Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

INFORMATION SYSTEMS SECURITY ASSESSMENT

advertisement 
Running head: Final Report
1
Final Report
Brandon Ebert
University of Advancing Technology
NTS465
Greg Miles
December 21, 2014
Final Report
2
INFORMATION SYSTEMS SECURITY ASSESSMENT
OF
Customer Service Organization Scottsdale Arizona
December 2014
PREPARED BY: Brandon Ebert
ACME ASSESSMENT PROVIDERS
EVERYWHERE ST, USA 12345
THE INFORMATION CONTAINED IN THIS REPORT WAS DERIVED FROM
PROPRIETARY DATA PROVIDED BY (ORGANIZATION NAME)
Final Report
3
EXECUTIVE SUMMARY
The Customer Service Organization (CSO) provides customer support to many
government organization, and the deal with many different scenarios in how the support
these government entities. There are approximately thirty employees within the CSO with
ranging skills from IT, business management, configuration management, to a basic tier 1
support. Within the CSO, there are many customers that have specific requirements for
their program and Rescue21 is no different, this program requires an isolated support
system that is not intermingled between the many different programs that the CSO
supports.
This assessment was done as a request from the Coast Guard to identify the security
posture of the CSO and it systems to support the Coast Guard mission and to identify the
Rescue21 system security posture as a whole. This assessment was performed from
December 8th until December 21st 2014. The methodology used during this assessment
was a combination of the Infosec Assessment Model and the Infosec Evaluation Model
and it was used to review processes, procedures, documentation, and the evaluation of
technical controls that are in place to maintain a good level of confidentiality, integrity,
and availability of the system. All recommendations to improve security are just that
recommendations and all need to be analyzed within the organization to determine what
meets the needs of the organization.
The CSO maintains the command and control of the Rescue21 program and with that
have the ability to monitor systems, maintain configurations, provide technical support,
and resolve critical issues as they arise. Along with the day to day the CSO provides
security services to the Rescue21 system that include system policies, procedures,
patching, malware protection, vulnerability scanning, and auditing.
The major finding that were identified within the assessment were that backup media is
not tested as part of a formal procedure, Audit logs are not formally reived in a security
context and are not used to detect suspicious or unusual activity, and media containing
personally identifiable information is not sanitized prior to release to offsite repair
facilities
During the assessment, there were many people within your organization that assisted
with this assessment and without their assistants throughout the process. This assessment
would not have been successful. Below is my name and contact information in case you
require any follow-up questions
Brandon Ebert 480-322-8621
Final Report
4
Table of Contents
1.
INTRODUCTION ............................................................................................................................. 5
1.1.
Purpose.......................................................................................................................................... 5
1.2.
Scope............................................................................................................................................. 5
1.3.
Methodology ................................................................................................................................. 5
2.
SYSTEM DESCRIPTION ................................................................................................................ 6
2.1.
Information Types ......................................................................................................................... 6
2.2.
Impact definitions.......................................................................................................................... 7
2.3.
Criticality matrix ........................................................................................................................... 7
2.4.
System Information ....................................................................................................................... 8
3.
INFOSEC ANALYSIS .................................................................................................................... 10
3.1.
Backup Media ............................................................................................................................. 10
3.2.
Audit logs .................................................................................................................................... 10
3.3.
Media Containing PII .................................................................................................................. 10
3.4.
Heartbleed ................................................................................................................................... 11
3.5.
Shellshock ................................................................................................................................... 11
3.6.
POODLE ..................................................................................................................................... 11
4.
Conclusion ....................................................................................................................................... 12
Appendix A .............................................................................................................................................. 13
A.1 Detailed Network Information ........................................................................................................... 13
Appendix B ............................................................................................................................................... 15
B.1 Vulnerability Scans ............................................................................................................................ 15
Details ....................................................................................................................................................... 15
Final Report
5
1. INTRODUCTION
1.1. Purpose
The purpose of this security assessment is to assess the security posture of the
Customer Service Organization and to show where their vulnerabilities are and to
provide recommendations on how to mitigate vulnerabilities identified within the
systems.
The Customer Service organization is a holistic support organization that provides
system support and maintenance for several organizations, which include
Resuce21, Iridium, and many other types of produces. Their mission is to provide
to their customers a level of support that the end-users can depend on and know
that their systems will continue to function and provide the 9.995 system uptime
that is required by these mission critical systems. There are currently thirty +
people that work within the CSO and provide different levels of support and
skills. The US Government is the main customer of the CSO mainly the
Department of Defense and the Department of Homeland Security.
