Print this page White Paper Dat

White Paper
Data Security: Approach, Guidelines, Assessment, and Best Practices.
Executive Summary
American CIT is a management business and technology solutions consulting firm, with an extensive track record in Business Advisory & Planning Services, Risk Assessment and Valuation services. Dedicated to middle Market, American CIT provides solutions for a wide range of clients within the Financial Services, Pharmaceutical industries as well as the Federal Government and many other state agencies.
Our unique business model and value proposition is what differentiate us from our competitors. We are focused on providing the precise talents and skills and strategic advice needed to accomplish a client’s objective. We are committed to quality in all phases of the project starting with planning, delivery and ending with service. American CIT’s prime goal is customer satisfaction.

Section I:
Data Security and Privacy Best Practices
Security begins with an understanding of how the system or network that needs to be secured works. This section breaks down network security by devices, which allows you to focus on single points of configuration. In keeping with this guidance's philosophy, we will use the approach of analyzing potential threats; without these analyses, it's impossible to properly apply security.

The network infrastructure can be broken into the following three layers: access, distribution, and core. These layers contain all of the hardware necessary to control access to and from internal and external resources. Recommendations apply to an Internet or intranet- facing Web zone and therefore might not apply to your internal or corporate network.

The following are the core network components:
Router

Firewall

Switch

I- Router
The router is the outermost security gate. It is responsible for forwarding IP packets to the networks to which it is connected. These packets can be inbound requests from Internet clients to your Web server, request responses, or outgoing requests from internal clients. The router should be used to block unauthorized or undesired traffic between networks. The router itself must also be secured against reconfiguration by using secure administration interfaces and ensuring that it has the latest software patches and updates applied.

II- Firewall
The role of the firewall is to block all unnecessary ports and to allow traffic only from known ports. The firewall must be capable of monitoring incoming requests to prevent known attacks from reaching the Web server. Coupled with intrusion detection, the firewall is a useful tool for preventing attacks and detecting intrusion attempts, or in worst-case scenarios, the source of an attack.

Like the router, the firewall runs on an operating system that must be patched regularly. Its administration interfaces must be secured and unused services must be disabled or removed.

III- Switch
The switch has a minimal role in a secure network environment. Switches are designed to improve network performance to ease administration. For this reason, you can easily configure a switch by sending specially formatted packets to it.

1- Router Consideration- Best Practices
The router is the very first line of defense. It provides packet routing, and it can also be configured to block or filter the forwarding of packet types that are known to be vulnerable or used maliciously, such as ICMP or Simple Network Management Protocol (SNMP).

The configuration categories for the router are:
Patches and updates

Protocols

Administrative access

Services

Auditing and logging

Intrusion detection

Patches and Updates
Subscribe to alert services provided by the manufacturer of your networking hardware so that you can stay current with both security issues and service patches. As vulnerabilities are found—and they inevitably will be found—good vendors make patches available quickly and announce these updates through e-mail or on their Web sites. Always test the updates before implementing them in a production environment.

Protocols
Denial of service attacks often take advantage of protocol-level vulnerabilities, for example, by flooding the network. To counter this type of attack, you should:

Use ingress and egress filtering.

Screen ICMP traffic from the internal network.

Use Ingress and Egress Filtering
Spoofed packets are representative of probes, attacks, and a knowledgeable attacker. Incoming packets with an internal address can indicate an intrusion attempt or probe and should be denied entry to the perimeter network. Likewise, set up your router to route outgoing packets only if they have a valid internal IP address. Verifying outgoing packets does not protect you from a denial of service attack, but it does keep such attacks from originating from your network. This type of filtering also enables the originator to be easily traced to its true source since the attacker would have to use a valid and legitimately reachable source address.

Screen ICMP Traffic from the Internal Network
ICMP is a stateless protocol that sits on top of IP and allows host availability information to be verified from one host to another. Commonly used ICMP messages are shown in Table 1.

