SlideShare a Scribd company logo

Vulnerability Assessment Report

H
Harshit Singh Bhatia

This document provides a vulnerability assessment report for a network called the Grey Network. It analyzes vulnerabilities found on 3 machines with IP addresses 172.31.106.13, 172.31.106.90, and 172.31.106.196. The report found critical vulnerabilities on all machines from outdated operating systems and software. Specific issues included an unencrypted Telnet server, outdated Apache and OpenSSL versions, and Windows XP past its end of life. Scanning tools like Nmap, Nikto, and Nessus were used to detect these vulnerabilities. The report recommends patching all systems, updating to current versions, and disabling insecure services.

1 of 19
Download to read offline
4/19/2015 VULNERABILITY ASSESSMENT REPORT NETS1016: Security Trends and Issues Harshit Bhatia 200299513
1 Table of Contents Introduction...................................................................................................................................2 Details of the Network..............................................................................................................2 Scope of Test .............................................................................................................................2 Purpose of Test ..........................................................................................................................3 Type of Test ................................................................................................................................3 Executive Summary......................................................................................................................3 OS Security Issues ......................................................................................................................3 Application Issues .....................................................................................................................3 Technical Summary......................................................................................................................5 Vulnerability Definitions ............................................................................................................5 Critical.....................................................................................................................................5 High .........................................................................................................................................5 Medium/Low..........................................................................................................................5 Informational..........................................................................................................................5 Tools used for the Test...............................................................................................................5 Nmap......................................................................................................................................5 Nikto ........................................................................................................................................6 Nessus......................................................................................................................................6 Security issues with the machines...........................................................................................7 172.31.106.13..........................................................................................................................7 172.31.106.90........................................................................................................................10 172.31.106.196......................................................................................................................12 Annexes .......................................................................................................................................16 Glossary of Terms.....................................................................................................................16 Buffer Overflow....................................................................................................................16 Denial of Service .................................................................................................................16 Directory Traversal...............................................................................................................16 Social Engineering...............................................................................................................16 SQL Injection ........................................................................................................................17 Conclusion...................................................................................................................................17 References ..................................................................................................................................18
2 Introduction Details of the Network  The network is Georgian College’s Private Network called as Grey Network. It has no access to internet.  There were a total of 9 machines tested for vulnerabilities.  The vulnerability assessment was not intended to the process of hacking the machines and gaining credentials to exploit the systems using the appropriate exploit.  The network is on a gigabit LAN connectivity.  The Operating System of each machine tested was not known initially, but was made clear upon the assessment of the machines. Scope of Test A total of 9 systems were tested, with the following IP addresses:  172.31.106.90  172.31.106.197  172.31.106.39  172.31.106.33  172.31.106.32  172.31.106.196  172.31.106.31  172.31.106.46  172.31.106.13 This report is about the analysis of only 3 vulnerable machines. The following are the IP addresses:  172.31.106.13
