request For Proposal (“RFP”) template to help organizations identify and select a quality security vendor to perform professional services work. This template is absed off templates provided by Foundstone, Verisign, and other security institutions including countless RFP responses Savid has provided. It also lists questions organizations should consider asking potential vendors to ensure that a thorough and comprehensive approach to the project will be taken. This template should apply for a variety of information security projects including: External Network Vulnerability Assessment and Penetration Testing Internal Network Vulnerability Assessment and Penetration Testing Web Application Penetration Testing Dial-In / RAS Security Testing DMZ or Network Architecture Designs / Reviews Wireless Network Assessment and Penetration Testing Virtual Infrastructure Security Assessment Server Configuration Reviews Firewall and Router Configuration Reviews VPN Configuration...

Words: 2629 - Pages: 11

Premium Essay

Sec Paper Testing

...Penetration Testing Submitted By: ___________________________ Course: ___________________________ Professor Name: ___________________________ Date: ____________________________ Introduction: Penetration testing also known as pen testing is the act of testing a PC framework, network and Web application to discover vulnerabilities that an aggressor could take advantage.Pen tests could be mechanized with software applications or they can be performed physically. The procedure incorporates gathering data about the objective before the test (observation), recognizing possible points, endeavoring to soften up (either for all intents and purposes or seriously) and reporting back the discoveries. The primary target of penetration testing is to decide security shortcomings. A pen test can likewise be utilized to test an association's security approach consistence, its representatives' security awareness and the association's ability to distinguish and react to security episodes. [1] The penetration test doesn't stop at just revealing vulnerabilities but it also check the following stride to effectively misuse those vulnerabilities with a specific end goal to demonstrate (or negate) true assault vectors against an association's IT resources, information, people and the physical security. An infiltration test takes into consideration different assault vectors to be investigated against the same target. It is basically the mix of data or vulnerabilities over...

Words: 1886 - Pages: 8

Premium Essay

Vulnerability

...conduct vulnerability assessments is of the upmost importance if a company or organization has information that is confidential or vital in nature. The need to conduct penetration testing should be an ongoing task for organizations as new technologies emerge. Even with security measures in place hackers continue to find ways around the roadblocks which are put in place to secure our networks. Just this month alone the Federal Bureau of Investigation’s network was compromised as a hacker was able to penetrate the emails of one of the organization’s special agents (Brito, 2012). The FBI has some of the most sophisticated computer security measures in place known to man and if their systems can be hacked I assure you that no one is safe. In order to properly examine a computer network for vulnerabilities a company’s information systems manager needs to determine whether such testing can be completed in house or should be outsourced to a penetration testing contractor. It is my belief that penetration testing is best left to contractors whose sole function is in conducting these types of tests, as they are better equipped with the tools and knowledge needed to get an accurate overview of a business network. However, penetration testing should be completed periodically by a business internal IT staff as they can apply updates to prevent vulnerabilities throughout the year and can assist a third party vendor in getting the best snapshot of a network’s vulnerabilities. Take...

Words: 1998 - Pages: 8

Premium Essay

Risk Assessement Plan

...Risk Assessment Plan | IS3110 | | | 11/7/2013 | [Type the abstract of the document here. The abstract is typically a short summary of the contents of the document. Type the abstract of the document here. The abstract is typically a short summary of the contents of the document.] | Risk Assessment Plan A.) Identify key personnel- Involved personnel are CEO, CRO, and CITO. B.) Identify assets – Determined assets are hardware, software, systems, and data. C.) Identify threats- This will identify threats that are a potential danger to data, hardware, and systems D.) Identify vulnerabilities- The process to identify is by implementing and assessment and once identified a penetration test will be implemented E.) Identify and evaluate countermeasures- Identified risks will be counter measured to reduce the risk. F.) Assess threats vulnerabilities, and exploits- Test will be implemented to reduce the threat and help identify the problem. G.) Evaluate risks- The counter measure will be implemented to reduce the impact of the threat. H.) Develop recommendations to mitigate risks- Data taken will be used to reduce the threat and evaluate it. I.) Present recommendations to management- Threats and vulnerabilities and the risk that impacts will be presented. Key Personnel The personnel involved in making the key decisions will be the CEO, CRO, and CITO. No other personnel other than the above mention will play in a role in any of the...