Table 1 Commonly Used ICMP Messages
Message Description
Echo request
Determines whether an IP node (a host or a router) is available on the network

Echo reply
Replies to an ICMP echo request

Destination unreachable
Informs the host that a datagram cannot be delivered

Source quench
Informs the host to lower the rate at which it sends datagram because of congestion

Redirect
Informs the host of a preferred route

Time exceeded
Indicates that the time to live (TTL) of an IP datagram has expired

Blocking ICMP traffic at the outer perimeter router protects you from attacks such as cascading ping floods. Other ICMP vulnerabilities exist that justify blocking this protocol. While ICMP can be used for troubleshooting, it can also be used for network discovery and mapping. Therefore, control the use of ICMP. If you must enable it, use it in echo–reply mode only.

Prevent TTL Expired Messages with Values of 1 or 0
Trace routing uses TTL values of 1 and 0 to count routing hops between a client and a server. Trace routing is a means to collect network topology information. By blocking packets of this type, you prevent an attacker from learning details about your network from trace routes.

Do Not Receive or Forward Directed Broadcast Traffic
Directed broadcast traffic can be used to enumerate hosts on a network and as a vehicle for a denial of service attack. For example, by blocking specific source addresses, you prevent malicious echo requests from causing cascading ping floods. Source addresses that should be filtered are shown in Table 2.

Table 2 Source Addresses That Should be filtered
Source address Description
0.0.0.0/8 Historical broadcast
10.0.0.0/8 RFC 1918 private network
127.0.0.0/8 Loopback
169.254.0.0/16 Link local networks
172.16.0.0/12 RFC 1918 private network
192.0.2.0/24 TEST-NET
192.168.0.0/16 RFC 1918 private network
224.0.0.0/4 Class D multicast
240.0.0.0/5 Class E reserved
248.0.0.0/5 Unallocated
255.255.255.255/32 Broadcast

Administrative Access
From where will the router be accessed for administration purposes? Decide over which interfaces and ports an administration connection is allowed and from which network or host the administration is to be performed. Restrict access to those specific locations. Do not leave an Internet-facing administration interface available without encryption and countermeasures to prevent hijacking. In addition,

Disable unused interfaces.

Apply strong password policies.

Use static routing.

Audit Web facing administration interfaces.

Disable Unused Interfaces
Only required interfaces should be enabled on the router. An unused interface is not monitored or controlled, and it is probably not updated. This might expose you to unknown attacks on those interfaces.

Apply Strong Password Policies
Brute force password software can launch more than just dictionary attacks. It can discover common passwords where a letter is replaced by a number. For example, if "p4ssw0rd" is used as a password, it can be cracked. Always use uppercase and lowercase, number, and symbol combinations when creating passwords.

Use Static Routing
Static routing prevents specially formed packets from changing routing tables on your router. An attacker might try to change routes to cause denial of service or to forward requests to a rogue server. By using static routes, an administrative interface must first be compromised to make routing changes.

Audit Web Facing Administration Interfaces
Also determine whether internal access can be configured. When possible, shut down the external administration interface and use internal access methods.

Services
On a deployed router, every open port is associated with a listening service. To reduce the attack surface area, default services that are not required should be shut down. Examples include bootps and Finger, which are rarely required. You should also scan your router to detect which ports are open.

Auditing and Logging
By default, a router logs all deny actions; this default behavior should not be changed. Also secure log files in a central location. Modern routers have an array of logging features that include the ability to set severities based on the data logged. An auditing schedule should be established to routinely inspect logs for signs of intrusion and probing.

Intrusion Detection
With restrictions in place at the router to prevent TCP/IP attacks, the router should be able to identify when an attack is taking place and notify a system administrator of the attack. Attackers learn what your security priorities are and attempt to work around them. Intrusion Detection Systems (IDSs) can show where the perpetrator is attempting attacks.

2- Firewall Considerations – Best Practices
A firewall should exist anywhere you interact with an un-trusted network, especially the Internet. It is also recommended that you separate your Web servers from downstream application and database servers with an internal firewall.

After the router, with its broad filters and gatekeepers, the firewall is the next point of attack. In many (if not most) cases, you do not have administrative access to the upstream router. Many of the filters and ACLs that apply to the router can also be implemented at the firewall.

The configuration categories for the firewall include:
Patches and updates

Filters

Logging and auditing

Perimeter networks

Patches and Updates
Subscribe to alert services provided by the manufacturer of your firewall and operating system to stay current with both security issues and service patches.

