Transformational Minds

Pythagoras

Pythagoras

Pythagoras believed that mathematics was the root of all truth and the ultimate reality. Iamblicus, a later Pythagorean follower, quoted the master as saying “number is the ruler of forms and ideas and the cause of gods and demons.”

 

Numbers don’t lie. To understand and control your IT environment, you have to have measurable, accurate, reliable information.

Services
Security Support
  • Performance Management
  • Off hours monitoring and management
  • Firewall
  • Intrusion Detection
  • Intrusion Prevention
  • Network Access Control

IPsoft will undertake responsibility for comprehensive security provisioning. For IPsoft to deliver guaranteed security coverage, the customer environment needs to be secured at each security layer: the physical, network, system, application, datastore, and process components of the system.

Since each component has unique vulnerabilities, security will be viewed in layers. With a layered approach to security, it is important to understand that a system is only as secure as the weakest link. Each layer of security is dependent on the other layers. The absence of adequate controls in one layer of security can weaken the controls present in the other layers.

A brief synopsis of the responsibilities undertaken by IPsoft at each security layer is given below.

Risk Assessments

IPsoft will undertake on-going security assessment at each of the following five main security risks to the Customer's infrastructure. Exposures to these risks span across all security layers and should be mitigated within each layer:

  • Integrity-unauthorized changes to the data or programs
  • Availability-inability to access the system, application, or data
  • Intrusion-unauthorized access to the system, application, or data
  • Redirection-transfer of end-user to unintended location
  • Data Loss-irreversible deletion of data

IPsoft will assume off-hours responsibility to mitigate security risks in the above identified layers for Customer systems. The chart below presents the security risks and identifies at which layer the risk may occur.

Security Attacks Covered

The major attacks and vulnerabilities to the system discussed throughout the document are based on the information sensitivity and system criticality of the Customer system/application. The table below presents the attacks that are analyzed and their associated layer sensitivities.

The chart below maps each security attack to the potential risks to the Customer system's security.

Checks Performed

IPsoft deploys checks for continual security monitoring. These include the following. Only representative checks are included as there are over 1400 checks total.

Summary of Service Checks Performed
Application
Vulnerability Check
Apache Web Server
Server Info
SQL Authorization
Batch Executables
Chunked Encoding
Exposed Directory Listings
Exposed ASP Source
SSL Overflow
BIND Domain Name Service Daemon
Server Info
Version Query
ZXFR Vulnerability
iQuery Vulnerability
Cisco Router Exploits
AIRONet Denial of Service
Cisco 675 HTTP Denial of Service
Unauthenticated Login
GSR ACL Errors
HTTP Administrative Access
SSH Vulnerabilities
VOIP Denial of Service
Washington University FTPd
Anonymous FTP Available
WUFTPd Backdoor
Bounce Attacks
CWS Root
PASV Denial of Service
PASV On Connect
Stack Overflows
Root Access
Microsoft Internet Information Services (IIS)
Buffer Overflows
UTF8 Decode Bug
Fragmented Packet Disclosures
Directory Transversal Bug
Default.ida Authentication Bypass
MS Frontpage Denial of Service
IIS FTP Denial of Service
ISASP Overflow
Malformed Request Ignores Security Parameters
Various Perl Exploits
Default Scripts Left Available
Administrative Access Remotely Accessible
Oracle Enterprise Database Server
DAD Admin Open
Listener Accepts Unauthenticated Requests
Java Process Manager Buffer Overflow
Java Server Pages Source Visible
PLSQL Buffer Overflow
MOD_PLSQL (Apache/Oracle) Directory Transversal Unauthenticated
Web Admin Server Allows Unauthenticated Access
MySQL Database
Invalid Password
Server Information
No Password
Unrestricted Root Access
OpenSSH Secure Shell Daemon
Channel Open
Server Information
Uses Login Environment
Buffer Overflows
AFS Vulnerabilities
CRC32 Validation Error
Kerberos Validation Error
PHP Web Scripting Language
Server Information
IMAP Overflow
Safe Mode Enabled
Qualcomm POP-3 Mail Daemon QPopper
Server Information
Buffer Overflow Leads to Remote Administrative Access
EUIDL Enabled Allowing Excessive System Information to Unauthenticated Users
Denial of Service
SNMP
Server Information
Default Communities Enabled
Denial of Service Attack
IFaces Enabled
LANMAN Services Vulnerability
Oversized Length Field
Xdmid Enabled

 

Security Administration

IPsoft will 24x7 monitor the security of the server and apply system and network corrections to mitigate breaches. In the event of security attack detection, IPsoft will expeditiously place filters and/or patches to insulate the server from the attack. Routine services required to configure a secure eCommerce environment would include the following.

