Scan Website Vulnerability - Project Presentation

CONFIDENTIAL: The information in this document belongs to Boston Institute of Analytics LLC. Any unauthorized sharing of this
material is prohibited and subject to legal action under breach of IP and confidentiality clauses.
Perform a Scan of the Website to Identify the
Actively Running Open Ports, Analyze the
Functions, Benefits, and Potential Security
Threats Associated.

• Research, Data Collection & Tool Used
• Introduction to NMAP
• Key Features & Benefits of Nmap Network Scanner
• Nmap Scanning for the Website & Details of Open Ports
• Functions, Benefits and Threats of different Open Ports for the Website
• Mitigation Measures & Recommendations

Research
Modern Energy Rental Pvt.Ltd. - An Energy Rental Organization.
Modern Energy Rental is India’s most sought after energy equipment rental company situated in
Mumbai providing diesel and gas generators, Transformers, Air-Cooled Chillers / Air
conditioning Roof Top Units, Compressors, Mobile Lighting Tower, Load Banks, Fuel Tanks on
Rental Basis to Mining & Heavy Industries, Oil & Gas sector, Manufacturing Industries.
Client base includes Tata Motors, ONGC, TCS, SBI, ACC Cement, Bridge stone
• URL: www.modernenergy.co.in
• Category: Generator and Chiller Rental Services
• Global Traffic Rank: 1,411,277
• India Rank: 85,459
• Estimated Worth: $36,352
• Daily Unique Visitors (popularity): Approximately 2,213 (SiteIndices).

Data Collection
Technology stack Information:
https://builtwith.com/modernenergy.co.in
1. Frontend: HTML5/CSS3, JavaScript
2. Backend: PHP, WordPress
3. Server: Apache.
4. Database: MySQL
5. Analytics: Google Analytics

Reference
https://www.whois.com/whois/modernenergy.co.in

Tools Used
Network Mapper: NMAP:- https://nmap.org/

Introduction to NMAP Tool
• Nmap (Network Mapper) is an open-
source tool used for network discovery
and security auditing. It was originally
designed to scan large networks, but it
also works well against single hosts.
• Nmap is versatile, offering a range of
features for exploring networks,
managing services, and detecting
vulnerabilities.

1. Network Scanning: Discovers hosts and
services
2. Port Scanning: Identifies open ports on
target hosts.
3. Service & Version Detection: Detects
running applications and versions.
4. OS Detection: Identifies operating systems
via TCP/IP stack fingerprinting
5. Scripting Engine (NSE): Automates tasks
with custom scripts.
6. Network Mapping: Visualizes network
topology.
7. Security Auditing: Identifies
vulnerabilities and misconfigurations.
1. Versatile: Supports multiple platforms
and both small and large networks.
2. Open Source: Free, with community
support and regular updates.
3. Extensible: Custom scripts and integration
with other tools.
4. Performance: Efficient scanning
algorithms.
5. User-Friendly: CLI for detailed control;
GUI (Zenmap) available
Features Benefits

Proof of Concept - Nmap Scanning for
www.modernenergy.co.in

PORT SERVICE
21 FTP
22 SSH
53 DOMAIN
80 HTTP
110 POP3
143 IMAP
443 HTTPS
465 SMPTS
587 SUBMISSION
993 IMAPS
995 POP3S
2000 CISCO-SCCP
5060 SIP
Details of Open Ports

FTP PORT
Functions : FTP (File Transfer Protocol) is used to transfer files between computers on a
network.
1.File Transfer:
• Uploading files from a local computer to a remote server & vice versa.
• Transferring files between two remote servers.
2.File Management:
• Listing files and directories.
• Creating, renaming and deleting files and directories.
• Changing file permissions and attributes.
3.Data Organization:
• Organizing files into directories and subdirectories.
• Managing file structures for efficient storage and retrieval

• Ease of Use: Simple command structure
and widely supported by various client
applications.
• Efficiency: Capable of transferring large
files and multiple files in batches.
• Compatibility: Supported on almost all
platforms and operating systems.
• Automation: Can be scripted for
automated file transfers, making it useful
for regular, repetitive tasks.
• Lack of Encryption: Transfers data, including
usernames and passwords in plain text
making it vulnerable to interception by
attackers, such as man-in-the-middle attacks."
• Anonymous Access: Anyone can access the
server without authentication, which can lead
to unauthorized access and data breaches.
• Data Integrity: No built-in mechanism to
ensure that the files are not altered during
transmission.
• Directory Traversal Attacks: Attackers can
exploit vulnerabilities to navigate the
directory structure, gaining access to
unauthorized areas of the server.
Benefits Threats

Secure Shell (SSH) Port
Functions:
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives
users, particularly system administrators, a secure way to access a computer over an
unsecured network.
1. Secure Remote Login:- Securely log into a remote computer over a network.
2. Command Execution:- Execute commands on a remote machine.
3. File Transfer:- Secure file transfer using SFTP and SCP.
4. Port Forwarding/Tunneling:- Redirect network traffic securely.
5. Secure Shell Sessions:-Support multiple shell sessions over a single connection.