Filters
Filtering published ports on a firewall can be an effective and efficient method of blocking malicious packets and payloads. Filters range from simple packet filters that restrict traffic at the network layer based on source and destination IP addresses and port numbers, to complex application filters that inspect application-specific payloads. A defense in depth approach that uses layered filters is a very effective way to block attacks. There are six common types of firewall filters:

Packet filters
These can filter packets based on protocol, source or destination port number and source or destination address, or computer name. IP packet filters are static, and communication through a specific port is either allowed or blocked. Blocked packets are usually logged, and a secure packet filter denies by default.

At the network layer, the payload is unknown and might be dangerous. More intelligent types of filtering must be configured to inspect the payload and make decisions based on access control rules.

Circuit-level filters
These inspect sessions rather than payload data. An inbound or outbound client makes a request directly against the firewall/gateway, and in turn the gateway initiates a connection to the server and acts as a broker between the two connections. With knowledge of application connection rules, circuit level filters ensure valid interactions. They do not inspect the actual payload, but they do count frames to ensure packet integrity and prevent session hijacking and replaying.

Application filters
Smart application filters can analyze a data stream for an application and provide application-specific processing, including inspecting, screening or blocking, redirecting, and even modifying the data as it passes through the firewall. Application filters protect against attacks such as the following:

Unsafe SMTP commands

Attacks against internal DNS servers.

HTTP–based attacks (for example, Code Red and Nimda, which use application-specific knowledge)

For example, an application filter can block an HTTP DELETE, but allow an HTTP GET. The capabilities of content screening, including virus detection, lexical analysis, and site categorization, make application filters very effective in Web scenarios both as security measures and in enforcement of business rules.

Stateful inspection
Application filters are limited to knowledge of the payload of a packet and therefore make filtering decisions based only on the payload. Stateful inspection uses both the payload and its context to determine filtering rules. Using the payload and the packet contents allow stateful inspection rules to ensure session and communication integrity. The inspection of packets, their payload, and sequence limits the scalability of stateful inspection.

Custom application filters
To ensure the integrity of application server & client communication
When you use filters at multiple levels of the network stack, it helps make your environment more secure. For example, a packet filter can be used to block IP traffic destined for any port other than port 80, and an application filter might further restrict traffic based on the nature of the HTTP verb. For example, it might block HTTP DELETE verbs.

Logging and Auditing
Logging all incoming and outgoing requests—regardless of firewall rules—allows you to detect intrusion attempts or, even worse, successful attacks that were previously undetected. Historically, network administrators sometimes had to analyze audit logs to determine how an attack succeeded. In those cases, administrators were able to apply solutions to the vulnerabilities, learn how they were compromised, and discover other vulnerabilities that existed. Apply the following policies for logging and log auditing:

Log all traffic that passes through the firewall.

Maintain healthy log cycling that allows quick data analysis. The more data you have, the
larger the log file size.

Make sure the firewall clock is synchronized with the other network hardware.

Perimeter Networks
A firewall should exist anywhere your servers interact with an untrusted network. If your Web servers connect to a back-end network, such as a bank of database servers or corporate network, a screen should exist to isolate the two networks. While the Web zone has the greatest degree of exposure, a compromise in the Web zone should not result in the compromise of downstream networks. By default, the perimeter network should block all outbound connections except those that are expected.

Advantages of a Perimeter Network
Hosts are not directly exposed to untrusted networks.

Exposed or published services are the only point of external attack.

Security rules can be enforced for access between networks.

Disadvantages of a Perimeter Network
Network complexity

IP address allocation and management

Requirement that the application architecture accommodate the perimeter network design

3- Switch Considerations – Best Practices
A switch is responsible for forwarding packets directly to a host or network segment, rather than sharing the data with the entire network. Therefore, traffic is not shared between switched segments. This is a preventive measure against packet sniffing between networks. An attacker can circumvent this security by reconfiguring switching rules using easily accessed administrative interfaces, including known account names and passwords and SNMP packets.

