Network Security Assessment Report: Part 1 - Vulnerability Analysis

Verified

Added on 2019/09/22

AI Summary

This report presents a comprehensive network security assessment, detailing vulnerabilities discovered through various techniques, including physical inventory, automated tools (NMAP, Nessus), and manual inspection. The assessment reveals critical issues such as missing security patches, misconfigured firewall rules, open USB access, weak or default passwords, insecure wireless networks (WEP and rogue access points), inactive intrusion prevention system (IPS) signatures, insecure data flow over public and MPLS networks, and a lack of security device monitoring and log management software. The analysis highlights the potential impact of these vulnerabilities on data confidentiality, integrity, and availability (CIA), emphasizing the need for immediate remediation. The report underscores the importance of timely patch management, robust firewall configurations, USB port security, strong password policies, secure wireless protocols, active IPS signatures, data encryption, and the implementation of security monitoring tools to detect and mitigate threats. The findings underscore the need for a proactive approach to network security, including regular assessments, policy enforcement, and continuous monitoring to protect against potential attacks and data breaches.

Network Security Assessment
Part – 1
Vulnerabilities Assessment

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Introduction
The purpose of this document is to provide an overview of the areas of network security and
vulnerabilities of the network and the devices connected to the network.
This process involves performing an in depth threat and risk assessment on all the different areas
and network component to determine which of the areas are needed to be hardened for security.
This will be done by using various tools and methods for the assessment. The final report will be
including the areas which are needed to be hardened and what vulnerabilities are associated with
that system and what steps and measures are needed to be applied in order to remove or mitigate
such network security vulnerabilities.
Information Collection Techniques
The Network Security Assessment Team used the following information collection techniques
and tools to gain and collect information and understanding of the network and server
vulnerabilities:
Information was collected through physical inventory:
 Hardware
 Software
 Data and information

The following automated discovery/collection tools were used on the servers to collect technical
information:
 Network Mapper (NMAP)
 Nessus Vulnerability Scanner
 Personal observation
 Manual inspection
 Access control permissions
 Wireless Leakage
 Intrusion Detection testing
 Firewall testing
Identification of potential threats that could adversely impact systems or data’s Confidentiality,
Integrity, and/or Availability (CIA).
 Identification of vulnerabilities discovered
 Estimation of the likelihood that threats would/could exploit identified vulnerabilities
 Assess the impact to the systems and / or data’s CIA if a threat were to exploit a given
vulnerability.
 Identification of ports and access open for non - authorized personal
 Perimeter security check for firewall rules.
 System checks for necessary protection software and unauthorized access
 Policy for data protection
Terminology and Clarifications

The reports we have presented uses a variety of terms related to the field of cyber security.
The terms, listed below, are particularly important.
• Attack: A malicious act that attempts to collect, disrupt, deny, degrade or destroy information
system resources or the information itself.
• Incident: A security event that compromises the integrity, confidentiality, or availability of an
information asset.
• Breach: Compromise of security that leads to the accidental or unlawful destruction, loss,
alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise
processed.
• Disclosure: A breach for which it was confirmed that data was actually disclosed (not just
exposed) to an unauthorized party.
Findings and Analysis.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Missing patches
After analysis of the systems found that the windows and other softwares did not have the latest
security patches installed. This is a severe vulnerability as an attacker or a rogue insider would
only need one old patch, or a missing patch on a server that has some flaws or which permits an
unauthenticated or unauthorized user or attacker to command prompt or other backdoor path into
the web or network environment. We surely need to be careful when applying patches to servers
this includes checking for patches in a timed manner or schedule but also not to apply patches
that are old. Like some patches are even 10 years old in some cases. This makes is a severe
vulnerability as the attacker would already know the problem, security issue or flaw with the
patch and it just makes it easy for him in order to attack the system as the knowledge of the
outdated system is openly available and common knowledge among the security personals.
There are too many incidents and attacks which occur due to the advantage and criminal hackers
and cyber criminals take for the exploit on an unprotected and outdated unpatched system.
Misconfigured firewall rules and policies.
After analyzing the network requirements and the public servers. And then evaluating the policy
for the firewall, found that Firewall was not properly configured for the rules that should be
present as per the network requirements for securing the inside network. As the firewall had
misconfigured for rules that should have been updated as per new network requirements time to
time. As it had some rules that would not be able to stop the traffic coming from the outside or
external network because it had been allowed by the firewall and there were no policies to stop
unwanted traffic which may cause an unauthorized personal to access the internal network by

