In this executive summary, we will go visually through the vulnerability scan we`ve done using Nessus and Nsauditor by providing the reader with screen shoots to clarify our scan and to make it easier for the readers to understand our vulnerability scan procedures, then we will introduce our work and give a summary of our findings, vulnerabilities, risks and threats, and try to find solutions or recommendations for these security problems in our conclusion.
1. 2008
Tareq ,Ali,Maysara 0
Vulnerability Scanning Executive Summary
Vulnerability Scanning
Executive Summary
Using Tenable Nessus & Nsauditor Network
Security auditor
In this executive summary, we will go visually through the vulnerability scan we`ve
done using Nessus and Nsauditor by providing the reader with screen shoots to
clarify our scan and to make it easier for the readers to understand our
vulnerability scan procedures, then we will introduce our work and give a
summary of our findings, vulnerabilities, risks and threats, and try to find solutions
or recommendations for these security problems in our conclusion.
0
By: Tareq Hanaysha
Submitted to:
Ali Shan Ahmad
Francis Gichohi
Maysara Hamdan
Concordia University College of Alberta
2. Tareq ,Ali,Maysara 1
Vulnerability Scanning Executive Summary
Table of Contents
1. Introduction………………………………………………………………………….……………………….……2
I.
Purpose………………………………………………………………………………………………………………………………..……..2
II.
Scope ………………………………………………………………………………………………………………………………..………..3
2. Risk Assessment Approach……………………………………..………..3
I.
The participants………………………………………………………………………………………………………………..…………3
II.
Techniques used to gather information…………………………………………………………………………………..…..4
III.
Development & descriptions of risk scale…………………………………………………………………………………….5
3. System Characterization………………………………………………………….8
I. Technology Component …………………………………………………………………………………………………………………….8
II. Physical Location…………………………………………………………………………………………………………………..…………..8
III. Data Used By the system …………………………………………………………………………….……..…………………….………9
4. Threat Statement……………………………………………………….…………………………….9
5. Risk Assessment Results …………………………….………………………...10
6. Scan & Assessment Results …………………………….……………….10
7. Summary ……………………………………………………………………………………………………………….21
8. Conclusion …………………………………………………………………………………………………………22
1
3. Tareq ,Ali,Maysara 2
Vulnerability Scanning Executive Summary
1. Introduction
The Internet is virtual minefield of vulnerabilities and exploits, in which it is no longer
possible to review and identify all of the possible holes in network systems. Security scanning and
auditing are critical in identifying and closing holes in system and network defenses. Security holes
come in many forms and can happen on any network connected device.
Tenable's Nessus Vulnerability Scanner and Nsauditor are counted among the world's
premier security scanners. An active security scanner is a piece of software that connects to network
machines and determines if the machine is vulnerable to any flaws which might place it at risk of
being successfully attacked. The job of the Nessus Vulnerability Scanner is to help the security
team and administrators gain an understanding of the current level of security on the network.
I.
Purpose
The purpose of this risk assessment or scan is to evaluate the security holes and the missing
windows patches that might help to protect our system and harden it against know vulnerabilities as
well as assessing our network like TCP protocols, ports, and the vulnerabilities using Nessus client
analyser.
The ultimate objective is to learn to install, configure, and use an open-source security
auditing tool; our utilities of choice in this lab are NESSUS and Nsauditor. Nessus is one of the
most widely used security auditing tool in the open source community. This lab will cover not only
the installation and use of the utility, but also how to interpret the results.
There are many unique features of the Nessus technology which can help any organization
to assess and remediate threats. When looking at scanning technologies, it is important to
understand the technical merits of the scanner in order to ensure that you get the best results.
Scanners are typically evaluated for their:
Accuracy
Stability
Speed
Ability to detect network and host-based flaws
2
4. Tareq ,Ali,Maysara 3
Vulnerability Scanning Executive Summary
II.
Scope
This Risk Assessment Report will be done on the local host of my system, and will evaluates
the confidentiality, integrity and availability of the information on or pass through my system .we
will do port scanning too using the network in the house, and try to find out which patches are
missing in the systems through the patch hot fix scan.
2. RISK ASSESSMENT APPROACH
To conduct our risk assessment and vulnerability scan we used Nessus and Nsauditor
software on my computer, and we tried to scan the rest of the computers on the same network from
my machine, Nessus reported the vulnerabilities of my system and classified them as high, medium
and low risks, with color codes, red, orange and green, a report were provided by Nessus after the
scan and the report is attached with this summary for more details.
I.
Participants In the assessment
Role
Participant
System Owner
Tareq Hanaysha
System Custodian
Ali Shan
Security Administrator
Maysara Hamdan
3
5. Tareq ,Ali,Maysara 4
Vulnerability Scanning Executive Summary
II.