The following configuration categories are used to ensure secure switch configuration:

Patches and updates

Virtual Local Area Networks (VLANs)

Insecure defaults

Services

Encryption

Patches and Updates
Patches and updates must be tested and installed as soon as they are available.

VLANs
Virtual LANs allow you to separate network segments and apply access control based on security rules. However, a VLAN enhances network performance, but doesn't necessarily provide security. Limit the use of VLANs to the perimeter network (behind the firewall) since many insecure interfaces exist for ease of administration. For more information about VLANs, see the article "Configuring VLANS" on the Cisco Web site.

Insecure Defaults
To make sure that insecure defaults are secured, change all factory default passwords and SNMP community strings to prevent network enumeration or total control of the switch. Also investigate and identify potentially undocumented accounts and change the default names and passwords. These types of accounts are often found on well-known switch types and are well publicized and known by attackers.

Services
Make sure that all unused services are disabled. Also make sure that Trivial File Transfer Protocol (TFTP) is disabled, Internet-facing administration points are removed, and ACLs are configured to limit administrative access.

Encryption
Although it is not traditionally implemented at the switch, data encryption over the wire ensures that sniffed packets are useless in cases where a monitor is placed on the same switched segment or where the switch is compromised, allowing sniffing across segments.

4- Additional Considerations- Best Practices
Ensure that clocks are synchronized on all network devices. Set the network time and have all sources synchronized to a known, reliable time source.

Use Terminal Access Controller Access Control System (TACACS) or Remote Authentication Dial-In User Service (RADIUS) authentication for highly secure environments as a means of limiting administrative access to the network.

Define an IP network that can be easily secured using ACLs at subnets or network boundaries whenever possible.

5- Snapshot of a Secure Network- Best Practices
Table 3 provides a snapshot of the characteristics of a secure network. The security settings are abstracted from industry security experts and real-world applications in secure deployments. You can use the snapshot as a reference point when evaluating your own solution.

Table 3: Snapshot of a Secure Network
Component Characteristic
Router
Patches and Updates Router operating system is patched with up-to-date software.
Protocols Unused protocols and ports are blocked.
Ingress and egress filtering is implemented.
ICMP traffic is screened from the internal network.
TTL expired messages with values of 1 or 0 are blocked (route tracing is disabled).
Directed broadcast traffic is not forwarded.
Large ping packets are screened.
Routing Information Protocol (RIP) packets, if used, are blocked at the outermost router.

Administrative access Unused management interfaces on the router are disabled.
A strong administration password policy is enforced.
Static routing is used.
Web-facing administration is disabled.
Services Unused services are disabled (for example bootps and Finger).
Auditing and logging Logging is enabled for all denied traffic.
Logs are centrally stored and secured.
Auditing against the logs for unusual patterns is in place.
Intrusion detection IDS is in place to identify and notify of an active attack.
Firewall
Patches and updates Firewall software and OS are patched with latest security updates.
Filters Packet filtering policy blocks all but required traffic in both directions.
Application-specific filters are in place to restrict unnecessary traffic.
Logging and auditing All permitted traffic is logged.
Denied traffic is logged.
Logs are cycled with a frequency that allows quick data analysis.
All devices on the network are synchronized to a common time source.
Perimeter networks Perimeter network is in place if multiple networks require access to servers.
Firewall is placed between untrusted networks.
Switch
Patches and updates Latest security patches are tested and installed or the threat from known vulnerabilities is mitigated.
VLANs Make sure VLANs are not overused or overly trusted.
Insecure defaults All factory passwords are changed.
Minimal administrative interfaces are available.
Access controls are configured to secure SNMP community strings.
Services Unused services are disabled.
Encryption Switched traffic is encrypted.
Other
Log synchronization All clocks on devices with logging capabilities are synchronized.
Administrative access to network TACACS or RADIUS is used to authenticate administrative users.
Network ACLs The network is structured so ACLs can be placed on hosts and networks.

Section II:
American CIT’s Approach to Data Security Projects
Step I- Initial Risk Assessment
The network is the entry point to your application. It provides the first gatekeepers that control access to the various servers in your environment. For example servers are protected with their own operating system gatekeepers, but it is important not to allow them to be deluged with attacks from the network layer. This module breaks down network security by devices, which allows us to focus on single points of configuration. We will use the approach of analyzing potential threats. Without threat analysis, it is impossible to apply security properly.