those ports and policies which should have been blocked by the firewall. And the servers were
not protected as anyone could have taken control of the servers by remotely accessing the server
by those unwanted open ports.
Open USB access on ports.
This is serious concern as USB ports should be block as it can cause unwanted an malicious
software to be installed or infect the system with virus. This may then lead to damage or leak of
the exclusive and confidential information. The rogue inside user may also use these ports to
plant a malicious virus or software that may trigger unwanted traffic and corrupt other nearby
systems which are present on the network. USB drives are also one of the most common ways
and techniques by which a network can get infected from inside a firewall.
Weak or default passwords
Passwords are the first line of defense against an attacker as it stops the attacker or unauthorized
personal to administer the device or system. The weak or default passwords which are easy to
guess can cause serious damage as the user can have unlimited access to the device by logging in
to the device and can manipulate any security policy or steal any data. The password must be
kept secret and should be according to the password policy for example containing alphanumeric
and special characters. On servers it may cause even more damage as systems or servers are
susceptible to attacks like SQL injections, Dictionary attacks and Brute force attacks
Insecure Wireless Network

After analysis found that the wireless network is not secure and has many flaws and
vulnerabilities that are susceptible to attacks, which can lead to access the network by the
attacker. This may also lead to network access without proper authentication and may cause the
other devices on the network to get infected. The wireless network was configured for WEP
which is not secure as per today's technology. The attackers’ only need to guess or determine the
WEP key associated with the wireless controller and can lead to network access as this process
can be done in seconds. Once the attacker or unauthorized personal had determined the WEP
key, he can get into the network not only can effect or attack others but will be able to monitor
the traffic or can take advantage and get the administrator's role and change current settings
which may disrupt the whole network. There were also Rogue access points which were detected
in the network, a rogue access point is the wireless access point which installed without any
explicit permission or authorization of the member of network administration team. It creates the
potential for various attacks like the man in the middle attack where the security of a network has
breached. To avoid the installation of the rogue access points, the network administration team
monitors the network for the newly installed access points with the help of wireless intrusion
prevention system (IPS) which will help detect changes in a radio spectrum which indicate the if
any new access point is operational and installed. Most of these systems will take automatic
countermeasures by identifying a rogue and redirecting the traffic away from that.
Intrusion Prevention System (IPS) Signatures not Active.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Found that the IPS was not configured for some of the new types of attacks and hence was not
able to detect attacks and network intrusions. There were no signatures present in the database as
the IPS had not been updated in a long time and was not being monitored properly for new
attacks and intrusions. Also some of the important and severe attack signatures are disabled and
may lead to passing of attacks undetected.
Insecure DATA flow over Public and MPLS network
The DATA transfer over the MPLS connections between sites at different locations was mot
encrypted and the data was plain text. Hence can be viewed by anyone. This may lead to a
successful man in the middle attack, if the attacker gains access to the data traffic he will be able
to view all the files and data which is transmitted as well as received. And the data flow over the
Public Internet via VPN was using a very basic encryption which is susceptible to brute force
and key guess attacks and can easily be decrypted. Also there were no hashing mechanisms to
ensure integrity of the DATA over the network. The DATA if changed may will not dropped and
will be accepted as good data but in reality the data will be changed and will cause loss of
information moreover wrong information and corruption of DATA.
No Security Device Monitoring and log management software
The company network lacks a security monitoring device and workstation equipped with
monitoring tools to collect and gather data from the network to provide a platform for quick
assistance and countermeasure if any security breach is detected by the security devices.
Currently the systems have to be logged in separately to ensure the proper working and to detect
the anomaly in the network. There are no SNMP management stations to show the status of the
devices connected to the network to provide real-time monitoring.

Weak Defenses as Layer 2 switching network
The network security at the layer 2 or LAN switching level is not secured with appropriate
security measure such as PORT Security, Authentication of PC’s by 802.1x authentication to
provide network access to the device. The devices are capable and have this feature and it is
recommenced to configures such defences to avoid unauthorized network access to the user with
the use of authentication.