If a penetration test is the first time you’ve considered the security of your new IT project, you’re doing it very wrong. Much of any project’s security effort should be in the early stages, from risk assessing to agreeing with your developers, either in-house or external, just what security measures are being implemented, and validated.. Security, just like any other metric, needs to be objectified, quantified, and agreed upon before development begins. And this leads us to a very common oversight so beautifully documented in ISO27001; Security requirements in third party contracts.
Sec Tec Blog
The end of November saw some minor updates to the official PSN Health Check (ITHC) supporting guidance. This was a minor makeover consisting of clarification on the need for scanning for outdated third party applications. This is normally performed using an authenticated vulnerability scan, which uses either client supplied credentials, or credentials obtained via exploitation and privilege escalation, to read files and registry entries on devices, and comparing installed and configured software against a database of known outdated and vulnerable applications.
We’ve received a few messages following on from our previous penetration testing tool articles, asking about the best penetration testing tools for WiFi assessments, so let’s take a look. Firstly, what are the potential security issues with WiFi?
All vulnerabilities are not equal. They certainly aren’t all exploitable. In fact, the majority of vulnerabilities do not have trivially available exploits. This can be for a number of reasons: There may be insufficient information in the public domain to exploit the vulnerability, the vulnerability may require prior authentication, or other existing controls such as Data Execution Prevention render the attack improbable.
A backdoor account has been found in Netscreen ScreenOS versions 6.2.0r15 to 6.2.0r18 and 6.3.0r12 to 6.3.0r20. The backdoor account, which can be accessed with any valid username and the password: <<< %s(un='%s') = %u via a Telnet or SSH session to the device (rule-set permitting), provides the attacker with a privileged shell. In addition to the backdoor, an issue exists in the VPN implementation that leaves encrypted traffic prone to sniffing. Details regarding the source of these issues are yet to be released but speculation is rife.
In the first of this series, we looked at the absolute basic penetration testing tools that make up the foundation of any competent arsenal. In this part, we are going to look at some of the newer and more sophisticated tools that are available.
It’s difficult to look at the world of corporate information security compliance, and not question if it’s done more harm than good. We live in a world where large-scale information security breaches are an almost weekly occurrence, but many of these organisations were “ticking the box” from the point of corporate compliance already. And here in lies the problem: Compliance is the bare legal minimum requirement, it is not the goal. Sadly, in this world of increasing corporate competition, ever-leaner margins and shareholder pressure, that’s often where security efforts cease.
A vulnerability scan doth not a penetration test make. OK, we’ve all felt the disappointment of reading a rebadged Nessus scan dressed up as a full-blown penetration test in the past, but it’s simply not the same thing, and simply isn’t meant to be.
It’s a very easy trap to fall into: You’ve been looking at the technical risks and controls for your next IT project; You’ve implemented Web Application Firewalls, have the latest Intrusion Detection System, created a rigid patching policy, had your code audited, and your 12 trillion bit digital certificate is on order. Then, just as you tick the final control on your list, you realise that all of your security controls are preventative.
So what is information security anyway?
There are as many answers to the above question as there are organisations with something to protect. When we talk to perspective clients about information security, all too often, we need to understand what their perception of the term even means. We hear everything from “not being hacked” to “keeping all our data private”. The good news is that information security can broadly be broken down into three major components - CIA: