Scribd
Upload
2K views24 pages

Security Audit

Step by Step System Audit with Rational Tools First Presented for: Security Testing: The Rational User's Conference Orlando, FL 2002 with: Chris Walters Scott Barber Chief Technology Officer PerfTestPlus, Inc. All rights reserved.

Uploaded by

neovik82
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views24 pages

Security Audit

Step by Step System Audit with Rational Tools First Presented for: Security Testing: The Rational User's Conference Orlando, FL 2002 with: Chris Walters Scott Barber Chief Technology Officer PerfTestPlus, Inc. All rights reserved.

Uploaded by

neovik82
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Security Testing:

Step by Step System Audit with Rational


Tools

First Presented for:


The Rational User's Conference
Orlando, FL 2002
with:
Chris Walters

Scott Barber
Chief Technology Officer
PerfTestPlus, Inc.

www.PerfTestPlus.com Security Audit Page 1


© 2006 PerfTestPlus, Inc. All rights reserved.
Agenda

Threat Analysis
Security Arenas & Policies
Arsenal of Tools
Security Audits
- Security Test Plan
- Systems Lockdown
- Internal Testing
- External Testing
- Reporting

www.PerfTestPlus.com Security Audit Page 2


© 2006 PerfTestPlus, Inc. All rights reserved.
Threat Analysis

Statistics of Breaches
90% Detected computer security breach
80% Acknowledged financial loss due to breach
44% Will or able to quantify losses totaling $455,848,000
55% Reported denial of service (DOS) attacks

www.PerfTestPlus.com Security Audit Page 3


© 2006 PerfTestPlus, Inc. All rights reserved.
Threat Analysis – Cont.

Examples
- NIMDA Virus
- Code Red
- Remote Denial Of Service
- AOL Instant Messenger Buffer Overflow
Examples

www.PerfTestPlus.com Security Audit Page 4


© 2006 PerfTestPlus, Inc. All rights reserved.
Security Arenas
Access Control Systems
Telecommunications & Networks
Security Management
Application & System Development
Cryptography
Architecture & Models
Operations Security
Law, Investigation, & Ethics
Business Continuity & Disaster Recovery
Physical Security

www.PerfTestPlus.com Security Audit Page 5


© 2006 PerfTestPlus, Inc. All rights reserved.
Security Policy

Risk Management The Site Security Policies


- Incident Response Procedure Handbook
- Point of Contact http://www.ietf.org/rfc/rfc2196.txt?Number=2196

Disaster Recovery
- Personal Data The SANS Security Policy
Backup Project
Security Training http://www.sans.org/newlook/resources/policies/policies.htm

- Social Engineering
- Best Practices

www.PerfTestPlus.com Security Audit Page 6


© 2006 PerfTestPlus, Inc. All rights reserved.
Arsenal of Tools

Tools that assist in providing security


- Firewalls
- AntiVirus
- Network Topology

www.PerfTestPlus.com Security Audit Page 7


© 2006 PerfTestPlus, Inc. All rights reserved.
Arsenal of Tools – Cont.

Tools that assist in auditing security


- Rational TestStudio
- Nessus
- Internet Security Scanner

www.PerfTestPlus.com Security Audit Page 8


© 2006 PerfTestPlus, Inc. All rights reserved.
Security Audits

Security Test Plan


Systems Lockdown
Internal Testing
External Testing
Reporting

www.PerfTestPlus.com Security Audit Page 9


© 2006 PerfTestPlus, Inc. All rights reserved.
Security Test Plan – Gathering Data
Hardware Architecture
-Firewalls, Routers, Gateways, Switches
-Web Servers
-Database Servers
Software Architecture
-Client/Server
-Web Based
User Model
-SysAdmin
-DBA
-General User
www.PerfTestPlus.com Security Audit Page 10
© 2006 PerfTestPlus, Inc. All rights reserved.
Security Lockdown

