When, how and why a hacker should be used for a security audit

posted onOctober 19, 2001
by hitbsecnews

Source: Security News Portal - SNPortal

As businesses continue putting their infrastructure jewels online via Web-enabled e-commerce sites, the importance of security and privacy becomes increasingly critical. A crucial way of addressing this need to protect the company Web site is to conduct a security vulnerability assessment (SVA)--a security audit or ethical penetration test, as an SVA is also known.

Your infrastructure requires seamless information access so that you can deliver the level of service that your customers have grown to expect. Dealing with security vulnerabilities on your Web site and your internal networks is not an option. You want to deliver services without worrying if the systems you or your customers are using are vulnerable to wily hackers....

How an SVA works

If an outside consultancy is performing a network SVA, they'll ask your CIO to sign a
form which entitles them to do one. You can have this document reviewed by your legal
counsel, and be sure there is a section that proclaims the audit results to be as
confidential as possible. You don't want your audit report showing up as market data on a
Web site without your prior consent.

Prepare yourself by bringing all your security processes, procedures, and network maps
to the audit interview. Expect the audit interviewer to ask to keep these copies and not
return them. It is appropriate for at least one senior member of the management team, and
one person knowledgeable about security and network technology to attend such a session.
After the in-person audit interview is complete, they will want to schedule up to a week's
time to perform the penetration test on all your networks, and possibly longer depending
upon the size of your network infrastructure. If they are clever, they will poke at both
the TCP and UDP ports. Less clever auditors, and sometimes very well-known technology
organizations, have been known to neglect the UDP ports. A knowledgeable security engineer
viewing the logs on your corporate firewall can ascertain which ports are being prodded.

If you are having the audit done for a potential acquisition inspection, make sure that
you find an auditor that will check UDP, as well as TCP ports. A best-of-breed SVA usually
starts out by doing some data gathering, and looking for reconnaissance information. Some
of the kinds of data the auditor will look for are such things as trying to retrieve your
routing table, trying to see if they can obtain ICMP netmasks, looking for IRC servers,
looking for SSH configuration information, and looking for password files. Other kinds of
things they will try will be checking for include an assortment of vulnerabilities
associated with file transfer protocols, hardware peripherals, hacker Trojans and
backdoors, SMTP and messaging problems, network file system vulnerabilities, Web site and
CGI holes. Checking for denial of service attacks, Intrusion Detection System
functionality, and UDP ports is something that sets the premiere auditors apart from the
rest.

The Report

Make sure you receive a copy of the report, and make sure it lists the risks in order
of their severity. It will then be possible for you to systematically correct the network
weaknesses that expose your information technology infrastructure--and your customers'--to
a multitude of threats and attacks. Ask for all related diagrams and network maps
associated with your vulnerability report. The report should summarize, in ranked order,
the potential threats, as well as the recommended action to take to reconcile the
vulnerability. Your team can then work on reconciling as many of the vulnerabilities as
possible and then determine what they are unable to resolve. In the end, you can decide if
it makes sense for to hire an outside consultancy to resolve the final outstanding issues.

A SVA demonstrates your management's due diligence to assure site availability, data
integrity, and information protection for your organization and your customers. It does
not, however, guarantee that your site cannot be successfully attacked or compromised. The
report does give you a profile of what your security posture looks like at a given
snapshot in time. This profile can be used as a guide for tracing historical unsavory
network activity as well as to secure weak links in your network and system infrastructure
helping you mitigate the risk of future system and network compromises.

Andrew McMillin, formerly of Lockheed Martin Missile Guidance Systems, has established his own practice for doing remote penetration testing of servers connected to the Internet. Using an exclusive remote testing program, specially developed by Andrew and which is pending a patent, he is able to detect hundreds of potential vulnerabilities that may leave clients exposed to hacker exploits. For more information regarding the services that McMillin can provide visit www.EmpathyWarez.net

Click here to continue reading this article at ZDNet.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs