Vulnerability Scan

I-DigitalTEK Agile Development IT Solutions for Growing Business Threats and Vulnerability Assesment Real time Protection I-DigitalTEK K I IdigitalTEK

Brute Force Intrusion

Brute Force tries a large number of Possibilities

Amount of time to break a 128 bit is 2 ^128 -1 or ~ “Age of Universe”

Xieve optimization skip non-sense combination

Limitation over HTTP versus TCPIP

Dictionary tries words and derived words from a dictionary file.

Password recovery utilities for Access, Quicken, MS Notes, PDF, Zip

Password Policy

# Must be between 8 - 20 characters

# Must include at least 1 number and 1 letter

# Can include uppercase and lowercase letters

# Can contain the following characters: @ # % * ( ) + = { } / ? ~ ; : " ' , . - _ |

# Must be randomly generated

Hint: “FTP/IMAP/POP/SMTP password breaking is not vulnerable to dictionary attacks if random value.”

Cross Site Scripting

Web Application threats where code is injected into pages.

HTML-JavaScript Injection

DOM based

Non-Persistent

Persistent

Identity Attack

Solutions

Escaping or Filtering

Eliminating Client side scripting

Input Validation

Code Injection

“ Exploitation of a Software defect to process invalid data”

Example of Code Injection

SQL Injection

PHP Injection

File Injection

Shell Injection

HTML/Script Injection

ASP Injection

Trojan Horse

Term is derived from the classical story of the “Trojan Horse”

“ A class of computer threats that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine.”

Six main types of Trojan horse payloads are:

Remote Access

Data Destruction

Downloader

Server Trojan (Proxy, FTP , IRC, Email, HTTP/HTTPS, etc.)

Disable security software

Denial-of-Service attack (DoS)

Denial of Attack

“ DoS attack is an attempt to make a computer resource unavailable to its intended users.”

One common method of attack involves saturating the target machine with external communications requests so that it cannot respond properly to legitimate traffic.

Smurf Attack

Tear Drop Attack

Peer-to-Peer

Permanent DoS

Protocol Analysis & “Defender” Firewall filtering

Honey Pot and Intrusion Detection

Other Typical Attacks

Network sniffing.

Cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks.

Cracking recording VoIP conversations.

Decoding scrambled passwords.

Recovering wireless network keys, revealing password boxes, uncovering cached passwords.

Analyzing routing protocols.

Scan encrypted protocols such as SSH-1 and HTTPS.

HTTP Manipulation and Fuzzers.

Web Scan Check List

Version Check

Vulnerable Web Servers

Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.

CGI Tester

Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)

Verify Web Server Technologies

Parameter Manipulation

Cross-Site Scripting (XSS) – over 40 different XSS variations are tested. - SQL Injection

Code Execution - Directory Traversal - File Inclusion - Script Source Code Disclosure

CRLF Injection - Cross Frame Scripting (XFS) - PHP Code Injection - XPath Injection

Full Path Disclosure - LDAP Injection - Cookie Manipulation

Arbitrary File creation - Arbitrary File deletion - Email Injection

File Tampering - URL redirection - Remote XSL inclusion

Web Scan Check List

MultiRequest Parameter Manipulation

Blind SQL/XPath Injection

File Checks

Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories) - Cross Site Scripting in URI - Checks for Script Errors