Risk assesment IT Security project

774 views

Published on

Risk ass

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
774
On SlideShare
0
From Embeds
0
Number of Embeds
41
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Risk assesment IT Security project

  1. 1. <ul>Risk assessment for the <li>Secret Nuclear Research
  2. 2. Facility </li></ul><ul>Red Team: <li>Mads, Paul, Vlad Stefan </li></ul><ul>2 nd of November 2011 </ul>
  3. 3. <ul>Overview </ul><ul><li>Risk Assessment
  4. 4. Recommendations
  5. 5. Resulted Documentation </li></ul>
  6. 6. <ul>Planned Network Overview </ul>
  7. 7. <ul>Actual Network Overview – Audit Result </ul>
  8. 8. <ul>Network Characterization </ul><ul><li>Physical Location – Unknown/Undisclosed
  9. 9. Components </li><ul><li>Servers/Tech LAN : 172.16.1.0/24
  10. 10. Office/Lab LAN : 172.16.2.0/24
  11. 11. VPN connection to Headquarter
  12. 12. One pfSense as router, gateway and firewall </li></ul></ul>
  13. 13. <ul>Network Characterization </ul><ul><li>Server/Tech LAN </li></ul><ul><ul><li>Mail Server
  14. 14. Web Server
  15. 15. Database Server
  16. 16. DebManage </li></ul></ul><ul><li>Office/Lab LAN </li></ul><ul><ul><li>Windows XP for machines in the Research Laboratory
  17. 17. Windows XP as Workstations </li></ul></ul><ul><ul><ul><li>Undisclosed number employees and workstations </li></ul></ul></ul><ul><li>Authorized User </li></ul><ul><ul><li>Employees of the SRNF </li></ul></ul>
  18. 18. <ul>System Characterization - Clients </ul><ul><li>Hardware </li></ul><ul><ul><li>Desktop PC </li></ul></ul><ul><li>Software </li></ul><ul><ul><li>Windows XP
  19. 19. Firefox web browser
  20. 20. Thunderbird Mail Client
  21. 21. Office Suite
  22. 22. Classified Productivity Tools </li></ul></ul><ul><li>Interfaces </li></ul><ul><ul><li>RJ-45
  23. 23. CD-ROM
  24. 24. 4 x USB port </li></ul></ul>
  25. 25. <ul>System Characterization - Servers </ul><ul><li>Hardware </li></ul><ul><ul><li>Blade Server </li></ul></ul><ul><li>Software </li></ul><ul><ul><li>Debian OS
  26. 26. (DVL OS for Web Server)
  27. 27. Specific Server Daemon Running
  28. 28. SSH Server </li></ul></ul><ul><li>Interfaces </li></ul><ul><ul><li>RJ-45
  29. 29. CD-ROM
  30. 30. 4 x USB port </li></ul></ul>
  31. 31. <ul>System Characterization </ul><ul><li>Data & info </li></ul><ul><ul><li>Private PGP key
  32. 32. Confidential organization files
  33. 33. Work files
  34. 34. Secret Research Documents </li></ul></ul><ul><li>System Mission </li></ul><ul><ul><li>Web surfing for Work Related Issues
  35. 35. Mail
  36. 36. Workstations
  37. 37. Classified activities </li></ul></ul>
  38. 38. <ul><li>System&Data criticality </li></ul><ul><li>Private PGP key H
  39. 39. Confidential organization files EH
  40. 40. Work files M
  41. 41. Secret Research Documents EH </li></ul><ul><li>Data & info </li></ul><ul><li>Private PGP key M
  42. 42. Confidential organization files H
  43. 43. Work files M
  44. 44. Secret Research Documents H </li></ul>L = Low, M = Medium, H = High, EH = Extremely High <ul>System Characterization </ul>
  45. 45. <ul>Threat-source </ul><ul>Motivation </ul><ul>Threat action </ul><ul>Hackers, crackers </ul><ul>Challenge, Ego </ul><ul><li>Hacking
  46. 46. Social Engineering
  47. 47. Unauthorized access </li></ul><ul>Industrial Espionage </ul><ul>Competitive advantages </ul><ul><li>Economic exploitation
  48. 48. Information Theft
  49. 49. Social Engineering
  50. 50. Access to classified information </li></ul><ul>Government Espionage </ul><ul>Law infringement, Insufficient bribery </ul>Information Gathering Social Engineering Access to classified information <ul>Stupid user/administrators </ul><ul>Stupidity </ul><ul><li>Misplacement
  51. 51. Physical damage
  52. 52. Misconfiguration </li></ul>Freelancers (Blue Leader) Money Information Gathering Social Engineering Access to classified information <ul>Threat Identification </ul>