1.2.
Scope
This assessment was performed in order to identify the current security posture
within the CSO and the Rescue 21 systems in order to identify a starting point to
start prioritizing and resolving CAT I, CAT II, and CATIII vulnerabilities that are
identified within this assessment to overall increase the security posture of the
Rescue21 system. This assessment was performed over the past month starting on
December 8th and finalized on December 21st 2014.
1.3.
Methodology
This assessment utilized the IAM and IEM and used documentation of policies,
procedures, interviews, and scans in order to identify vulnerabilities within the
system.
Final Report
6
2. SYSTEM DESCRIPTION
The System Support and Maintenance (SS&M) organization is a comprehensive
support and maintenance organization that supports the Coast Guard Search and Rescue
operations called Rescue21. SS&M organization monitors systems for outages, provided
repair and replacement of equipment, disaster recovery operations, quarterly deployments,
physical and information security, change management, and access control.
The mission of the SS&M organization is to provide continuous support to the
Rescue 21 system and its users. This support is necessary in order to maintain the
availability of .995 to the Rescue 21 systems, and in order for the Coast Guard to
continue to provide search and rescues operations that save lives and property, law
enforcement capabilities and maintain the general order of America’s waterways.
This organization is contains a support staff of over one hundred and fifty
individuals that range from Network Operations support to configuration management.
This organization maintains over 38 regions across the coastal areas within the United
States, Hawaii, Guam, and Porto Rico. Each region maintains one primary Sector and at
minimum of three Remote facilities and stations and up to eighteen remote facilities and
stations. These systems are used to provide the 911 systems for the Coast Guard and to
monitor communications up to twenty nautical miles or more out to sea across the United
States. The system is made up of Windows 2008R2 and Windows 7 along with other
hardware devices to include radios, and miscellaneous network devices.
The type of information that is contained within the Rescue 21 system and within
the SS&M organization include documentation like, construction drawings,
interconnections drawings, parts lists, site contact information. Other types of information
would be Communication audio that is transmitted and received across the United Stated,
these coms would be protected (encrypted) and unprotected (unencrypted). These audio
files contain search and rescue cases, Coast Guard mission audio, and normal boater
traffic that are produced on a day-to-day basis. Administrative information is also
contained within the system this would include Personally Identifiable Information (PII)
from boater distress communications that is has been deemed sensitive in nature.
Support information would be data that is collected in order to prove the availability
of the system that is generated by the Fault Detection Fault Location (FDFL) system. This
is used to generate alerts and tickets for outages greater than or equal to two minutes in
order for the SS&M team to timely react to outages and system failures. This information
is stored for further root cause analysis of systems or process failures and to provide
continuous improvement across the board.
2.1.
Information Types
1. System User information
2. Fault Detection Fault location Data
3. Ticketing information
a. Customer Information
4. Knowledge base articles
Final Report
7
5. Configuration Documentation
6. Customer Site information
7. Customer Audio
a. Encrypted COMMS
b. Unencrypted COMMS
8. Digital Selective Calling Data
a. Marine Information for Safety and Law Enforcement (MISLE)
2.2.
Impact definitions
1.1.1. High:
Loss of life, Proliferation of mission sensitive data (SBU), Proliferation of
Personally Identifiable Information (PII), Loss of mission sensitive data, Theft of
customer systems, Sector outage >30 min, Site outage >1 hour, Channel 16 outage >1
hour , Loss of Fault Detection Fault location data > 2 hours
1.1.2. Medium:
Degradation of organizations reputation, Fines due to non-compliance
with DOD mandates, Sector Outage < 30 min, Site Outage < 1 hour, Channel 16
outage < 1 hour Loss of Fault Detection Fault location data < 2 hours, Inability to
meet availability requirements for customer .995 complete system uptime, .998 for
mission critical systems, Proliferation of non-mission critical information
1.1.3. Low:
Delay in access to mission data, Delay in access to Fault Detection Fault
location data, Delay in access to site information
2.3.