• Encryption: Ensures confidentiality and
integrity of data in transit.
• Authentication: Various methods including
passwords, public keys, and 2FA.
• Security: Protects against eavesdropping
and connection hijacking.
• Versatility: Useful for remote administration
and secure file transfers.
• Compression: Can improve transfer speeds
by compressing data.
• Exploit of Vulnerabilities: Unpatched servers
may have exploitable vulnerabilities.
• Misconfiguration: Weak configurations can
lead to security weaknesses.
• Default Port Usage: Default port 22 is more
visible to automated attacks.
• Insider Threats: Authorized users may
misuse their access.
Benefits Threats

Functions:
1. Domain Name Resolution: Translates domain names to IP addresses.
2. Email Routing: Supports mail exchange (MX) records for email delivery.
3. Web Traffic Management: Directs web traffic to appropriate servers using A and CNAME
records.
4. Service Discovery: Helps clients discover services via SRV records.
5. Load Balancing: Distributes traffic across multiple servers to manage load.
The standard port numbers used by DNS are:
1. Port 53: This is the default port used for DNS services.
• UDP 53: Primarily used for DNS queries due to its efficiency.
• TCP 53: Used for DNS zone transfers (AXFR/IXFR) and in cases where the response data
size exceeds 512 bytes or DNSSEC is used.
Domain Name System (DNS)

• Accessibility: Ensures that services
(websites, emails) are accessible by domain
names.
• Redundancy: Provides failover mechanisms
through DNS redundancy.
• Scalability: Easily scalable to handle
increased traffic and service demands.
• User-Friendly: Simplifies access to services
with human-readable domain names.
• Efficient Management: Centralized
management of domain records for various
services.
• DNS Spoofing/Poisoning: Attackers can
manipulate DNS data to redirect traffic to
malicious sites.
• DDoS Attacks: DNS servers can be targeted
to disrupt service availability.
• DNS Amplification Attacks: Exploits DNS
servers to launch large-scale DDoS attacks.
• Cache Poisoning: Malicious data is inserted
into DNS cache, leading to incorrect domain
resolution.
• Data Interception: Unsecured DNS queries
can be intercepted and monitored.
Benefits Threats

HTTP & HTTPS Port
Functions:
1. HTTP uses TCP port 80 (unencrypted) and HTTPS uses TCP port 443 (encrypted).
2. These ports facilitate web traffic by allowing browsers to communicate with web
servers, enabling data exchange for website content.

• Accessibility: Easy access to web services
and content.
• Standardization: Widely recognized and
used ports for web traffic ensure
compatibility.
• Security (HTTPS): Encryption of data
protects user information
• Port 80 (HTTP): Vulnerable to eavesdropping
and man-in-the-middle attacks.
• Port 443 (HTTPS): Susceptible to SSL/TLS
vulnerabilities, such as weak ciphers or
outdated protocols.
Benefits Threats

POP3
Functions:
1. Retrieve Emails: POP3 (Post Office Protocol 3) allows email clients to download emails from
the server to the local device.
2. Manage Emails: Emails are typically removed from the server after download, freeing up
server space.

• Offline Access: Emails are stored locally,
allowing offline access.
• Reduced Server Load: Downloaded emails
are removed from the server, reducing
storage requirements.
• Unencrypted Communication: Vulnerable to
interception and eavesdropping on port 110.
• Account Hijacking: Potential for
unauthorized access to email accounts.
Benefits Threats

IMAP
Functions:
1. Port: 143 (Unencrypted), 993 (Encrypted with SSL/TLS).
2. Retrieve Emails: IMAP (Internet Message Access Protocol) allows email clients to
access emails on the server without downloading them.
3. Manage Emails: Enables Management of Emails directly on the server, including reading,
deleting, and organizing.

• Server Synchronization: Emails remain
on the server, accessible from multiple
devices.
• Efficient Management: Server-side
management of emails allows for better
organization and real-time updates.
• Unencrypted Communication: Vulnerable to
interception and eavesdropping on port 143.
• Server Overload: Continuous connection to
the server can lead to higher server load and
potential performance issues.
Benefits Threats

SMTPS Functions:
1. Port: 465 (used for SMTP over SSL/TLS).
2. Send Emails: Securely sends emails from email clients to email servers.
3. Relay Emails: Facilitates the relay of emails between servers.