Words: 695 - Pages: 3

Premium Essay

It Information

...A security risk assessment identifies threats and vulnerabilities of IT assets. Further assessment identifies the likelihood that a potential threat will occur or that a vulnerability will be exploited. The elements of an IT Security Risk Assessment include identifying risks, evaluating likelihood of the risk being realized and weighting the potential impact to the company based on costs both out of pocket, future and lost opportunity. Also the potential effect on reputation, down time of computer resource/data availability, and loss of client/stakeholder confidence if security is breached and impacts availability and data security need to be considered in a security risk assessment. A cost benefit analysis is done to determine where the best utilization of security funds will result in the most coverage and mitigate the most risks. Risks can also be transferred or even ignored if the threat is low and the potential cost is low. Penetration testing is a method of evaluating computer and network security by simulating a security attack or breach. This can be an internal or external test or both. I would assume penetration testing is a good method of finding potential threats so it should be part of a security risk assessment or at least be a test after security measures have been put in place. There are multiple types of assessments in security risk management. Asset identification is key, as are assessing threats and vulnerabilities. Once those factors have been...

Words: 288 - Pages: 2

Premium Essay

Test

...Assessment Worksheet 97 LAB #7 – ASSESSMENT WORKSHEET Perform a Website and Database Attack by Exploiting Identified Vulnerabilities Course Name and Number: MNE 310 Student Name: Carl Sizemore Instructor Name: Williams Lab Due Date: 8/10/2014 Overview In this lab, you verified and performed a cross-site scripting (XSS) exploit and an SQL injection attack on the test bed Web application and Web server using the Damn Vulnerable Web Application (DVWA) found on the TargetUbuntu01 Linux VM server. You first identified the IP target host, identified known vulnerabilities and exploits, and then attacked the Web application and Web server using XSS and an SQL injection to exploit the Web application using a Web browser and some simple command strings. Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production 7 Perform a Website and Database Attack by Exploiting Identified Vulnerabilities implementation? Penetration testing highlights what a real-world hacker might see if he or she targeted the given organization. The Penetraton test will give a security view in operational context and potential flaws can be discovered so that managment can make decisions about whether to allocated security resources to fix any discover problems. 2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting enables attackers to inject client-side...

Words: 491 - Pages: 2

Premium Essay

Ethical Hacking and Network Defense Unit 2 Assignment

...Web application server • Credit card transaction processing occurs • The test will include penetrating past specific security checkpoints. • The test can compromise with written client authorization only. Goals and Objectives John Smith, CEO of E-commerce Sales, has requested that we perform a penetration test on the company’s production e-commerce Web application server and its Cisco network. It is our intention to run various penetration tests at irregular times in order to accurately test security measures that have been put in place. E-commerce Sales will not be aware of any of the penetration measures nor will they be aware of the times that this will be done. Information about the network will be gathered and analyzed for any open network interfaces. Success of the test is determined by determining any potential weaknesses in the network and being able to identify solutions to protect those weaknesses. Failure is determined by the inability to pinpoint any weaknesses in the system or to find weaknesses and not be able to suggest solutions. Tasks During the course of the penetration testing there are several different tasks that we will have to perform. These tasks are listed...

Words: 1705 - Pages: 7

Premium Essay

Nt1310 Unit 3 Assignment 3

...Wireshark Wireshark, a network analysis tool formerly known as Ethereal, collects packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and numerous other features that allows deep analysis of network traffic and scrutinizes specific packets. It is used for networking troubleshooting, Malware analysis and education purposes. NMAP Nmap ("Network Mapper") is a Free Security Scanner for Network Exploration and Hacking. It is utilised to scan a network and collects data about the target network. It reports on open ports, Services running in the host, OS information and packet filters and firewall information. John the Ripper John the Ripper (JTR) is free and fast password cracker. Its main purpose is to detect susceptible UNIX passwords. It is one of the most widespread password...

Words: 541 - Pages: 3