  53. 53. <ul>Vulnerability </ul><ul>Threat source </ul><ul>Threat action </ul><ul>Outdated and unpatched OS (known issues) – Windows XP w/o SP </ul><ul>Hackers </ul><ul><li>System crash
  54. 54. DoS
  55. 55. System failures
  56. 56. Remote Access </li></ul><ul>Misconfiguration of MySQL – root is the only user </ul><ul>(Unauthorized) users </ul><ul><li>Access to sensitive information
  57. 57. Data tempering </li></ul><ul>Web Server running on the server LAN using a vulnerab. OS </ul><ul>Users, Hackers </ul><ul><li>Unauthorized access </li></ul><ul>PfSense running firewall, gateway, router and DNS server </ul><ul>Malicious users </ul><ul><li>(Single Point of Failure)
  58. 58. DoS </li></ul>FTP server used as “file server” Users, Hackers, Secret Agents Access to sensitive information Data tempering Oudates and unpatched software Malicious users System crash DoS System failures Remote Access Vulnerability Identification
  59. 59. <ul>Vulnerability </ul><ul>Threat source </ul><ul>Likelihood Level </ul><ul>Outdated and unpatched OS (known issues) – Windows XP w/o SP </ul><ul>Hackers </ul><ul><li>Medium </li></ul><ul>Misconfiguration of MySQL – root is the only user </ul><ul>(Unauthorized) users </ul><ul><li>High </li></ul><ul>Web Server running on the server LAN using a vulnerab. OS </ul><ul>Users, Hackers </ul><ul><li>Medium </li></ul><ul>PfSense running firewall, gateway, router and DNS server </ul><ul>Malicious users </ul><ul><li>Medium </li></ul>FTP server used as “file server” Users, Hackers, Secret Agents High Outdated and unpatched software Malicious users Medium <ul>Likelihood Determination </ul>
  60. 60. <ul>Vulnerability </ul><ul>Threat source </ul><ul>Confidentiality </ul>Integrity Availability <ul>Outdated and unpatched OS (known issues) – Windows XP w/o SP </ul><ul>Hackers </ul><ul>Medium </ul>Medium High <ul>Misconfiguration of MySQL – root is the only user </ul><ul>(Unauthorized) users </ul><ul>High </ul>High High <ul>Web Server running on the server LAN using a vulnerab. OS </ul><ul>Users, Hackers </ul><ul>Medium </ul><ul><li>Medium </li></ul><ul><li>Medium </li></ul><ul>PfSense running firewall, gateway, router and DNS server </ul><ul>Malicious users </ul><ul>Medium </ul><ul><li>Medium </li></ul><ul><li>Medium </li></ul>FTP server used as “file server” Users, Hackers, Secret Agents High High Medium Outdated and unpatched software Malicious users Medium <ul><li>Medium </li></ul><ul><li>Medium </li></ul><ul>Impact Analysis </ul>
  61. 61. <ul>Vulnerability </ul><ul>Threat source </ul><ul>Likelihood Level </ul><ul>Outdated and unpatched OS (known issues) – Windows XP w/o SP </ul><ul>Hackers </ul><ul>Medium </ul><ul>Misconfiguration of MySQL – root is the only user </ul><ul>(Unauthorized) users </ul><ul>High </ul><ul>Web Server running on the server LAN using a vulnerab. OS </ul><ul>Users, Hackers </ul><ul>High </ul><ul>PfSense running firewall, gateway, router and DNS server </ul><ul>Malicious users </ul><ul>Medium </ul>FTP server used as “file server” Users, Hackers, Secret Agents High Outdated and unpatched software Malicious users Medium <ul>Risk Determination </ul>
  62. 62. <ul><li>High Impact, High Likelihood </li></ul><ul><li>Authorize a penetration testing on the SNRF
  63. 63. Do not call a “lock-down” </li><ul><li>Discreet manner for not to alert Blue Leader </li></ul><li>Implement the recommendations resulted from the penetration testing </li></ul><ul>Control Recommendations </ul>
  64. 64. Will be presented in the Penetration testing Report. It is our strong recommendation to implement all the suggested security features presented on resulted after the Penetration Testing. <ul>Resulted Documentation </ul>
  65. 65. TOP SECRET ----------------- U445-12B This Document is never to be reproduced or leaked to any other except to the staff of Applied Destruction Inc. Treason charges will be set to any who will not obey. <ul>Questions? </ul>

×