Vulnerability Testing is part of the native data interrogation and harvesting within itControl Suite.
The Vulnerability Test:
• runs every 48 hours • consists of three levels of thorough checks and interrogation • provides results of full internal penetration testing that tells you exactly how a hacker or automated intruder can gain control of your workstations and or servers. The Results Will: • pinpoint the exact issues with the devices • instruct you how to fix the issue so that you are safe and secure • detail issues with setup and configuration that can create vulnerabilities • detail issues with installed software that can create vulnerabilities The Vulnerabilities Scan intelligence is updated daily to ensure that the system is always up-to-date with the latest detection capabilities, keeping you fully protected. The following is an outline of the three levels of interrogation and testing that is performed:
Level 1
First a port test is performed on all of the workstations and servers that will determine which ports are open on each system such as a web port, ftp port or imap port as examples. Level 2 The interrogation scanner logs into each port that is found in the level 1 scan and it uses a passive methodology to look at what is running behind the ports.
For example: if IE port 80 is open; which is discovered in the level 1 interrogation, the level 2 interrogation will discover that there is a web server running behind that port and it is using IIS5.0. Next, the system will test the known hacks against IIS5 and see if it can get into the computer. Level 3 The interrogation scanner now uses the username/password that you entered when you set up the box. The system will now authenticate against the device and it will determine what kind of configuration the computer has and what software is running. It will check every piece of software installed and it will alert you if any software is out-of-date, what security holes are in the software, and what actions or patches / fixes are required to fix it.
An example of how this all works is illustrated below: Level 1 - Example 1: A DNS server is running on this port. If you do not use it, disable it.A remote DNS server is vulnerable to Cache Snooping attacks.
Description: The remote DNS server answers to queries for third party domains which do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited. For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of the aforementioned financial institution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more... Level 1 - Example 2:
TCP Port 80: A web server is running on this port
Level 2 - Example 1:
It is possible to crash the remote host due to a flaw in the TCP/IP IPv6 stack
Description:
The remote host runs a version of Windows which has a flaw in its TCP/IP IPv6 stack. The flaw may allow an attacker to perform a denial of service attack against the remote host. To exploit this vulnerability, an attacker needs to send a specially crafted ICMP or TCP packet to the remote host. Solution:
Microsoft has released a set of patches for Windows XP and 2003 http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx Level 2 - Example 2:
The remote server is running VNC.
Description:
VNC permits a console to be displayed remotely. Solution:
Disable VNC access from the network by using a firewall, or stop the VNC service if not needed. Level 2 - Example 3:
A web server is running on the remote host. Description: This plug-in attempts to determine the type and the version of the remote web server. Risk factor: None Plug-in output: The remote web server type is:Microsoft-IIS/6.0
Level 3 - Example 1:
The remote host is using a vulnerable version of Sun Java Runtime Plug-in, an add-in to many web browser like Internet Explorer, to display java applets. Two security issues have been reported in the remote version of this product:
1 - An un-trusted applet may escalate its privileges in order to read, write or execute files on the remote system 2 - An un-trusted applet may interfere with trusted applets loaded on the same page Solution: Upgrade to JRE 1.4.2_06 or 1.3.1_13
Call Fortress at (760) 598-0763or Email: info@fortressmonitor.com for more information.