• Encryption: Protects email content from
interception during transmission.
• Authentication: Verifies the identity of
the sending server
• Man-in-the-Middle Attacks: Potential
for attacks if SSL/TLS is not properly
configured.
• Vulnerabilities: Outdated protocols
and weak ciphers can be exploited.
Benefits Threats

Submission Port Number Port: 587
Functions:
• Send Emails: Port 587 is used for submitting email messages from clients to mail servers
using the Simple Mail Transfer Protocol (SMTP).
• Authentication and Encryption: Ensures secure transmission of emails with mandatory
authentication and TLS encryption.

• Security: Encrypts email transmissions to
protect against interception.
• Authentication: Requires user
authentication, reducing spam and
unauthorized use.
• Standards Compliance: Widely adopted
standard for secure email submission.
• Man-in-the-Middle Attacks: Potential
risk if TLS is not properly configured.
• Exploitation: Vulnerabilities in the email
server software could be exploited.
Benefits Threats

SCCP (Skinny Client Control Protocol)
Uses port 2000 for communication.
Functions:
SCCP is a lightweight protocol used in VoIP (Voice over IP) environments,
primarily associated with Cisco's Unified Communications Manager (formerly
Call Manager). It handles call signaling, call setup, and control messages
between IP phones, gateways, and other endpoints within a Cisco VoIP
system.

• Efficiency: SCCP is efficient in terms of
bandwidth usage, making it suitable for
environments with limited network
resources.
• Integration: It integrates well with Cisco's
Unified Communications solutions,
providing robust call control features.
• Security: It offers some built-in security
features, such as authentication and
encryption options
• Security Vulnerabilities: Like any
protocol, SCCP may be susceptible to
security vulnerabilities such as denial-of-
service attacks, spoofing, or
eavesdropping.
• Interoperability Issues: Since SCCP is
proprietary to Cisco, interoperability with
non-Cisco systems or devices can be
limited without additional gateways or
conversion tools.
Benefits Threats

SIP (Session Initiation Protocol)
SIP typically uses port 5060 for UDP (User Datagram Protocol) & TCP (Transmission
Control Protocol) traffic. Port 5061 is used for secure SIP communication over TLS
(Transport Layer Security).
Functions
SIP is a signaling protocol used for initiating, maintaining and terminating
multimedia sessions such as voice and video calls over IP networks. It establishes
sessions between clients (e.g., SIP phones) and manages features such as call setup,
teardown, and transfer.

• Flexibility: SIP is highly versatile,
supporting various media types (voice,
video & messaging) and enabling
multimedia sessions.
• Scalability: It allows for easy integration
with existing IP-based networks and can
scale to accommodate large deployments.
• Interoperability: SIP is an open standard
protocol, facilitating interoperability
between different vendors' products and
services.
• Denial-of-Service (DoS) Attacks: SIP
services can be targeted by DoS attacks to
disrupt communication or overload
resources.
• Eavesdropping: Without encryption, SIP
signaling and media streams can be
intercepted, compromising confidentiality.
• Spoofing and Fraud: Attackers may spoof
SIP messages or manipulate headers to
impersonate users or gain unauthorized
access.
Benefits Threats

Mitigation Measures
To Mitigate Risks Associated with Open Ports for any Domain.
1. Identify Open Port:- Identify which ports are open on your server by using tools like Nmap
2. Close Unnecessary Ports: Only keep necessary ports open. Close all unnecessary ports to reduce
the attack surface.
3. Use Firewalls:- Implement firewalls to control and monitor incoming and outgoing network
traffic based on predetermined security rules.
Configure Firewall Rules:
•Allow traffic on necessary ports (e.g., port 80 for HTTP, port 443 for HTTPS).
•Deny all other traffic by default and allow exceptions as needed.
4. Update and Patch Regularly:- Ensure that all software, including the operating system and
applications, is up to date with the latest security patches.

5. Implement Intrusion Detection and Prevention Systems – Deploy IDPs
6. Use Secure Protocols
•Replace insecure protocols with secure ones (e.g., use HTTPS instead of HTTP).
•Ensure SSH access is secured (e.g., use key-based authentication instead of password-based).
7. Monitor Logs
Regularly monitor server and application logs for suspicious activities.
8. Implement Network Segmentation
Segment your network to limit the spread of potential intrusions.
9. Use VPNs for Remote Access
For remote access to internal services, use a Virtual Private Network (VPN) to ensure that the
connection is encrypted and secure.
10. Regular Security Audits
Conduct regular security audits and vulnerability assessments to identify and remediate potential weaknesses.

Click to edit
Master title style
Continuous Monitoring and
Response
• Implement continuous monitoring
solutions and establish an incident
response plan to quickly detect and
respond to security incidents.
• By following these mitigation measures,
you can significantly enhance the security
of your open ports and protect your
domain from potential threats

Click to edit
Master title style

Questions ?

Thank You!

Scan Website Vulnerability - Project Presentation

More Related Content

What's hot

Similar to Scan Website Vulnerability - Project Presentation

More from jatniwalafizza786

Recently uploaded

Scan Website Vulnerability - Project Presentation