Criticality matrix
System Type
System User Information
Fault Detection Fault
location Data
Ticketing information
Customer Information
Knowledge base articles
Configuration
Documentation
Customer Site information
Customer Audio
Encrypted COMMS
Unencrypted COMMS
Digital Selective Calling
Data
MISLE
Confidentiality Integrity
Medium
Medium
Availability
Low
Low
Medium
High
Medium
High
Low
Medium
Medium
Medium
Low
Low
Low
Medium
Medium
Low
Low
Medium
High
Medium
Medium
Medium
High
Medium
Medium
High
High
High
Medium
High
High
High
High
Medium
Final Report
2.4.
8
System Information
1.1.4. HARDWARE PLATFORMS
1. IBM 3650 2U Rack Mounted Server
a. Quantity 36
2. IBM 3550 1U Rack Mounted Servers
a. Quantity 310
3. HP Z420 Workstations
a. Quantity 290
4. Vanguard V24 gateways
a. Quantity 360
5. Moxa Asyc Gateways
a. Quantity 360
6. Motorola Quantar Radio/DIU
a. Quantity 1000
7. UA101 Analog – Digital audio converters
a. Quantity 800
8. Cisco 3848 routers
a. Quantity 380
9. Triplite UPS 2200
10. Cisco 3550 Switches
a. Quantity 650
11. IBM Intrusion Preventions Systems
a. Quantity 3
12. Cisco ASA 550 Firewalls
a. Quantity 5
13. Juniper SSG 140 Firewalls
a. Quantity 10
1.1.5. SOFTWARE
1. Microsoft Windows 2008 R2 Enterprise Edition
2. Microsoft Windows 2008 R2 Standard Edition
3. Microsoft Windows 7 Professional
4. Microsoft SQL
5. Symantec Altiris
6. Hirsch Velocity
7. Computer Associates Spectrum
8. McAfee EPo Host Base Security System (HBSS)
9. Microsoft IIS
10. Wireshark
1.1.6. USERS
Final Report
9
1. Domain Administrators 5
2. Administrative Users 17
3. Standard Users 3000
1.1.7. NETWORK CIRCUITS
All Cirucits are private T-1’s that do not have access to the internet directly
1. Redundant D3’s
2. T-1 (Regional Access to RFF’s, Stations, and SCC’s)
3. VSAT (Redundant connections for RFF’s
4. Modem Out of band management interfaces on each of the Routers
that have a dial in capabilities to manage routers and power associated
with these routers.
1.1.8. PORTS UTILIZED
1. TCP: 21, 23, 22, 80, 443, 445, 700-800, 1443
2. UDP: 123, 160-161
1.1.9. FIREWALLS
Currently the system maintains three different types of firewalls hardware,
application, and software. The hardware and software firewalls are utilized
to insulate the DMZ between the USCG network and the CSO internal
network. Where the software firewalls are located on each of the windows
devices as a host based firewall and each has been tuned to the specific needs
of the device.
Final Report
10
3. INFOSEC ANALYSIS
The INFOSEC Analysis includes all of the findings from the assessment. Each
finding has a corresponding discussion, describing more details about the vulnerability
the finding represents, and recommendation, presenting mitigation mechanisms or
procedures.
3.1. Backup Media
1. Finding: Backup media is not tested as a matter of formal procedure to
ensure integrity and availability during a contingency event.
2. Discussion: This vulnerability affects the integrity and availability of the
system due to if there is not a verified good backup during a catastrophic
event there will be no feasible way to restore data that may have been lost.
The failure to have a good backup will increase outage times and possibly not
having reliable data to restore.
3. Recommendation: Document when, where, who and what type of backup is
to be performed and part of that procedure there should be a policy in place to
execute a procedure to validate file integrity of backups. It is recommended
that a sample backups be performed each quarter to verify the files can be
restored and data is accurate and meets the needs of the organization.
3.2. Audit logs
1. Finding: Auditing logs are not formally reviewed in a security context and
are not used to detect suspicious or unusual activities.
2. Discussion: This finding affects the confidentiality, integrity, and availability
of the system. By not reviewing event logs for new accounts, user logon
failures, privilege escalation, etc… there is the potential for unauthorized
access into critical systems. Those unauthorized access can lead to data
corruption, loss of confidentiality of the data, and loss of availability if the
unauthorized user decides to take systems offline.
3. Recommendation: Develop log-auditing policy that can allow a user to
reasonably detect unusual system behavior that can be deemed a threat. In
order to detect unusual behavior there is a need for more than a automated
detection system logs need to be analyzed and filtered in order to begin to
identify suspicious and abnormal activities.