Techniques used
Technique
Description
Nessus client Scan
Nsauditor network security analysis tool
Proprietary comprehensive vulnerability
scanning software. It is free of charge for
personal use in a non-enterprise
environment. Its goal is to detect potential
vulnerabilities on the tested systems.
Network auditing software which combines
in one product Vulnerability Scanning,
Network
Monitoring
and
Network
Inventory. Nsauditor allows monitoring
network
computers
for
possible
vulnerabilities, checking enterprise network
for all potential method that hackers might
use to attack it and create a report of
potential problems that were found.
Nsauditor is a complete networking utilities
package that includes more than 45
network tools and helps network
administrators to identify security holes
and flaws in their networked systems. The
program also includes firewall system, realtime network monitoring, packet filtering
and analyzing.
Software description is taken from the lab requirements belongs to mike
4
6. Tareq ,Ali,Maysara 5
Vulnerability Scanning Executive Summary
III.
Risk Scale
In determining risks associated with our systems, we used the following formula for classifying
risk:
Risk = Threat level X Magnitude of Impact
And the following definitions:
Level Definition
Level
High
(1.0)
Medium
(0.5)
Low
(0.1)
5
Definition
The threat source is highly motivated and sufficiently capable, and
controls to prevent the vulnerability from being exercised are
ineffective.
The threat source is motivated and capable, but controls are in place
that may impede successful exercise of the vulnerability.
The threat source lacks motivation or capability, or controls are in
place to prevent, or at least significantly impede, the vulnerability
from being exercised.
7. Tareq ,Ali,Maysara 6
Vulnerability Scanning Executive Summary
Impact Definition
Magnitude
of Impact
High
(100)
Impact Definition
The loss of confidentiality, integrity, or availability could be expected to
have a severe or catastrophic adverse effect on my computer operations, on
my assets, or on me personally.
• Major damage to my assets
• Major financial loss
Medium
(50)
Significant degradation in mission capability to an extent and duration that
my computer won’t be able to perform its primary functions, but the
effectiveness of the functions is significantly reduced.
• Significant damage to my assets
• Significant financial loss
• Significant harm to me that does not involve loss of my life or serious life
threatening injuries.
Low
(10)
Degradation in mission capability to an extent and duration that my
computer won`t perform its primary functions, but the effectiveness of the
functions is noticeably reduced
• Minor damage my assets
• Minor financial loss
• Minor harm on me.
6
8. Tareq ,Ali,Maysara 7
Vulnerability Scanning Executive Summary
Risk was calculated as follows:
Low (10)
Medium (50)
High (100)
High (1.0)
Low Risk (10 x 1.0 =
10)
Medium Risk (50 x 1.0 =
50)
High Risk (100 x 1.0 =
100)
Medium
(0.5)
Low Risk (10 x 0.5 =
5)
Medium Risk (50 x 0.5 =
25)
Medium Risk (100 x 0.5 =
50)
Low (0.1)
Low Risk (10 x 0.1 =
1)
Low Risk (50 x 0.1 = 5)
Low Risk (100 x 0.1 = 10)
Threat
Level
Risk Scale: High (>50 to 100); Medium (>10 to 50); Low (1 to 10)
Corrective action needed based on the impact of the risk
Magnitude
Personally
Includes:
of Impact• Name
identifiable
information
High
Medium
Vehicle
Low
information
Corrective action needed
There is a strong need for corrective measures. An existing system
may continue to operate, but a corrective action plan must be put in
place as soon as possible.
Corrective actions are needed and a plan must be developed to
• Address (current and previous)
incorporate these actions within a reasonable period of time.
• Phone Number • SSN # • DOB
The system’s Authorizing Official must determine whether corrective
actions are still required or decide to accept the risk.
Includes • Vehicle identification
number • Tag # • Date of last
emissions test
Financial
information
7
• Credit card #
• Verification code • Expiry date
• Card type • Authorization
reference • Transaction
reference
9. Tareq ,Ali,Maysara 8
Vulnerability Scanning Executive Summary
3. SYSTEM CHARACTERIZATION
I.
Technology components
Component
Description
Applications
Apache server is running on my system and the
local host is being used be Nessus to test the ports
and vulnerabilities.
Databases
MySQL database system
Operating Systems
Microsoft Windows vista 32 bit service pack 1
Interconnections
Interface to Broadcom card
Protocols
TCP,UDP and SSL used for transmission between
client web browser and web server
Networks
Checkpoint Firewall
D-link Routers
II.
Physical Location
Location
Description
Personnel Computers
Tareq`s house, hosts 4 computers
connected through wireless network and a
modem.
8
10. Tareq ,Ali,Maysara 9
Vulnerability Scanning Executive Summary
III.
