Appendix C: Sample NVA Report (8/9)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

258 Managing Network Vulnerability Assessment

Client Trust Model

CLIENT has as its basic trust model the underlying premise that all internal

trafﬁc can be trusted. In an effort to balance the business needs of their users,

they have decided to have an almost completely open internal environment

with almost no centralized internal controls in place. The model is one in

which each resource provides its own protection controls in accordance with

the risk associated with that resource while the outer perimeter is protected

by network-based control measures. The model also assumes that all trusted

external links, such as links to corporate headquarters, are a part of the internal

network.

Appendix C-1: List of Tests Performed

This appendix lists the tests that were performed. Detailed information as well

as the original data ﬁles on each test are provided on the supplemental CD

included with this report.

Network-Based Tests

List of IP Addresses Tested

XXX.XXX.96.0 to XXX.XXX.97.255

XXX.XXX.247.248 to XXX.XXX.247.255

XXX.XXX.42.0 to XXX.XXX.42.255

XXX.XXX.113.0 to XXX.XXX.113.255

Scanner

Location IP Address

Monitor

Location IP Address Test Description

External to

ﬁrewall

XXX.XXX.96.88 Internal to

ﬁrewall

XXX.XXX.42.88 Phase 1 tests,

NetRecon,

and ISS

Internal of

ﬁrewall

XXX.XXX.42.88 Internal on

VLAN of

target

Varied, based

on target

host

NetRecon and

ISS on

speciﬁc

targets

Internal of

ﬁrewall

XXX.XXX.42.88 Internal to

ﬁrewall

XXX.XXX.42.89 NetRecon and

ISS general

scan on

entire

network

Sample NVA Report 259

XXX.XXX.118.0 to XXX.XXX.118.255

XXX.XXX.125.0 to XXX.XXX.125.255

XXX.XXX.128.0 to XXX.XXX.128.255

XXX.XXX.0.0 to XXX.XXX.255.255

XXX.XXX.83.102

XXX.XXX.83.86

XXX.XXX.129.245

Speciﬁc IP Address Targeted for Point Scans by ISS and NetRecon

XXX.XXX.94.10 XXX.XXX.95.10

XXX.XXX.148.31 XXX.XXX.148.32

XXX.XXX.64.10 XXX.XXX.239.3

XXX.XXX.32.15 XXX.XXX.84.185

Speciﬁc IP Addresses Used for the ESM Conﬁguration Audit

XXX.XXX.94.10 XXX.XXX.16.57

XXX.XXX.226.2 XXX.XXX.148.31

XXX.XXX.148.32 XXX.XXX.84.160

XXX.XXX.32.15 XXX.XXX.32.3

Speciﬁc ISS Tests Conducted during Point Scans

ISS performs several hundred tests. The conﬁgurations that tell ISS which tests

to run are known as ISS Policies. Your Company ran a full range of policies,

including a policy that tested for all vulnerabilities in the ISS database and a

policy that tested for all denials of service in the ISS database. All ISS Policies

used by Your Company are located on the Supplemental CD at <CD ROM>

ISS ReportsPolicies.

Speciﬁc NetRecon Tests Conducted during Point Scans

NetRecon collects data from the target machine by sending it queries. Given

the responses that NetRecon gets back, it then looks into its database to

determine which vulnerabilities would be present. The process by which

NetRecon does this is known as a path analysis. All NetRecon tests and the

resulting path analysis are included in the NetRecon data ﬁles located on the

Supplemental CD at <CD Rom>Data FilesAxent NetRecon.zip.

Speciﬁc ESM Policy Tests Conducted

ESM runs conﬁguration audit tests against the data it collects from agents

installed on machines to audit. These tests are known as ESM Policies. All

260 Managing Network Vulnerability Assessment

ESM Policies are located on the Supplemental CD as.html ﬁles at <CD ROM>

ESM ReportsPolicy.

Remote Access Phone Dialing Tests

Number Range Dialed

Duplicate numbers were removed during dialing.

XXX4480 to XXX4499

XXX7160 to XXX7179

XXX7100 to XXX7299

XXX7300 to XXX7499

XXX2360 to XXX2399

XXX6000 to XXX6499

XXX1400 to XXX1999

XXX2000 to XXX2019

XXX2100 to XXX2119

XXX5500 to XXX5599

XXX3753 to XXX3852

XXX1400 to XXX3999

XXX6000 to XXX6999

XXX7300 to XXX7999

XXX6500 to XXX6999

Numbers Captured (responses received)