3.3. Media Containing PII
1. Finding: Media containing PII is not sanitized prior to release to offsite
repair facilities
2. Discussion: Media that contains Personally identifiable information could
lead to compromise of the users identity, and the trust of the system users to
have their information being handled correctly that affect the confidentiality
of the system
Final Report
11
3. Recommendation: Develop a procedure that meets the Department of
Homeland Security requirements that are identified within the DHS4300 and
the Sensitive but Unclassified Systems Handbook in order to identify PII and
to have media sanitized by either removing hard drives or having all data
wiped prior to release for reuse or offsite repairs.
3.4. Heartbleed
1. Finding: Use of OpenSSL Versions 1.0.1 detected
2. Discussion: This vulnerability is nicknamed Heartbleed and it allows a
person that has specially crafted packets to be-able to decrypt SSL Packets
and be able to read encrypted data.
3. Recommendation: The recommended fix for this vulnerability would be to
upgrade all affected systems to versions of OpenSSl 1.0.1g and above. Refer
to vendor website for particular fixes for specific devices.
3.5. Shellshock
1. Finding: Use of Bash 4.3 detected
2. Discussion: This vulnerability is within Bash 4.3 and it allows a person that
has crafted particular packets that enable their ability to elevate their
privileges using the forceCommand that is common in OpenSHH, mod-cgi
with in Apache. This vulnerability has been nicknamed shellshock for its
attack against the BASH shell that is common in Linux, UNIX and other
operating systems
3. Recommendation: The fix is different depending on the device that the
vulnerability is found. Refer to the vendor website for the specific fixes for a
particular device. With Linux, there are several different approaches that can
be taken to mitigate the vulnerability one would be to add firewall rules to
look for specific signatures and to drop any packet that would match this
signature; another would be make changes to mod_security to deny particular
attempts to utilize this vulnerability.
3.6. POODLE
1. Finding: The ability to use SSL 3.0 has been detected
2. Discussion: This vulnerability is again within OpenSSL and was recently
discovered by a google team. The nickname for this vulnerabilities nickname
is POODLE and stands for “Padding Oracle On Downgraded Legacy
Encryption. This attack allows attackers to introduce a man-in-the-middle
attack by forcing a client server connection to utilize SSL 3.0, which has
known vulnerabilities to allow for Man in the middle attacks.
3. Recommendation: fixes it to not allow the SSL 3.0 connections and only
allow for https connections using the newer encryption protocol TLS on the
client browser and on the server side web service. Other mitigation for device
specific fixes refer to the vendor website for recommended fixes for that
particular device.
Final Report
12
4. Conclusion
Overall the security posture of the organization is good with the few issues
identified this organization is well on its way to having well-rounded security in place
that address not only the technical aspects of security but also the security that deals with
Management and Operations within the organization. Documentation that deals with
policies procedures, baselines and standards are highly developed within the organization
however there is a need to address how to handle new identify or zero day vulnerabilities
a how to deal with these vulnerabilities arise.
The implementation of security within an organization is not something that
usually is gone into lightly and can be quite costly to implement security controls within
an organization. These security controls however will save the organization money by
preventing breaches within your security poster or diminishing the effects. Money that is
saved by, reducing costly outages due to a breach, loss of revenue due to loss of customer
trust. This can also save money in protecting company trade secrets that if obtained by
outsiders can cause the loss of an edge that allowed your organization to obtain the
majority of the market shares.
The recommendations within this document are not requirements and all need to
be vetted within by the organizations management to identify that the recommendation fit
within the organization’s needs.