Hardening Systems
- Windows
- Solaris
- Linux
Viruses etc.
- Trojan Horses
- Worms
- Macros
- Viruses

www.PerfTestPlus.com Security Audit Page 11


© 2006 PerfTestPlus, Inc. All rights reserved.
System Lockdown
Firewalls
- DMZ
- Open Ports
- Bypassing

www.PerfTestPlus.com Security Audit Page 12


© 2006 PerfTestPlus, Inc. All rights reserved.
Internal Penetration Test

Port Sniffing
#include <VU.h>
string host = "www.rational.com";
int port, bytes;
{
push [Timeout_val=10, Think_avg=0,
Connect_retries=0];
for (port=20; port < 81; port++) {
display (itoa(port));
sut = sock_connect("sut", host + ":" +
itoa(port));
if (sut > 0) {
set Server_connection = sut;
sock_send "";
bytes = sock_isinput();
sock_nrecv ["sut~" + itoa(port)]
bytes;
}
}
}
IP Aliasing in TestStudio
Security Audit
www.PerfTestPlus.com
© 2006 PerfTestPlus, Inc. All rights reserved.
Page 13
DEMO – Hacking from the Inside

www.PerfTestPlus.com Security Audit Page 14


© 2006 PerfTestPlus, Inc. All rights reserved.
External Penetration Test
Packet Sniffing
- Network Recording between servers
ClearText Transmissions
- Record possible unencrypted data traffic
(Distributed) Denial Of Service Attack
- Simulate using Virtual Testers with no delays in
multiple locations
Buffer Overflow
- Playback with larger that allowed fields for POST
data submissions

www.PerfTestPlus.com Security Audit Page 15


© 2006 PerfTestPlus, Inc. All rights reserved.
External Penetration Test – Cont.
Brute Force Cracking
- Playback with DataPools of usernames and passwords
#include <VU.h>
string host = "www.rational.com";{
push [Timeout_val=10, Think_avg=0, Connect_retries=0];
do {
rational_com = http_request [Brute F~001]
"www.rational.com:80",
HTTP_CONN_DIRECT,
"POST /login/loginprocess.jsp HTTP/1.1\r\n"
"Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, applicat"
"ion/vnd.ms-powerpoint, application/vnd.ms-excel,
application/msword, */*\r\n"
"Accept-Language: en-us\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.0)\r\n"
"Host: www.rational.com\r\n"
"Connection: Keep-Alive\r\n\r\n";
www.PerfTestPlus.com Security Audit Page 16
© 2006 PerfTestPlus, Inc. All rights reserved.
DEMO – Breaking in with Robot

www.PerfTestPlus.com Security Audit Page 17


© 2006 PerfTestPlus, Inc. All rights reserved.
Wireless Security

WAP & ECC


- Audit security at the gateway and beyond with
TestStudio
Emulators & TestStudio
- Audit security between device and gateway
802.11 & WEP
- Audit security using TestStudio just like on a wired
network

www.PerfTestPlus.com Security Audit Page 18


© 2006 PerfTestPlus, Inc. All rights reserved.
Reporting the Results

Defect reporting
- Incorporate ClearQuest
Coverage reporting
- Incorporate RequisitePro
Custom reporting using TestStudio
- Incorporate Manual test
- Created using Crystal Reports and SoDA

www.PerfTestPlus.com Security Audit Page 19


© 2006 PerfTestPlus, Inc. All rights reserved.
Common Security Holes

Vulnerable CGI Programs


Global File Shares
Weak Passwords
Default SNMP Settings
Microsoft IIS Holes
Social EngineeringVulnerable

www.PerfTestPlus.com Security Audit Page 20


© 2006 PerfTestPlus, Inc. All rights reserved.
Other Resources
Websites Books
- www.sans.org - Maximum Security
- www.happyhacker.org - Practical UNIX & Internet
- www.antionline.com Security
- www.securityfocus.com
- Web Security &
- csrc.nist.gov
Commerce
- www.antionline.com
- And many more!
- Building Internet
Firewalls
RFC Documents
- www.ietf.org/rfc.html
- And many more!
Training
Periodicals
www.PerfTestPlus.com Security Audit Page 21
© 2006 PerfTestPlus, Inc. All rights reserved.
Conclusion
If you are connected, you are at risk
Security policies are required
Incident response forms are a must
Security audits are the only way to test your
security

www.PerfTestPlus.com Security Audit Page 22


© 2006 PerfTestPlus, Inc. All rights reserved.
Rational User Conferenc 2002

Questions?

www.PerfTestPlus.com Security Audit Page 23


© 2006 PerfTestPlus, Inc. All rights reserved.
Contact Info

Scott Barber
Chief Technology Officer
PerfTestPlus, Inc

E-mail: Web Site:


[email protected] www.PerfTestPlus.com

www.PerfTestPlus.com Security Audit Page 24


© 2006 PerfTestPlus, Inc. All rights reserved.

You might also like