Data Used By System
Data
Description
System
Includes:
identifiable
• Name
information
• System
• Ip address
4. THREAT STATEMENT
When I was doing my risk assessment analysis and test, the following threats has been
identified to my system:
Threat source
Threat action
Hacker
• Web defacement
• Social engineering
• System intrusion, break-ins
• Unauthorized system access
Computer criminal
• Identity theft
• Spoofing
Environment
9
Natural disaster
11. Tareq ,Ali,Maysara 10
Vulnerability Scanning Executive Summary
5. Nessus Scan and risk assessment results
The following table provides an overview of the vulnerabilities assumed to happen and
vulnerabilities founded by our scan and recommended safeguards for our systems:
No
Observations
Threat
source
Existing
control
level
impac
t
Risk
rating
Recommended control
Passwords
must be
alphanumeric
Medium
Medium
Medium
Require use of special
characters
None
Medium
Medium
Medium
Validation of all headers,
cookies, query strings, form
fields, and hidden fields (i.e.,
all parameters) against a
rigorous specification of what
should be allowed
Limited
High
Medium
Medium
Ensure that all parameters are
validated before they are
used. A centralized
component or library is likely
to be the most effective, as
the code performing the
checking should all be in one
place. Each parameter should
be checked against a strict
format that specifies exactly
what input will be allowed.
Medium
Medium
Medium
Reconfigure systems to
Vulnerab
ility
1
2
User system password
can be guessed or
cracked
Cross site scripting
Hackers/
Password
effectivenes
s
Hackers/
Cross-site
and at least 6
characters
scripting
3
Data could be
inappropriately
extracted/modified
from
Hackers +
Criminals /
SQL
Injection
validation
checks on
inputs
MySQL database by
entering SQL
commands into input
fields
4
Web server and
application server
running unnecessary
10
All /
Unnecessar
y
Services
None
remove unnecessary services
12. Tareq ,Ali,Maysara 11
Vulnerability Scanning Executive Summary
services
5
Disaster recovery plan
Environmen
t/
Hp backup
and recovery
Medium
High
Medium
recovery plan
has not been
established
Develop and test a disaster
Disaster
Recovery
6
Open TCP Port :
49155
was possible
to enumerate
the
Distributed
Computing
Environment
Windows and
router firewall
low
Low
low
Ports must be controlled by
firewall and watched from
remote attacks
7
Web Server Uses
Plain Text
Authentication Forms
An attacker
eavesdroppi
ng the
traffic might
use this
setup to
No control
Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Make sure that every form
transmits its results over
HTTPS
No control
Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Disable these methods.
obtain
logins and
passwords
of valid
users.
8
Debugging functions
are enabled on the
remote web server.
it has been
shown that
servers
supporting
the TRACE
method are
subject to
cross-site
scripting
attacks,
dubbed XST
for
"Cross-Site
Tracing",
when used
in
conjunction
with various
weaknessesi
n browsers.
An attacker
may use this
flaw to trick
your
11
13. Tareq ,Ali,Maysara 12
Vulnerability Scanning Executive Summary
legitimate
web users to
give him
their
credentials.
9
Weak Supported SSL
Ciphers Suites
The remote
host
supports the
use of SSL
ciphers that
offer either
weak
No control
Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Medium
/ Base
Score :
5.0
Reconfigure the affected
application if possible to
avoid use of weak
ciphers.
encryption
or no
encryption
at all.
Nessus Scan Process screen shoots and results
12
22. Tareq ,Ali,Maysara 21
Vulnerability Scanning Executive Summary
6. Summary
The following table provides an overview of the vulnerabilities and recommended safeguards for
my system
Risk Matrix
Vulnerability
Risk Level
(High, Medium, Low)
Recommended Safeguard
Cross-site
scripting
Medium
Install antivirus software and
constant update for these
programs
Password
strength
high
Train the user to use strong
password that is harder to
crack or guess.
SQL
injection
high
Use antivirus solution to
protect the database system
Unnecessary
services
low
Turn off all uneseccary
services, the can be a hole and
make the system more
vulnerable.
Implementing the recommended safeguards will reduce the overall risk exposure associated with
the general vulnerabilities listed above.
21
23. Tareq ,Ali,Maysara 22
Vulnerability Scanning Executive Summary
7. Conclusion
NESSUS is not fool-proof or the only system available for vulnerability assessment, but is
one of the many systems that are available for Network Auditing and testing production systems.
With the release of NESSUS 3, there are more than 10,000 plug-in checks. NESSUS plug-in often
include cross-references with Security Focus (Bugtraq ID), CVE, OSVDB, IAVA, and more. Many
NESSUS plug-in also include CVSS severity rankings. These CVSS rankings allow an organization
to quickly categorize their level or risk.
22