Perform Security Risk Self Assessment
Security Risk Self-Assessment tool (RSAT) will be used to obtain information and recommendations about best practices to help enhance security within NPS. This application is designed to help our clients assess weaknesses in their current IT security environment. It will help identify processes, resources, and technologies that are designed to promote good security planning and risk mitigation practices within your organization.

Business Risk Profile
Understanding how the nature of your business affects risk is important in determining where to apply resources in order to help mitigate those risks. Recognizing areas of business risk will help you to optimize allocation of your security budget.

Defense-in-Depth
The "Defense-in-Depth" (DiD) concept refers to the implementation of layered defenses that include technical, organizational, and operational controls. This assessment is based on accepted standards and best practices to help reduce risk in IT environments.

Results and Reports
We will develop a full-length report that describes your company's security posture, based on the findings, and provides industry-recognized best practices and recommendations for achieving those practices.

Areas of Analysis
RSAT Tool is a detailed questionnaire that we will fill out based on your environment. We will processes your responses and evaluate your organization’s security practices in such areas as Infrastructure, Applications, Operations, and People.

The following table lists the areas that are included in this security risk assessment
Business Risk Profile Importance to security

Business Risk Profile Understanding how the nature of your business affects risk is important in determining where to apply resources in order to help mitigate those risks. Recognizing areas of business risk will help you to optimize allocation of your security budget.
Infrastructure Importance to security

Perimeter Defense Perimeter defense addresses security at network borders, where your internal network connects to the outside world. This constitutes your first line of defense against intruders.
Authentication Rigorous authentication procedures for users, administrators, and remote users help prevent outsiders from gaining unauthorized access to the network through the use of local or remote attacks.
Management & Monitoring Management, monitoring, and proper logging are critical to maintaining and analyzing IT environments. These tools are even more important after an attack has occurred and incident analysis is required.
Workstations The security of individual workstations is a critical factor in the defense of any environment, especially when remote access is allowed. Workstations should have safeguards in place to resist common attacks.
Applications Importance to security

Deployment & Use When business-critical applications are deployed in production, the security and availability of those applications and servers must be protected. Continued maintenance is essential to help ensure that security bugs are patched and that new vulnerabilities are not introduced into the environment.
Application Design Design that does not properly address security mechanisms such as authentication, authorization, and data validation can allow attackers to exploit security vulnerabilities and thereby gain access to sensitive information.
Data Storage & Communications Integrity and confidentiality of data is one of the greatest concerns for any business. Data loss or theft can hurt an
Organization revenue as well as its reputation. It is important to understand how applications handle business critical data and how that data is protected.
Operations Importance to security

Environment The security of an organization is dependent on the operational procedures, processes and guidelines that are applied to the environment. They enhance the security of an organization by including more than just technology defenses. Accurate environment documentation and guidelines are critical to the operation team's ability to support and maintain the security of the environment.
Security Policy Corporate security policy refers to individual policies and guidelines that exist to govern the secure and appropriate use of technology and processes within the organization. This area covers policies to address all types of security, such as user, system, and data.
Backup & Recovery Data backup and recovery is essential to maintaining business continuity in the event of a disaster or hardware/software failure. Lack of appropriate backup and recovery procedures could lead to significant loss of data and productivity.
Patch & Update Management Good management of patches and updates is important in helping secure an organization's IT environment. The timely application of patches and updates is necessary to help protect against known and exploitable vulnerabilities.
People Importance to security

Requirements and Assessments Security requirements should be understood by all decision-makers so that both their technical and their business decisions enhance security rather than conflict with it. Regular assessments by a third party can help a company review, evaluate, and identify areas for improvement.
Policies and Procedures Clear, practical procedures for managing relationships with vendors and partners can help protect the company from exposure to risk. Procedures covering employee hiring and termination can help protect the company from unscrupulous or disgruntled employees.
Training and Awareness Employees should be trained and made aware of how security applies to their daily job activities so that they do not inadvertently expose the company to greater risks.

