Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Beyond Security

advertisement 
A
AU
UT
TO
OM
MA
AT
TE
ED
D II..T
T.. S
SE
EC
CU
UR
RIIT
TY
YA
AS
SS
SE
ES
SS
SM
ME
EN
NT
T
Are you confident that your company’s computer network is secure and not vulnerable
to unauthorised intrusions?
Beyond Security specializes in finding security holes in hosts and networks,
exposing vulnerabilities in the corporate network, and checking computer
systems for the possibility of hostile external attacks.
As our information systems become more complex and the demands for
uptime become more pressing, system administrators are overwhelmed with
the burden of keeping their systems in step with the business that they mean
to be supporting. System owners and administrators are looking for simple,
effective and timely feedback on the technical state of the security of their
systems.
Beyond Security has developed Automated Scanning - a vulnerability
assessment engine – this ASP based service offering is used to identify
technical vulnerabilities on the Network in a clear, easy to understand,
competitively priced & logical methodology.
The elements are as follows:
o Full suite solution – internal & external vulnerability assessment services - to
IT managers / CIO's:
Network security risk assessment – 'know what's broken before you can
fix it…?'
Network security management – better allocate resources to the
implementing of simple security solutions
Network Security supervision - were vulnerabilities fixed since last week?
Are my system administrators doing their work properly and on time?
o
o
Solutions must accommodate clients needs - and not vise versa
Capable of proper control and audit oversight
We help clients maximize network security by providing a complete risk
assessment SOLUTION using their available resources!
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
Remote (external) Automated Scanning Service
External vulnerability assessment is defined as the assessment of network
from an external network that is considered to be physically and politically
external to that of the network.
In reference to the Automated Scanning service offered by Beyond
Security, external is defined as the scanning of the network from its
scanning services located at Beyond Security’s premises. This scanning
occurs across the Internet allows viewing the security of the systems as seen
by potential external attackers.
As an added value, Beyond Security has the facility, through a secured mail
request feature to perform Vulnerability Assessment Scanning Services for
Internet exposed networks. The system will initiate a scan request, and the
remote Automated Scanning server will conduct the requested scans over the
Internet, giving clients a unique ‘hackers eye view’ of their Internet exposed
IP addresses. Typically the kinds of servers scanned are Web Servers, FTP
Servers, Mail Servers, Exchange Servers, SQL Servers and Internet exposed
Firewalls. Scans are not limited by operating system and the service includes
general security tests, along with specific tests for Windows 9x/NT/2000/XP,
UNIX, Novell, AS-400, Mainframe, etc. Among these tests are special firewall
and network router checks, application level tests, and more. Scan Reports
are sent in much the same way as internal network scan reports, and
vulnerabilities are updated to our server using the same secure-pull
mechanism, ensuring that resultant Vulnerability Assessment reports are
always up to date.
Deployed (internal) Automated Scanning Service
The threat of insiders to computer security and the subsequent financial
losses cannot be underestimated. A study by the FBI and the Computer
Security Institute found that insiders carried out 71% of security breaches.
Disgruntled employees may steal information and sell it to competitors, try to
bilk their employers, delete important files, destruct proprietary information,
insert malicious code, take servers offline or corrupt vital services.
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
A report by PricewaterhouseCoopers concluded that breaches of security are
now costing businesses a staggering 18 billion pounds every year. Indeed,
the news gets even worse with two out of every five of those surveyed
indicating that they suffered some form of an internal breach during the
calendar year 2001, a rise of almost one hundred percent on the previous
year's figures.
Beyond Security offers innovative Deployed Security Solution, which check
and expose vulnerabilities within the internal network of an organization.
Further to the constant vulnerability assessments of a LAN, the Deployed
Security solutions incorporate the important aspect of managing client’s
security policies on a constant basis using a powerful differential reporting
system. Beyond Security's innovative Deployed Security Solution is
defined as the assessment of a network from within – typically the
customer’s own network.
This Deployed Security Solution platform is designed so it could be especially
configured per every client’s unique security needs and desires. The solution
is very similar to the unique external Remote Automated Scanning service,
with the variation that the automated scan audits are performed from inside
the network or Intranet using an on-site dedicated appliance / server.
The Deployed Security Solution is performed by an Automated Scanning
appliance / server - which are configured and updated by Beyond Security.
The security audit results are sent directly to the network administrator / IT
manager / CIO, and the appliance / server does not have to be connected to
the Internet at all.
The appliance / server is updated daily or weekly according to the client’s
needs using a secure and automated “Pull” method from a central update
server. Updates will be digitally signed and will be checked by the server
automatically before installation. Update can be performed using a CD on a
weekly / monthly basis if no external connection to the Internet is available.
Differential Reporting Capabilities
Differential Reporting is a key security management tool in monitoring and
assessing changes in network vulnerabilities and policies, on an ongoing
basis.
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
The Automated Scanning solution correlates & consolidates the security
assessment results into the scan reports - These reports can be customised
as desired (e.g. into network scan reports or into a single host report).