3  172.31.106.90  172.31.106.196 Purpose of Test To find whether the machines mentioned above are vulnerable and perform a vulnerability assessment of the machines. Type of Test The type of the test performed on the machines is a Grey Box test. We were supplied with appropriate user level privileges and access permitted to the internal network by relaxation of specific security policies present on the network. Executive Summary OS Security Issues  Except for the machines with IPs 172.31.106.197 and 172.31.106.33, a standard theme among all systems was that all of them contain a minimum of one instance of critical vulnerability.  It appears that by merely repair or change these systems most of the vulnerabilities are going to be mounted. This means that an absence of awareness to patch and update the machines is present with the administrator.  In some of the machines the operating systems were also found as outdated, which requires a replacement. Application Issues  Patching and updating this system will fix the critical vulnerabilities identified.  Disable certain Internet browsing settings to not support Transport Layer Security v3 (TLSv3), which contains a vulnerability known as POODLE.
4  Some machines have an outdated Apache web server and outdated OpenSSL software solution. The best practice is to update both solutions and update regularly when there is an update released. It is crucial that the web server and OpenSSL software is updated as the current installed versions are highly vulnerable to Denial of Service (DOS) and buffer overflow attacks which may lead to a compromise in the machine.  An SSL certificate with the wrong hostname was found, and a weak hashing algorithm was used to sign SSL certificates. Correcting this to the proper hostname and using a stronger hashing algorithm such as SHA-512 will strengthen the security of the machine.  A machine has Windows XP installed in it. An operating system beyond its end-of- life support and should be updated. Patching and updating the system will not be as effective as updating the operating system in its entirety. However, it can be understood that certain legacy software cannot run on newer versions of Windows and thus management will have to sign off on this issue if that is the case.  On one of the machines, an unencrypted telnet server is enabled and may lead to potential eavesdropping attacks. We recommend disabling this service and opting to the usage of SSH, which is a secure version of Telnet.  One of the machine requires disabling of the anonymous FTP and use of more secure FTPS.
5 Technical Summary Vulnerability Definitions Critical A vulnerability permitting remote code execution, elevation of privilege or a denial of service on an affected system. Essential vulnerabilities are a significant threat to business continuity and may right away be addressed. High A security weakness, whose exploitation might lead to the compromise of the Confidentiality, Integrity or convenience of the company’s data. Medium/Low Insecure services and protocols square measure being used by the system permitting doubtless permitting unrestricted access to sensitive info. Informational Similar to a medium/low vulnerability however with a far lower degree of threat. Parts below this class are in their own nature harmless, however will doubtless be employed by attackers as some way to perform reconnaissance mission against the target systems and exploit them consequently supported the data gathered from things during this section. Tools used for the Test Nmap Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs
6 on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. Nikto Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. Nessus In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use AmapM[4] or Nmap[5]) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL(Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.
7 Security issues with the machines 172.31.106.13
8
9
10 172.31.106.90
11
12 172.31.106.196
13
14
15
16 Annexes Glossary of Terms Buffer Overflow Normally takes the form of inputting an overly long string of characters or commands that the system cannot deal with. Some functions have a finite space available to store these characters or commands and any extra characters etc. over and above this will then start to overwrite other portions of code and in worse case scenarios will enable a remote user to gain a remote command prompt with the ability to interact directly with the local machine. Denial of Service This is an aimed attacks designed to deny a particular service that you could rely on to conduct your business. These are attacks designed to say overtax a web server with multiple requests which are intended to slow it down and possibly cause it to crash. Traditionally such attacks emanated from one particular source. Directory Traversal Basically when a user or function tries to “break” out of the normal parent directory specified for the application and traverse elsewhere within the system, possibly gaining access to sensitive files or directories in the process. Social Engineering Normally uses a limited range of distinct subject matter to entice users to open and run an attachment say. Usually associated with phishing/E-mail type attacks. The main themes are:  Sexual - Sexual ideas/pictures/websites,  Curiosity - Friendly themes/appealing to someone's passion or obsession,
17  Fear - Reputable sources/virus alert,  Authority - Current affairs/bank e-mails/company e-mails SQL Injection Basically when a low privileged user interactively executes PL/SQL commands on the database server by adding additional syntax into standard arguments, which is then passed to a particular function enabling enhanced privileges. Conclusion Patching and updating the machines will help in eliminating the vulnerabilities most of which are critical and high in severity. The medium and low ones can be removed with some effort of the system administrator.
18 References http://www.vulnerabilityassessment.co.uk/report%20template.html http://nmap.org/ http://en.wikipedia.org/wiki/Nessus_%28software%29 http://en.wikipedia.org/wiki/Nikto_Web_Scanner