Checklist
The checklist will be used as a quick evaluation snapshot of the corresponding modules.

Router Considerations
Check Description
□ Latest patches and updates are installed.
□ You subscribed to router vendor's security notification service.
□ Known vulnerable ports are blocked.
□ Ingress and egress filtering is enabled. Incoming and outgoing packets are confirmed as coming from public or internal networks.
□ ICMP traffic is screened from the internal network.
□ Administration interfaces to the router are enumerated and secured.
□ Web-facing administration is disabled.
□ Directed broadcast traffic is not received or forwarded.
□ Unused services are disabled (for example, TFTP).
□ Strong passwords are used.
□ Logging is enabled and audited for unusual traffic or patterns.
□ Large ping packets are screened.
□ Routing Information Protocol (RIP) packets, if used, are blocked at the outermost router.

Firewall Considerations
Check Description
□ Latest patches and updates are installed.
□ Effective filters are in place to prevent malicious traffic from entering the perimeter
□ Unused ports are blocked by default.
□ Unused protocols are blocked by default.
□ IPsec is configured for encrypted communication within the perimeter network.
□ Intrusion detection is enabled at the firewall.

Switch Considerations
Check Description
□ Latest patches and updates are installed.
□ Administrative interfaces are enumerated and secured.
□ Unused administrative interfaces are disabled.
□ Unused services are disabled.
□ Available services are secured.

Step II- Identification of Threats and Countermeasures
The network is the entry point to your application. It provides the first gatekeepers that control access to the various servers in your environment. Servers are protected with their own operating system gatekeepers, but it is important not to allow them to be deluged with attacks from the network layer. It is equally important to ensure that network gatekeepers cannot be replaced or reconfigured by imposters. In a nutshell, network security involves protecting network devices and the data that they forward.

The basic components of a network, which act as the front-line gatekeepers, are the router, the firewall, and the switch. Figure 1 shows these core components.

Figure 1. Network components: router, firewall, and switch
An attacker looks for poorly configured network devices to exploit. Common vulnerabilities include weak default installation settings, wide-open access controls, and un-patched devices. The following are examples of high-level network threats:

1) Information gathering
2) Sniffing
3) Spoofing
4) Session hijacking
5) Denial of service

1) Information Gathering
Information gathering can reveal detailed information about network topology, system configuration, and network devices. An attacker uses this information to mount pointed attacks at the discovered vulnerabilities.

Vulnerabilities
The inherently insecure nature of the TCP/IP protocol suite

Configuration information provided by banners

Exposed services that should be blocked

Attacks
Using Tracert to detect network topology

Using Telnet to open ports for banner grabbing

Using port scans to detect open ports

Using broadcast requests to enumerate hosts on a subnet

Countermeasures
Use generic service banners that do not give away configuration information such as
software versions or names.

Use firewalls to mask services that should not be publicly exposed.

2) Sniffing
Sniffing, also called eavesdropping, is the act of monitoring network traffic for data, such as clear-text passwords or configuration information. With a simple packet sniffer, all plaintext traffic can be read easily. Also, lightweight-hashing algorithms can be cracked and the payload that was thought to be safe can be deciphered.

Vulnerabilities
Weak physical security

Lack of encryption when sending sensitive data

Services that communicate in plain text or weak encryption or hashing

Attacks
The attacker places packet-sniffing tools on the network to capture all traffic.

Countermeasures
Strong physical security that prevents rogue devices from being placed on the network

Encrypted credentials and application traffic over the network

3) Spoofing
Spoofing, also called identity obfuscation, is a means to hide one's true identity on the network. A fake source address is used that does not represent the actual packet originator's address. Spoofing can be used to hide the original source of an attack or to work around network access control lists (ACLs) that are in place to limit host access based on source address rules.

Vulnerabilities
The inherently insecure nature of the TCP/IP protocol suite

Lack of ingress and egress filtering. Ingress filtering is the filtering of any IP packets with un-trusted source addresses before they have a chance to enter and affect your system or network. Egress filtering is the process of filtering outbound traffic from your network.

Attacks
An attacker can use several tools to modify outgoing packets so that they appear to originate from an alternate network or host.