Beyond Security’s differential reporting facility empowers clients to generate 3 levels of
reports:
1. A management report, identifying trends in the management of security
vulnerabilities and fixes;
2. A management report representing problems by age analysis, and
categorizing problems into high, medium and low risk; and
3. A technical report specifying the security holes that were revealed,
their severity (identified by high, medium and low risk) their location
and effect, and how to repair them. In addition, the report shows the
complete list of security tests that were performed.
Policy management and supervision as well as vulnerability audits are
conducted periodically. By assigning individual scans, security policies can be
enforced and supervised automatically - reduces security breaches
dramatically. Using the differential reports which includes a summary of all
vulnerabilities found on the network, and highlights differences from previous
scans (new holes discovered, security holes fixed) IT managers can really
manage and monitor the solution implementation procedure with very little
effort.
Vulnerability Assessment Capabilities
Automated Scanning does not break down the security testing into its
components, nor does it require any kind of software installation on remote
hosts/servers. Due to the advanced technology which supports our solution,
we are able to scan such items as databases or systems without the need for
additional agents or software installations on hosts/servers. Our solution is
therefore cost efficient and reliable. The following is a non-exhaustive list of
tests that we currently perform:
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
Sample test list:
1. Passwordless access to databases.
2. Brute forcing of passwords (Database, System, and Internet access,
via telnet, FTP, auth, VPN, etc).
3. Inadequate database configuration permissions.
4. Database vulnerabilities (SQL alterations, Overflows, Authentication
bypassing, MSSQL, MySQL, Oracle).
5. System vulnerabilities (DoSs, Vulnerable system services, etc).
6. Internet vulnerabilities (TCP/IP protocol, FTP, HTTP, DNS, Kerberos,
SSL, SSH, SMTP, SNMP, RPC, NFS, DoS, DDoS, SPAM relay).
7. Application vulnerabilities.
8. Web based applications vulnerabilities (Customer made applications,
Cross Site Scripting, SQL Injection checks, Price modification).
9. Backdoor, Trojan, and Virus detection (Detects both malicious code
infecting a remote server, and detects the vulnerabilities that allow
them to enter).
10.Username and Password retrieval (either from UNIX based machine or
from Windows based machines) and policy confirmation (testing for
password strength).
11.IDS evasion testing.
12.Registry attacks (Accessing, Information gathering, Password
revealing, Modem detection, etc).
13.Firewall security vulnerabilities (DoS, Bypassing, etc).
14.Router, Switch, Gateway based security vulnerabilities.
15.Printer security vulnerabilities (DoSs, Bounce attacks, etc).
16.Data storage vulnerabilities (StorageTek, Network Appliances, Hitachi,
etc).
Policy Enforcement Capabilities
Utilizing our scanning engine an administrator can enforce a security policy
on his network. A policy will usually consist of several security tests that
should be present on the network. Often security policies are present, but are
not adhered to and often such policies are not even present on the network.
Our solution allows for easier and thus improved management of security
policies, which in turn frees up resources, and unlocks true value in
Information Systems.
The following is a typical example of a security policy:
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
Policy type: FTP
Scan used:
1. FTP Service (Detection of the presence of the service).
2. FTP Guest Access (Checks whether access using the guest user is
possible).
3. FTP Anonymous Access (Checks whether accounts other than guest
are able to connect to the FTP service).
4. FTP Writeable Directory (Checks whether users that have access, as
detected above, are able to write on the remote FTP server).
5. FTP Service security vulnerabilities (Checks for different types of
security vulnerabilities that are caused by flawed FTP software).
When the FTP policy is used, each open port that is found will be tested for
each of the above plug-ins. If any of the above is found to be positive (i.e.
that the remote FTP service is running, even if it is not on its assigned port,
port TCP/21), a vulnerability will be reported. When this policy is executed on
a complete network, hosts that do not conform to the FTP policy can be
easily spotted. A differential scan (a scan that will reveal only changes in the
vulnerabilities found on the network from the last performed scan) of the
network can be even more effective when it is used in this case, since new
hosts or existing hosts that have suddenly stopped conforming to the policy
will show up on the report.
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
Summary
Automated Scanning by Beyond Security focuses on finding security holes
in hosts and networks, exposing vulnerabilities in the corporate network, and
checking computer systems for the possibility of hostile internal and external
attacks.