If there are any concerns or questions regarding this report I can be reached by
email at brandon125@gmail.com or by phone at 480-322-8621
Final Report
13
Appendix A
A.1 Detailed Network Information
Subnet Information
Six separate subnets will be evaluated during this assessment:
1. 10.99.248.0/24
2. 10.134.35.0/25
3. 10.134.36.0/26
4. 10.134.36.65/27
5. 10.134.36.96/27
6. 10.134.36.129/27
High level Router Configuration
H2026
Customer Service Organization
LAN Switch
CCC Switch
H1181
LAN Switch
CGOneNet T-3
Software Deployment
Switch
Fiber
CGOneNet T-3
Redundant DS3's using HSRP
HDC Router
RDC Router
Connection to CCC equipment CG
supplied subnet
10.99.248.0/24
Eth to Fiber
converter
3945
Ethernet
GI0/0
LAN Switch
HDC Switch
Hayden
Data Center
Coast Guard
Router H1812
Roosevelt Data Center
Coast Guard Router
R3108
Eth to Fiber
converter
Fiber connecting two building
Ethernet
3845
GI0/0
LAN Switch
GI1/0/1
GI1/0/1
RDC Switch
Ethernet
Main Test (PBL)
CCC Workstation & Switch H2036
New Connection to PBL Via VLAN
using existing infrastructure located in
H1181
LAN Switch
Fiber
GI1/0/1
PBL CCC Router 1921
Cat V or Cat VI cable
GI0/0
GI0/1
H1181
LAN Switch
/25 Address Allocation (128 Addresses)
PBL STN Router 1921
/29 Address Allocation (8 Addresses) for router to switch to router link
/30 Address Allocation (4 Addresses) for router to router link
S0/0/0
GI0/0
LAN Switch
PBL SCC Router 2911
< PBL multic
ast >
/27 Address Allocation (32 Addresses)
PBL RFF 1 Router 1921
S0/1/0
2911
GI0/1
< PBL multicast >
S0/2/0
S0/0/0
GI0/0
S0/3/0
LAN Switch
< PBL multica
GI0/0
LAN Switch
/27 Address Allocation (32 Addresses)
st >
/26 Address Allocation (64 Addresses)
PBL RFF 2 Router 1921
S0/0/0
GI0/0
LAN Switch
SCC
PBL
/27 Address Allocation (32 Addresses)
Customer Service Organization Configuration
Final Report
14
L4
Roosevelt Data Center
Facility
Power
DHS 1-Net
IT Switching Center
H2026 2
L2
Customer Care Center (H2036)
Printer
OPR01-10,12-13
11
IT Switching Center
H1181 2
H1149c
1
2
5
RDC_RTR-RDC_SW
CCC
Switch
Fractional
T3
Software
Deployment
Switch
to OPR03-01
RDC Router
CNSL_SW
RDC_RTR-HDC_RTR
OPR11
UPS
(Controller + 3 Batteries)
RDC Switch
SWLAB_SW
RDC_SW-HDC_SW
HDC_KVM
5
HDC_RTR-HDC_SW
10
2
Production Base Line H1181
See PBL Sheet 3
HDC Router
HDC Switch
Hayden Data Center
H1812
10
DHS 1-Net
Fractional
T3
Sheet 3
D8
FLT01
FLT01_NIC2
FLT01 NIC2
FLT01 IMM
Sheet 3
D4
FLT01B
FLT02_NIC2
FLT02 NIC2
FLT02 IMM
FWS
FWS NIC2
FWS_NIC2
FWS IMM
DM01
DM01 NIC2 DM01_NIC2
SEC01_NIC2
DM01 IMM
SEC01
SEC01 NIC2 SEC02_NIC2
SEC01 IMM
CFG01
CFG01 NIC2CFG01_NIC2
RESCUE 21 HDC POWER DISTRIBUTION
CFG01 IMM
DAT01
DAT01 NIC2 DAT01_NIC2
Equipment
Primary
Supplies
DAT01 IMM
DOM01
3
3
DOM01 RM
DOM02
Equipment
Secondary
Supplies
DOM02_NIC2
DOM02 NIC1
DOM02 RM
smp01
SMP NIC2
ALT01_NIC2
3
3
Rack W5 Power Strips
SMP IMM
Equipment
Secondary
Supplies
Rack W6 Power Strips
SQM NIC2
sqm01
SQM IMM
Equipment
Primary
Supplies
DOM01_NIC2
DOM01 NIC1
4
4
5
NS_FW1
FTP_NIC1
FTP
Rack W5 Pullizzi
Rack W6 Pullizzi
FTP_ILO
NSFW_PRT7
5
NSFW_PRT8
ITW01_NIC1
PDU 9
PDU 10
ITW01_ALOM
ITW02_NIC1
ASA 5505
ITW01B_ALOM
ASA 5505
ITW01
NS_FW2
NSFW2_PRT1
PROVENTIA
3
3
NSFW1_PRT1
DMZ SWITCH
SW_FW
GDC4S LAN
IT-DMZ Switch
ITW02
Redundant battery, generator and street power interfaces with
power switching, inversion, and control logic
Final Report
15
Appendix B
B.1 Vulnerability Scans
Critical
2
High
8
Medium
9
Low
2
Info
130
Details
Plugin Id
Name
78481
Oracle Java SE Multiple Vulnerabilities (October 2014 CPU)
78597
iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)
48762
MS KB2269637: Insecure Library Loading Could Allow Remote
Code Execution
55806
Adobe AIR Unsupported Version Detection
59915
MS KB2719662: Vulnerabilities in Gadgets Could Allow Remote