Summary of System Security Management Services
  • CERT Advisories Compliance. Incorporation of CERT on-going advisories.
  • Syncing up OS with Solaris mirror of patches maintained nightly.
  • Tripwiring the servers and kernel file change controls logging.
  • Export vulnerabilities detection.
  • TCPwrapping the incoming network connections.
  • Routine Security Scans and Remediation
  • SSH Encrypted Data Channels
  • Automated Account and Passwords Scans
  • Monitoring and pruning Inetd services.
  • Sendmail upgrades/patches to prevent SPAM attacks.

IPsoft will inform Customer about security events affecting the Customer. Information and advisories regarding generic security problems issued by CERT will be regularly reviewed and distributed to the customer (if applicable to the customer) by IPsoft Operations staff. Customers may designate a list of up to five security contacts who will be authorized to request site disconnection or reconnection as necessary.

Security Audit

IPsoft will conduct periodic audit for Customer system and network security. This would include:

Summary of Security Auditing Services
  • Establishing Organizational Security and Security Policy.
  • Audit of eavesdropping, spoofing, sniffing, Trojan horses, viruses and other security hazards.
  • Auditing with Security Third-party software packages.
  • Shielding assets using encryption, digital signatures (PGP/MD5).
  • Avoidance of Denial-of-service attacks, smart MUAs and anti-virus tools deployment.
  • Firewall Evaluations.
  • System and Network Security Improvements Recommendations.
Intrusion Detection

IPsoft will configure and intelligently monitor Customer's chosen intrusion detection system (IDS), Internet Security Scanner.

Summary of Intrusion Detection Services
  • Keep application up to date as new vulnerabilities are exposed.
  • Configure application to eliminate false positives.
  • Analyze reports to determine extent of threat.
  • Respond to threats in real time by blocking (blackholing) attackers' packets at the firewall.
  • Follow-up with attackers' internet service providers as necessary to ensure security of Customer's networks.
Penetration Testing

As a follow-up to the system security audits, IPsoft will perform penetration testing from privileged accounts, unprivileged accounts, and the internet at large.

Summary of Penetration Testing Services
  • Scan firewall for open ports.
  • Scan individual machines for vulnerabilities.
  • Utilize a wide range of both published and unpublished exploits against system services to gain administrative access.
  • Exploit "bad" passwords to gain administrative access.
  • Produce a map of the internal network from outside the firewall.
Firewall Deployment and Maintenance

IPsoft will analyze the security of Internet and Intranet firewalls being utilized for securing access to Customer.

Summary of Firewall Deployment and Maintenance Services
  • Checkpoint/PIX Firewalls at the Customer Datacenter.
  • Study of the configuration of Firewall, including: examination of risks of dynamic content, passing encrypted traffic (such as SSL), configuring SMTP support, handling multiconnection services, managing normal-mode/safe (passive mode) FTPs, content filtering and screening content for viruses.
  • Securing External Services, including: siting external servers on perimeter net, deploying packet filtering, managing router access control lists.
  • Examination of NAT for static and dynamic translation.
  • Studying DNS for Customer firewall architecture.
  • Analysis of firewall configuration for remote access: encryption with SSL, SSH or IPsec, deploying strong authentication, firewall-to-firewall tunneling, and exploiting VPNs.
  • Logging and auditing firewall, interpreting log output and detection of intruders.
Securing Customer Web Commerce

IPsoft will implement and maintain web security measures to guarantee the security and integrity of Customer.

Summary of Web Commerce Security Services
  • Securing Web Commerce: securing cookies, protection from vulnerabilities in Java, Javascript, VBScript, ActiveX, and other hostile applets and viruses.
  • Web Server Security Implementation: Supported Servers include IIS, Netscape iPlanet and Apache. Implementation of host/IP address based restrictions, audit trails and limiting CGI script invocations
  • Securing Web communications with SSL: Public key and private key encryption, storing and distributing keys, message digests.
  • Management of Certificates (CA) to prevent eavesdropping with public key encryption. X509 v3 and up supported.
  • Credit-card securing includes support for Verisign and other third party authenticators.