Key benefits of our solution
1. Automated Differential Reporting- our differential reports are fully
customizable to your needs. They will enable you to track
performances across your entire network easily and with minimal
effort;
2. Automated Scheduling of Scans– fully customizable to run scans, at
any time during any given time period without the need to monitor its
success or failure;
3. Minimal Staff Maintenance- no need to place an on-site person to
initiate or control the scan. Ease of use and the scheduling ability of
the solution, allow you to limit or better utilize staff in other IT
environments. In addition, our team of security experts may be
contacted, for all technical support;
4. Access to SecuriTeam - direct access to the human resources and
extensive knowledgebase backing of www.securiteam.com which is
today recognized, as one of the leading security portals in the world;
5. Uniquely Customizable Solution- our leading team of security
specialists will develop unique solutions for your particular
environment as and when required and where technically possible;
6. External Automated Scanning Service- Beyond Security enables you to
automatically schedule scans, performed by a secure remote server,
providing you with a “hackers eye view” of your exposed IP’s;
7. Automated Updates Service - up to 3 times daily ensuring that your
system is always protected from new vulnerabilities;
8. Automated Software Version Upgrades - as new features and utilities
are added to our advanced security engine, you will automatically,
through a secure “pull” update mechanism, receive these upgrades;
9. Free Telephonic and Electronic Support - our team of local and
international (www.securiteam.com) security specialists are available,
free of charge, to assist with technical support.
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
www.SecuriTeam.com - Leading Security Portal
The Beyond Security knowledge base is core to the success and continued
competitive advantage of our platform. www.securiteam.com is a leading
security web portal owned and managed by Beyond Security. Along with
Beyond Security’s internal R&D personnel, SecuriTeam works around the
clock, 365 days a year, building new exploits, testing new vulnerabilities and
developing new fixes, patches and workarounds to update the scanning
engine with. The knowledge contained within SecuriTeam is ploughed into
the automated scanners up to 3-times daily, ensuring that the system is
continually and transparently up to date, all the time. Currently the
SecuriTeam portal receives over one million unique impressions per month
from security professionals worldwide and contains over 6000 pages of linked
content, making it the second largest Internet based security portal in the
world
Technical IS
personnel
27%
security
consultants
16%
Other
24%
'white hat' hackers.
8%
webmasters
11%
network/communic
ation engineers
14%
*According to user definitions
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
Product Security Audit
Beyond Security specializes in finding security holes in hosts, networks and
products. The fact that we do not develop, sell, or endorse any security
solution allows us complete freedom when coming to find the weakest link in
any security solution.
Software bugs are an inherent attribute of software products, and releasing a
completely safe application is usually not a realistic goal. However,
performing an effective security audit can clear out most security bugs, and
provide an adequate level of assurance that the product is safe. We offer
three basic inspection packages when reviewing a certain product, which
vary primarily by the time invested in reviewing the product.
Basic audit
This is a relatively short review, which inspects the product according to its
design and basic functionality. This audit can point out potential security
holes, and location of dangerous functions. Source code is not reviewed in
this package. This test will locate, for example, potentially erroneous design
decisions (for example, checking for common security pitfalls).
Executable audit
This review tries to locate actual security holes by reviewing the actual
package. Although source code is usually consulted as well, programming
errors are not explicitly checked for. This test discovers typical security holes
that are surface deep. For example functions that may allow attackers to
execute malicious code on the machine, or a weak authentication
mechanism.
Source-Code level audit
This is the most thorough test. Here source code is inspected for potential
coding errors that might lead to future security holes (for example, functions
that act on user input without making sanity checks).
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
Beyond Security - Company Profile
Beyond Security started its operations in July 1998 as a security portal
called SecuriTeam. In Oct 1999 Beyond Security Ltd. was officially founded
with a clear vision of providing services to identify and uncover security holes
in hosts, networks and products.
Beyond Security began by providing security assessment services,
including manual penetration tests, product audits / code reviews and
network security testing.
In the beginning of 2000, Beyond Security unveiled an innovative
vulnerability assessment platform called Automated Scanning that
automatically performs security assessment services and Managed Security
Services (MSS) on periodic basis using advanced vulnerability scanning
technology.
Automated Scanning is sold via two subsidiaries in South Africa and Australia
as well as via resellers and distributors in 14 countries such as: Spain,
Portugal, Sweden, UK, France, Netherlands, Ukraine, Poland, Taiwan, Hong
Kong, and the United States.
Beyond Security currently has more than 2000 clients worldwide, serviced
by a network of value added resellers. These companies include fortune 500
companies, large financial institutions, governmental agencies, hi-tech
startup companies, e-commerce sites and even other security companies.
Beyond Security is committed to developing best of bread security
solutions and now employs 30 security professionals, most of which are R&D
personal with a main office in Israel, and has affiliations with leading security
firms globally.
Beyond Security
Tel + 972 – 9 – 8656850
Fax + 972 – 9 – 8656855
www.BeyondSecurity.com
8 Hamelacha st.
Sapir Industrial area
Netanya, Israel
www.AutomatedScanning.com
www.SecuriTeam.com
Related documents
10 General Security Rules
10 General Security Rules
Cisco – Automated Discovery of Memory Corruption Vulnerabilities
Cisco – Automated Discovery of Memory Corruption Vulnerabilities
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Reading online - practising skimming and scanning in a variety of
Reading online - practising skimming and scanning in a variety of
Brendan Innen Scan
Brendan Innen Scan
Internal Managed Security Service (MSS) Solution
Internal Managed Security Service (MSS) Solution
An extended misuse case notation
An extended misuse case notation
Download
advertisement