Code Execution
72983
Shockwave Player <= 12.0.9.149 Unspecified Memory Corruption
Vulnerabilities (APSB14-10)
78678
QuickTime < 7.7.6 Multiple Vulnerabilities (Windows)
79139
Adobe AIR <= 15.0.0.293 Multiple Vulnerabilities (APSB14-24)
12019
WILDTANGENT detection
63155
Microsoft Windows Unquoted Service Path Enumeration
66421
MS13-045: Vulnerability in Windows Essentials Could Allow
Information Disclosure (2813707)
76355
VMware vSphere Client Multiple Vulnerabilities (VMSA-20140006)
51192
SSL Certificate Cannot Be Trusted
57582
SSL Self-Signed Certificate
15901
SSL Certificate Expiry
45411
SSL Certificate with Wrong Hostname
57608
SMB Signing Required
78447
MS Security Advisory 3009008: Vulnerability in SSL 3.0 Could
Allow Information Disclosure (POODLE)
79251
Wireshark 1.10.x < 1.10.11 Multiple DoS Vulnerabilities
11457
Microsoft Windows SMB Registry : Winlogon Cached Password
Weakness
65821
SSL RC4 Cipher Suites Supported
10107
HTTP Server Type and Version
10147
Nessus Server Detection
10386
Web Server No 404 Error Code Check
10394
Microsoft Windows SMB Log In Possible
Total
151
Final Report
16
10395
Microsoft Windows SMB Shares Enumeration
10396
Microsoft Windows SMB Shares Access
10397
Microsoft Windows SMB LanMan Pipe Server Listing Disclosure
10400
Microsoft Windows SMB Registry Remotely Accessible
10456
Microsoft Windows SMB Service Enumeration
10736
DCE Services Enumeration
10785
Microsoft Windows SMB NativeLanManager Remote System
Information Disclosure
10859
Microsoft Windows SMB LsaQueryInformationPolicy Function SID
Enumeration
10860
SMB Use Host SID to Enumerate Local Users
10863
SSL Certificate Information
10902
Microsoft Windows 'Administrators' Group User List
10913
Microsoft Windows - Local Users Information : Disabled accounts
10915
Microsoft Windows - Local Users Information : User has never
logged on
10916
Microsoft Windows - Local Users Information : Passwords never
expire
10940
Windows Terminal Services Enabled
11011
Microsoft Windows SMB Service Detection
11153
Service Detection (HELP Request)
11936
OS Identification
12053
Host Fully Qualified Domain Name (FQDN) Resolution
12634
Authenticated Check: OS Name and Installed Package Enumeration
14272
netstat portscanner (SSH)
16193
Antivirus Software Check
17651
Microsoft Windows SMB : Obtains the Password Policy
19506
Nessus Scan Information
20301
VMware ESX/GSX Server detection
20811
Microsoft Windows Installed Software Enumeration (credentialed
check)
20836
Adobe Reader Detection
20862
Mozilla Foundation Application Detection
21561
QuickTime for Windows Detection
21643
SSL Cipher Suites Supported
22964
Service Detection
24260
HyperText Transfer Protocol (HTTP) Information
24269
Windows Management Instrumentation (WMI) Available
24270
Computer Manufacturer Information (WMI)
24272
Network Interfaces Enumeration (WMI)
24274
USB Drives Enumeration (WMI)
24871
Logical Drive Insecure Filesystem Enumeration (WMI)
Final Report
17
25197
Windows Wireless SSID (WMI)
25996
iTunes Version Detection (credentialed check)
26201
VMware Workstation Detection
27524
Microsoft Office Detection
28211
Flash Player Detection
31728
VMware Player detection (Windows)
31852
VLC Detection
32504
Adobe AIR Detection
33545
Oracle Java Runtime Environment (JRE) Detection
34096
BIOS Version (WMI)
34112
Wireshark / Ethereal Detection (Windows)
34252
Microsoft Windows Remote Listeners Enumeration (WMI)
35297
SSL Service Requests Client Certificate
35730
Microsoft Windows USB Device Usage Report
38153
Microsoft Windows Summary of Missing Patches
38687
Microsoft Windows Security Center Settings
38689
Microsoft Windows SMB Last Logged On User Disclosure
40405
Web Server Detection (HTTP/1.1)
42399