XXX4489 XXX4496 XXX7126 XXX7191 XXX7200

XXX7201 XXX7203 XXX7204 XXX7205 XXX7207

XXX7284 XXX7291 XXX3761 XXX3810 XXX3839

XXX1411 XXX1412 XXX1414 XXX1425 XXX1427

XXX1430 XXX1434 XXX1437 XXX1438 XXX1441

XXX1447 XXX1448 XXX1487 XXX1541 XXX1544

XXX1545 XXX1546 XXX1559 XXX1586 XXX1594

XXX1625 XXX1628 XXX1642 XXX1655 XXX1659

XXX1677 XXX1698 XXX1708 XXX1752 XXX1765

XXX1769 XXX1799 XXX1821 XXX1835 XXX1836

XXX1845 XXX1856 XXX1881 XXX1907 XXX1908

XXX1917 XXX1918 XXX1930 XXX1944 XXX1983

XXX2106 XXX2109 XXX2392 XXX2500 XXX2511

XXX2512 XXX2513 XXX2514 XXX2515 XXX2517

XXX2520 XXX2522 XXX2523 XXX2526 XXX2535

XXX2536 XXX2537 XXX2538 XXX2552 XXX2564

XXX2565 XXX3761 XXX3810 XXX3839 XXX3988

XXX6019 XXX6097 XXX6100 XXX6101 XXX6155

XXX6208 XXX6227 XXX6228 XXX6245 XXX6300

XXX6322 XXX6324 XXX6351 XXX6363 XXX6400

Sample NVA Report 261

XXX6413 XXX6420 XXX6424 XXX6550 XXX6557

XXX6588 XXX6589 XXX6594 XXX6631 XXX6632

XXX6633 XXX6635 XXX6648 XXX6649 XXX6669

XXX6687 XXX6727 XXX6772 XXX6774 XXX6800

XXX6806 XXX6807 XXX6811 XXX6851 XXX6926

XXX6989 XXX6550 XXX6557 XXX6588 XXX6589

XXX6594 XXX6631 XXX6632 XXX6633 XXX6635

XXX6648 XXX6669 XXX6687 XXX6727 XXX6772

XXX6774 XXX6800 XXX6806 XXX6807 XXX6810

XXX6811 XXX6851 XXX6926 XXX6989

Numbers Responding with a Log-In Prompt

XXX-2500 XXX-2535

XXX-2512 XXX-2536

XXX-2513 XXX-2538

XXX-2514 XXX-2556

XXX-2515 XXX-2564

XXX-2517 XXX-2565

XXX-2522 XXX-6811

XXX-2523 XXX-6810

XXX-2526 XXX-6811

Physical Security Tests

A survey of the physical site was conducted along with interviews of the

CLIENT guard force. Additional ﬁndings were discovered through the course

of normal observation. Your Company speciﬁcally looked for places or times

where an intruder could gain access to critical or sensitive areas or systems.

Social Engineering Tests

Social engineering tests were not performed.

Appendix C-2: Summary Information

This appendix contains a summarization of the primary test phases performed

and the results of those tests that did not result in ﬁndings. Also, any additional

information that the tests produced that would provide value to CLIENT, but

did not necessarily indicate vulnerabilities, is included here.

Zero-Information-Based (ZIB) Summary

The ZIB was conducted with the assistance of the Sam Spade tool. Sam Spade

is a collection of tools designed to retrieve information from various public

262 Managing Network Vulnerability Assessment

Internet sources and provide them in a user-friendly interface. Logs of these

tests are included on the CD in the Additional DataIB Data directory. The

test resulted in no signiﬁcant information being made available to the testers.

The ﬁrewall and other external devices did not yield their identities without

direct probing, and that probing was detected by the PIX ﬁrewalls. The results

of this test did not yield any ﬁndings for this report.

Administrative Controls Summary

The administrative controls testing involved several components. Your Com-

pany examined the policies and procedures provided to us by CLIENT as one

component. Physical and operational controls were tested as another compo-

nent and, ﬁnally, interviews were conducted with system and network admin-

istrators as the ﬁnal step in these tests.

Interviews Summary

Interviews with various IT employees revealed three common themes:

1. A desire to do good work

2. A belief that the word “no” was not in the vocabulary of IT when it came

to the business users

3. A belief that developers were evil and that business users were almost as

bad

The people within the IT group at CLIENT are good people who wish to

succeed; they are, however, tired of being in a reactionary mode and wish

to move to a proactive mode. Their primary concerns and complaints have

made it into this document as parts of ﬁndings, but all of them also expressed

pleasure in their work and want to see their environment be successful.

Appendix C-3: Figures and Diagrams

This appendix contains any drawings, ﬁgures, or diagrams referenced in the

report or included for explanatory value. Additionally, a network diagram is

also included as a reference for the location and scope of the tests performed

by PA.

Information Security Concept Flow

Exhibit C-3.1 describes how information security concepts ﬂow into and relate

to each other. Of particular concern to this document are the relationships to

vulnerabilities. The goal of this report is to make the owners of assets aware

of the vulnerabilities that lead to risks to the assets that the owners are

responsible for and value.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Appendix C: Sample NVA Report (8/9)

Create new playlist

Sign In

Sign Up

Table of Contents for
Appendix C: Sample NVA Report (8/9)