Recommended

Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
Octogence
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
Aman Srivastava
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1
ShivamSharma909
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
AbhayNaik8
 

Recommended

Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
Octogence
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
Aman Srivastava
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1
ShivamSharma909
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
AbhayNaik8
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
Zscaler
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security Testing
Sanjulika Rastogi
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
NCC Group
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
Prime Infoserv
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
Dennis Chaupis
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
gbud7
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing Guide
Badawy Abd El-Aziz
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 

More Related Content

What's hot

Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security Testing
Sanjulika Rastogi
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
gbud7
 

What's hot (20)

Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security Testing
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing Guide
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 

Viewers also liked

The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
NetSPI
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Vulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements inVulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements in
Keith G. Tidball
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
Dmitry Evteev
 

Viewers also liked (20)

Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Sample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructureSample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructure
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)
 
Hazard Vulnerability Assessments
Hazard Vulnerability AssessmentsHazard Vulnerability Assessments
Hazard Vulnerability Assessments
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Vulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements inVulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements in
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
Thick client application security assessment
Thick client application security assessmentThick client application security assessment
Thick client application security assessment
 
PCI Guidance On Penetration Testing
PCI Guidance On Penetration TestingPCI Guidance On Penetration Testing
PCI Guidance On Penetration Testing
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 

Similar to Vulnerability Assessment Report

CSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayCSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment Essay
Rochelle Schear
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD Proposal
Todd Deshane
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
Angie Lee
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
Tim Wright
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
Timothy Chen
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
 

Similar to Vulnerability Assessment Report (20)

CSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayCSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment Essay
 
business
businessbusiness
business
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD Proposal
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
Manual Sophos
Manual SophosManual Sophos
Manual Sophos
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
 
OS-Anatomy-Article
OS-Anatomy-ArticleOS-Anatomy-Article
OS-Anatomy-Article
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
cynapspro endpoint data protection - installation guide
cynapspro endpoint data protection - installation guidecynapspro endpoint data protection - installation guide
cynapspro endpoint data protection - installation guide
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 