Microsoft Silverlight Detection
42410
Microsoft Windows NTLMSSP Authentication Request Remote
Network Name Disclosure
43111
HTTP Methods Allowed (per directory)
44401
Microsoft Windows SMB Service Config Enumeration
45050
WMI Anti-spyware Enumeration
45051
WMI Antivirus Enumeration
45052
WMI Firewall Enumeration
45410
SSL Certificate commonName Mismatch
45590
Common Platform Enumeration (CPE)
48337
Windows ComputerSystemProduct Enumeration (WMI)
48942
Microsoft Windows SMB Registry : OS Version and Processor
Architecture
50346
Microsoft Update Installed
50845
OpenSSL Detection
51187
WMI Encryptable Volume Enumeration
51351
Microsoft .NET Framework Detection
51891
SSL Session Resume Supported
52459
Microsoft Windows SMB Registry : Win 7 / Server 2008 R2 Service
Pack Detection
54615
Device Type
55472
Device Hostname
56310
Firewall Rule Enumeration
Final Report
18
56468
Time of Last System Startup
56954
Microsoft Revoked Digital Certificates Enumeration
56984
SSL / TLS Versions Supported
57033
Microsoft Patch Bulletin Feasibility Check
57041
SSL Perfect Forward Secrecy Cipher Suites Supported
58181
Windows DNS Server Enumeration
58292
iCloud Detection (Windows)
58452
Microsoft Windows Startup Software Enumeration
58651
Netstat Active Connections
60119
Microsoft Windows SMB Share Permissions Enumeration
62042
SMB QuickFixEngineering (QFE) Enumeration
62563
SSL Compression Methods Supported
63080
Microsoft Windows Mounted Devices
63620
Windows Product Key Retrieval
64558
VMware vSphere Client Installed
64582
Netstat Connection Information
64814
Terminal Services Use SSL/TLS
65739
Oracle Java JRE Universally Enabled
65743
Oracle Java JRE Enabled (Internet Explorer)
65791
Microsoft Windows Portable Devices
66334
Patch Report
66420
Microsoft Windows Essentials Installed
66424
Microsoft Malicious Software Removal Tool Installed
66517
Adobe Reader Enabled in Browser (Internet Explorer)
70329
Microsoft Windows Process Information
70331
Microsoft Windows Process Module Information
70544
SSL Cipher Block Chaining Cipher Suites Supported
70613
Microsoft Windows AutoRuns LSA Providers
70615
Microsoft Windows AutoRuns Boot Execute
70616
Microsoft Windows AutoRuns Codecs
70617
Microsoft Windows AutoRuns Explorer
70618
Microsoft Windows AutoRuns Registry Hijack Possible Locations
70619
Microsoft Windows AutoRuns Internet Explorer
70620
Microsoft Windows AutoRuns Known DLLs
70621
Microsoft Windows AutoRuns Logon
70622
Microsoft Windows AutoRuns Network Providers
70623
Microsoft Windows AutoRuns Print Monitor
70624
Microsoft Windows AutoRuns Report
70625
Microsoft Windows AutoRuns Scheduled Tasks
70626
Microsoft Windows AutoRuns Services and Drivers
Final Report
19
70629
Microsoft Windows AutoRuns Winlogon
70630
Microsoft Windows AutoRuns Winsock Provider
70767
Reputation of Windows Executables: Known Process(es)
70768
Reputation of Windows Executables: Unknown Process(es)
71246
Enumerate Local Group Memberships
72367
Microsoft Internet Explorer Version Detection
72482
Windows Display Driver Enumeration
72684
Enumerate Local Users
76946
VMware vCenter Converter Installed
77605
Microsoft OneNote Detection
77668
Windows Prefetch Folder
Related documents
Chapter 1Computer Concept
Chapter 1Computer Concept
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
Nichole Klocke de Rodriguez
Nichole Klocke de Rodriguez
Database Administration Fundamentals
Database Administration Fundamentals
ASP.NET MVC
ASP.NET MVC
Old YMCA Building in Richmond, Indiana 47374
Old YMCA Building in Richmond, Indiana 47374
Database Administration Fundamentals Course Outline
Database Administration Fundamentals Course Outline
Cloud OS Vision Deck Full Version
Cloud OS Vision Deck Full Version
Download
advertisement