© 2017 Elegant Infosec Consultancy Pvt. Ltd. - All rights reserved
Client X is a specialist in financial software testing with over 8 million person hour track record for global clients. They constantly improve the IT infrastructure for providing enhanced services to its business users and clients. Protection of sensitive information is critical for their business. So they engaged Elegant to perform a review of Internet Facing Infrastructure. Based on the agreed scope and objective of the engagement, following activities were performed. Identification of the vulnerabilities related to client’s internal facing servers and devices; Prioritization of the vulnerabilities depending upon the risk exposure; and Development of recommendations to mitigate the vulnerabilities.
| Vulnerabilities | Risk | Suggested Corrective-action |
|---|---|---|
| Microsoft patches missing | Exploits for the known vulnerabilities are readily available in public which could be launched with minimum expertise. | Microsoft patches update periodically |
| Application Patches missing | Vulnerabilities are increased to exploiting 3rd party applications | Client X should ensure that only the authorized applications are allowed throughout the network and the patches for them are checked periodically and updated |
| Terminal Services Encryption Level is Medium or Low | The remote host is using weak cryptography. | Change RDP encryption level to one of: 3. High 4. FIPS Compliant |
| SMB sign required | This can allow man-in-the-middle attacks against the SMB server | Set the registry key value 1 to Require Security Signature, enable Digitally sign communications (always) – Enabled |
Elegant not only provides the reports for vulnerabilities identified but also spends time closely with clients to make them understand what the issues were and provides the solutions for the findings. We understand that Information Security is a key concern for Client X due to the inherent nature of its business. So we have recommended solution based on the best practise and same process to be re-performed periodically to assess the effectiveness of implemented security controls or risk exposure due to new vulnerability.
Client Y is one of the largest ICT Company over the sea and had maintained the leadership over last 30 years with sustainable growth. They have more than 3,000 IT professionals covering over 23 cities. Client Y engaged Elegant to perform a review of Client’s Internet Facing Infrastructure. Based on the agreed scope and objective of the engagement, following activities were performed. Identification of the vulnerabilities related to client’s internal facing servers and devices; Prioritization of the vulnerabilities depending upon the risk exposure; and Development of recommendations to mitigate the vulnerabilities.
| Vulnerabilities | Risk | Suggested Corrective-action |
|---|---|---|
| This vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package. The 'rpc.statd' server is an RPC server that implements the Network Status and Monitor RPC protocol. It's a component of the Network File System (NFS) architecture. | Attacker may able to access the system remotely with root privilege | Client Y should upgrade the latest version of rpc.statd. |
| Application Patches missing | Vulnerabilities are increased to exploiting 3rd party applications | Client X should ensure that only the authorized applications are allowed throughout the network and the patches for them are checked periodically and updated |
| Multiple remote buffer overflow vulnerabilities found in the Jabber Server. These issues are due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. | An attacker may leverage these issues to execute arbitrary code on a computer with the privileges of the server process. This may facilitate unauthorized access or privilege escalation. | If Jabber server is used for internal / development purpose, Client Y should customize to hardening the server configuration and segregate to restrict the network access. Else, the Jabber server is scope of any compliance (i.e PCI DSS/ HIPPA) or dealt with any customer data, Client Y should consider changing the product solution. |
| The database service can be accessed from outside of public network | Hacker may execute the Denial of Service attack against the sensitive database server | Client Y should ensure the Database server is located beyond the firewall. Application server’s connectivity should be based on secure VPN. Firewall configuration should be with default rule to deny all other traffic. |
| Disclosed the VOIP server, and device information such as Polycom People+Content IP | Attacker may target the VoIP related caller spoofing attacks. | Client Y should ensure the VoIP server is located beyond the firewall. Application server’s connectivity should be based on secure VPN. Firewall configuration should be with default rule to deny all other traffic. |
Mitigation of these vulnerabilities will help in further enhancing the security of the organization’s public network systems. Elegant not only provides the reports for vulnerabilities identified but also spends time closely with clients to make them understand what the issues were and provides the solutions for the findings. We understand that Information Security is a key concern for Client Y due to the inherent nature of its business. So we have recommended solution based on the best practise and same process to be re-performed periodically to assess the effectiveness of implemented security controls or risk exposure due to new vulnerability.
Client A is one of the largest insurance company offering instant online Car, Home, Life, Health, and Travel insurance, Personal loans, Lifetime Mortgage, Mortgage protection and Investment product. Company has invested heavily in the ICT to enhance the business process and to manage the business effectively. This ICT has also come with inherent risk of Internal and external malicious attacks.As a part of the Vulnerability Assessment of the internal network, Client A engaged Elegant to perform the VA on its internal IT infrastructure. Based on the agreed scope and objective of the engagement, following activities were performed. Identification of the vulnerabilities related to client A’s internal networks; Prioritization of the vulnerabilities depending upon the risk exposure; and development of recommendations to mitigate the vulnerabilities
| Vulnerabilities | Risk | Suggested Corrective-action |
|---|---|---|
| It was possible to log into the remote Cisco device | The remote Cisco router has a default password set. This allows an attacker to get lot information about the network, and possibly to shut it down if the 'enable' password is not set either or is also a default password. | Client A should ensure that the servers / network devices are hardened before bringing them into production environment. Access this device and set a password using 'enable secret'. The same has to be verified and authorized by an internal team |
| It is possible to access a network share | The remote has one or more Windows shares that can be accessed through the network with the given credentials. Depending on the share rights, it may allow an attacker to read/write confidential data | Client A should restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'. |
| The remote host seems to be infected by the Conficker worm | The remote host seems to be infected by the Conficker worm. This worm has several capabilities which allow an attacker to execute arbitrary code on the remote operating system. The remote host might also be attempting to propagate the worm to third party hosts | Client A should periodically verify that the anti-malware signatures are successfully applied to all the systems within the network and perform a full scan of the remote operating system. The failures should be treated as an incident and closed. |
| The remote web server is obsolete and no longer maintained by its vendor or provider | According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider. A lack of support implies that no new security patches are being released for it | Remove the service if it is no longer needed. Otherwise, Client A should periodically verify and always keep upgrading to current version or switch it to another server. |
Mitigation of these vulnerabilities will help in further enhancing the security of the organization’s public network systems. Elegant not only provides the reports for vulnerabilities identified but also spends time closely with clients to make them understand what the issues were and provides the solutions for the findings. We understand that Information Security is a key concern for Client A due to the inherent nature of its business. So we have recommended solution based on the best practise and same process to be re-performed periodically to assess the effectiveness of implemented security controls or risk exposure due to new vulnerability.
