Your SlideShare is downloading. ×
Risk assesment IT Security project
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Risk assesment IT Security project

511
views

Published on

Risk ass

Risk ass

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
511
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.
      Risk assessment for the
    • Secret Nuclear Research
    • 2. Facility
      Red Team:
    • Mads, Paul, Vlad Stefan
      2 nd of November 2011
  • 3.
      Overview
    • Risk Assessment
    • 4. Recommendations
    • 5. Resulted Documentation
  • 6.
      Planned Network Overview
  • 7.
      Actual Network Overview – Audit Result
  • 8.
      Network Characterization
    • Physical Location – Unknown/Undisclosed
    • 9. Components
      • Servers/Tech LAN : 172.16.1.0/24
      • 10. Office/Lab LAN : 172.16.2.0/24
      • 11. VPN connection to Headquarter
      • 12. One pfSense as router, gateway and firewall
  • 13.
      Network Characterization
    • Server/Tech LAN
    • Office/Lab LAN
      • Windows XP for machines in the Research Laboratory
      • 17. Windows XP as Workstations
        • Undisclosed number employees and workstations
    • Authorized User
      • Employees of the SRNF
  • 18.
      System Characterization - Clients
    • Hardware
      • Desktop PC
    • Software
      • Windows XP
      • 19. Firefox web browser
      • 20. Thunderbird Mail Client
      • 21. Office Suite
      • 22. Classified Productivity Tools
    • Interfaces
  • 25.
      System Characterization - Servers
    • Hardware
      • Blade Server
    • Software
      • Debian OS
      • 26. (DVL OS for Web Server)
      • 27. Specific Server Daemon Running
      • 28. SSH Server
    • Interfaces
  • 31.
      System Characterization
    • Data & info
      • Private PGP key
      • 32. Confidential organization files
      • 33. Work files
      • 34. Secret Research Documents
    • System Mission
      • Web surfing for Work Related Issues
      • 35. Mail
      • 36. Workstations
      • 37. Classified activities
  • 38.
    • System&Data criticality
    • Private PGP key H
    • 39. Confidential organization files EH
    • 40. Work files M
    • 41. Secret Research Documents EH
    • Data & info
    • Private PGP key M
    • 42. Confidential organization files H
    • 43. Work files M
    • 44. Secret Research Documents H
    L = Low, M = Medium, H = High, EH = Extremely High
      System Characterization
  • 45.
      Threat-source
      Motivation
      Threat action
      Hackers, crackers
      Challenge, Ego
    • Hacking
    • 46. Social Engineering
    • 47. Unauthorized access
      Industrial Espionage
      Competitive advantages
    • Economic exploitation
    • 48. Information Theft
    • 49. Social Engineering
    • 50. Access to classified information
      Government Espionage
      Law infringement, Insufficient bribery
    Information Gathering Social Engineering Access to classified information
      Stupid user/administrators
      Stupidity
    • Misplacement
    • 51. Physical damage
    • 52. Misconfiguration
    Freelancers (Blue Leader) Money Information Gathering Social Engineering Access to classified information
      Threat Identification
  • 53.
      Vulnerability
      Threat source
      Threat action
      Outdated and unpatched OS (known issues) – Windows XP w/o SP
      Hackers
      Misconfiguration of MySQL – root is the only user
      (Unauthorized) users
    • Access to sensitive information
    • 57. Data tempering
      Web Server running on the server LAN using a vulnerab. OS
      Users, Hackers
    • Unauthorized access
      PfSense running firewall, gateway, router and DNS server
      Malicious users
    • (Single Point of Failure)
    • 58. DoS
    FTP server used as “file server” Users, Hackers, Secret Agents Access to sensitive information Data tempering Oudates and unpatched software Malicious users System crash DoS System failures Remote Access Vulnerability Identification
  • 59.
      Vulnerability
      Threat source
      Likelihood Level
      Outdated and unpatched OS (known issues) – Windows XP w/o SP
      Hackers
    • Medium
      Misconfiguration of MySQL – root is the only user
      (Unauthorized) users
    • High
      Web Server running on the server LAN using a vulnerab. OS
      Users, Hackers
    • Medium
      PfSense running firewall, gateway, router and DNS server
      Malicious users
    • Medium
    FTP server used as “file server” Users, Hackers, Secret Agents High Outdated and unpatched software Malicious users Medium
      Likelihood Determination
  • 60.
      Vulnerability
      Threat source
      Confidentiality
    Integrity Availability
      Outdated and unpatched OS (known issues) – Windows XP w/o SP
      Hackers
      Medium
    Medium High
      Misconfiguration of MySQL – root is the only user
      (Unauthorized) users
      High
    High High
      Web Server running on the server LAN using a vulnerab. OS
      Users, Hackers
      Medium
    • Medium
    • Medium
      PfSense running firewall, gateway, router and DNS server
      Malicious users
      Medium
    • Medium
    • Medium
    FTP server used as “file server” Users, Hackers, Secret Agents High High Medium Outdated and unpatched software Malicious users Medium
    • Medium
    • Medium
      Impact Analysis
  • 61.
      Vulnerability
      Threat source
      Likelihood Level
      Outdated and unpatched OS (known issues) – Windows XP w/o SP
      Hackers
      Medium
      Misconfiguration of MySQL – root is the only user
      (Unauthorized) users
      High
      Web Server running on the server LAN using a vulnerab. OS
      Users, Hackers
      High
      PfSense running firewall, gateway, router and DNS server
      Malicious users
      Medium
    FTP server used as “file server” Users, Hackers, Secret Agents High Outdated and unpatched software Malicious users Medium
      Risk Determination
  • 62.
    • High Impact, High Likelihood
    • Authorize a penetration testing on the SNRF
    • 63. Do not call a “lock-down”
      • Discreet manner for not to alert Blue Leader
    • Implement the recommendations resulted from the penetration testing
      Control Recommendations
  • 64. Will be presented in the Penetration testing Report. It is our strong recommendation to implement all the suggested security features presented on resulted after the Penetration Testing.
      Resulted Documentation
  • 65. TOP SECRET ----------------- U445-12B This Document is never to be reproduced or leaked to any other except to the staff of Applied Destruction Inc. Treason charges will be set to any who will not obey.
      Questions?