Countermeasures
You can use ingress and egress filtering on perimeter routers.

4) Session Hijacking
With session hijacking, also known as man in the middle attacks, the attacker uses an application that masquerades as either the client or the server. This results in either the server or the client being tricked into thinking that the upstream host is the legitimate host. However, the upstream host is actually an attacker's host that is manipulating the network so that it appears to be the desired destination. Session hijacking can be used to obtain logon information that can then be used to gain access to a system or to confidential information.

Vulnerabilities
Weak physical security

The inherent insecurity of the TCP/IP protocol suite

Unencrypted communication

Attacks
An attacker can use several tools to combine spoofing, routing changes, and packet manipulation.

Countermeasures
Session encryption

Stateful inspection at the firewall

5) Denial of Service
A denial of service attack is the act of denying legitimate users access to a server or services. Network-layer denial of service attacks; usually try to deny service by flooding the network with traffic, which consumes the available bandwidth and resources.

Vulnerabilities
The inherent insecurity of the TCP/IP protocol suite

Weak router and switch configuration

Unencrypted communication

Service software bugs

Attacks
Brute force packet floods, such as cascading broadcast attacks

SYN flood attacks

Service exploits, such as buffer overflows

Countermeasures
Filtering broadcast requests

Filtering Internet Control Message Protocol (ICMP) requests

Patching and updating of service software

Step III- System Security Diagnostic Reviews
The systems review and testing task compliments the external and internal penetration testing. This testing is important to help gain an understanding of the effectiveness of internal controls in place to protect the client information from unauthorized access. The internal testing involves assessments of the systems that support financial applications, as well as an assessment of the policies, procedures and processes that support the IT operation. During the risk assessment/site survey, we will determine which of the following items are required during the external penetration review.

Database review:
The team will assess the database security controls. The purpose of this review is to gain a representative understanding of the specific DB controls. It will also identify the potential vulnerabilities in the configuration of the databases and compares current security controls with best practices and DISA database STIG. Specifically, the database review addresses the following topics

User Management && Password Management

High risk Users && Authentication methods for both the operating system and the
database

System Privileges && Object Privileges

Operating system data file information

Operating system roles && Profiles Information

Database roles && Stored procedures

Triggers && Protocols && Distributed Database Features

Audit and Log configuration && Backup and Recovery

Parameter files && Security Monitoring

Patch and Upgrade management

Third Party access to the database

Web Server Review:
In this task, the team will assess the web server configurations that support the systems that process all the data. Because end users are directly communicating with web servers, the security surrounding these servers is critical. During this assessment, the team will evaluate the following:

Files permissions and ownership

Authentication mechanisms and controls

Encryption, including SSL

Services and Application settings

Actual and Virtual web site permissions and addresses

Use of session tokens

Use of Java, Java Scripts, CGI, ASP or Active X

Use of third party web tools

Manufacturers specific vulnerabilities

Database integration

Logging, Auditing, Monitoring and Alerts

Step IV- External Network Penetration Testing
The approach to conduct the client external network analysis consists of twp phases. The first phase focuses on the access points to the network through Internet connections. The second phase examines access to the network via dial-in telephone line connections such as modems and remote access points. Both phases are performed using our lab in NY.

Prior to beginning of the testing activities, the team will meet with the client management to review the requirements. These requirements will be developed and will detail the conditions under which the testing will occur and delineates reporting for emergences in the event that a weakness with significant operational impact is detected or if an event occurs that threatens production data.

Step V- Internal Network Penetration Testing
There are two different scenarios of Internal Network Penetration testing that can be performed. The first scenario will take place within the client’s Headquarter facilities and the other can be done from any client’s field site.

Approach to Internal Penetration Testing activities:
Attempting to gain a network access without a valid user account

Performing detail search and footprint analysis of internal network paths

Conducting systematic attempts to gain unauthorized access and privileges via internal
and trusted links by exploiting vulnerabilities and network services.

Analyze vulnerabilities to exploitation by attempting to map network topology, increase
level of privileges, obtain access to password files, emails and gain access to other
network segments or subnets.

Reviewing client’s incident response actions to authorized access by malicious individuals.