Vulnerability Assessment Report

  • 1. 4/19/2015 VULNERABILITY ASSESSMENT REPORT NETS1016: Security Trends and Issues Harshit Bhatia 200299513
  • 2. 1 Table of Contents Introduction...................................................................................................................................2 Details of the Network..............................................................................................................2 Scope of Test .............................................................................................................................2 Purpose of Test ..........................................................................................................................3 Type of Test ................................................................................................................................3 Executive Summary......................................................................................................................3 OS Security Issues ......................................................................................................................3 Application Issues .....................................................................................................................3 Technical Summary......................................................................................................................5 Vulnerability Definitions ............................................................................................................5 Critical.....................................................................................................................................5 High .........................................................................................................................................5 Medium/Low..........................................................................................................................5 Informational..........................................................................................................................5 Tools used for the Test...............................................................................................................5 Nmap......................................................................................................................................5 Nikto ........................................................................................................................................6 Nessus......................................................................................................................................6 Security issues with the machines...........................................................................................7 172.31.106.13..........................................................................................................................7 172.31.106.90........................................................................................................................10 172.31.106.196......................................................................................................................12 Annexes .......................................................................................................................................16 Glossary of Terms.....................................................................................................................16 Buffer Overflow....................................................................................................................16 Denial of Service .................................................................................................................16 Directory Traversal...............................................................................................................16 Social Engineering...............................................................................................................16 SQL Injection ........................................................................................................................17 Conclusion...................................................................................................................................17 References ..................................................................................................................................18
  • 3. 2 Introduction Details of the Network  The network is Georgian College’s Private Network called as Grey Network. It has no access to internet.  There were a total of 9 machines tested for vulnerabilities.  The vulnerability assessment was not intended to the process of hacking the machines and gaining credentials to exploit the systems using the appropriate exploit.  The network is on a gigabit LAN connectivity.  The Operating System of each machine tested was not known initially, but was made clear upon the assessment of the machines. Scope of Test A total of 9 systems were tested, with the following IP addresses:  172.31.106.90  172.31.106.197  172.31.106.39  172.31.106.33  172.31.106.32  172.31.106.196  172.31.106.31  172.31.106.46  172.31.106.13 This report is about the analysis of only 3 vulnerable machines. The following are the IP addresses:  172.31.106.13
  • 4. 3  172.31.106.90  172.31.106.196 Purpose of Test To find whether the machines mentioned above are vulnerable and perform a vulnerability assessment of the machines. Type of Test The type of the test performed on the machines is a Grey Box test. We were supplied with appropriate user level privileges and access permitted to the internal network by relaxation of specific security policies present on the network. Executive Summary OS Security Issues  Except for the machines with IPs 172.31.106.197 and 172.31.106.33, a standard theme among all systems was that all of them contain a minimum of one instance of critical vulnerability.  It appears that by merely repair or change these systems most of the vulnerabilities are going to be mounted. This means that an absence of awareness to patch and update the machines is present with the administrator.  In some of the machines the operating systems were also found as outdated, which requires a replacement. Application Issues  Patching and updating this system will fix the critical vulnerabilities identified.  Disable certain Internet browsing settings to not support Transport Layer Security v3 (TLSv3), which contains a vulnerability known as POODLE.
  • 5. 4  Some machines have an outdated Apache web server and outdated OpenSSL software solution. The best practice is to update both solutions and update regularly when there is an update released. It is crucial that the web server and OpenSSL software is updated as the current installed versions are highly vulnerable to Denial of Service (DOS) and buffer overflow attacks which may lead to a compromise in the machine.  An SSL certificate with the wrong hostname was found, and a weak hashing algorithm was used to sign SSL certificates. Correcting this to the proper hostname and using a stronger hashing algorithm such as SHA-512 will strengthen the security of the machine.  A machine has Windows XP installed in it. An operating system beyond its end-of- life support and should be updated. Patching and updating the system will not be as effective as updating the operating system in its entirety. However, it can be understood that certain legacy software cannot run on newer versions of Windows and thus management will have to sign off on this issue if that is the case.  On one of the machines, an unencrypted telnet server is enabled and may lead to potential eavesdropping attacks. We recommend disabling this service and opting to the usage of SSH, which is a secure version of Telnet.  One of the machine requires disabling of the anonymous FTP and use of more secure FTPS.
  • 6. 5 Technical Summary Vulnerability Definitions Critical A vulnerability permitting remote code execution, elevation of privilege or a denial of service on an affected system. Essential vulnerabilities are a significant threat to business continuity and may right away be addressed. High A security weakness, whose exploitation might lead to the compromise of the Confidentiality, Integrity or convenience of the company’s data. Medium/Low Insecure services and protocols square measure being used by the system permitting doubtless permitting unrestricted access to sensitive info. Informational Similar to a medium/low vulnerability however with a far lower degree of threat. Parts below this class are in their own nature harmless, however will doubtless be employed by attackers as some way to perform reconnaissance mission against the target systems and exploit them consequently supported the data gathered from things during this section. Tools used for the Test Nmap Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs
  • 7. 6 on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. Nikto Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. Nessus In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use AmapM[4] or Nmap[5]) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL(Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.
  • 8. 7 Security issues with the machines 172.31.106.13
  • 9. 8
  • 10. 9
  • 12. 11
  • 14. 13
  • 15. 14
  • 16. 15
  • 17. 16 Annexes Glossary of Terms Buffer Overflow Normally takes the form of inputting an overly long string of characters or commands that the system cannot deal with. Some functions have a finite space available to store these characters or commands and any extra characters etc. over and above this will then start to overwrite other portions of code and in worse case scenarios will enable a remote user to gain a remote command prompt with the ability to interact directly with the local machine. Denial of Service This is an aimed attacks designed to deny a particular service that you could rely on to conduct your business. These are attacks designed to say overtax a web server with multiple requests which are intended to slow it down and possibly cause it to crash. Traditionally such attacks emanated from one particular source. Directory Traversal Basically when a user or function tries to “break” out of the normal parent directory specified for the application and traverse elsewhere within the system, possibly gaining access to sensitive files or directories in the process. Social Engineering Normally uses a limited range of distinct subject matter to entice users to open and run an attachment say. Usually associated with phishing/E-mail type attacks. The main themes are:  Sexual - Sexual ideas/pictures/websites,  Curiosity - Friendly themes/appealing to someone's passion or obsession,
  • 18. 17  Fear - Reputable sources/virus alert,  Authority - Current affairs/bank e-mails/company e-mails SQL Injection Basically when a low privileged user interactively executes PL/SQL commands on the database server by adding additional syntax into standard arguments, which is then passed to a particular function enabling enhanced privileges. Conclusion Patching and updating the machines will help in eliminating the vulnerabilities most of which are critical and high in severity. The medium and low ones can be removed with some effort of the system administrator.