Assignment Requirements: You work for EGS Testing Solutions; your company is inv

Question

Assignment Requirements:

You work for EGS Testing Solutions; your company is involved in testing related to access control systems. A large, private fitness club contacted your company because their Web server was hacked. The fitness club has a corporate office with 50 workstations, 4 application servers, 2 e-mail servers, 2 Web servers, and 129 franchisees with 10 workstations and about 3,500 members at each location. Except for the equipment at the franchisees’ locations, all other equipment resides at the central headquarters.

The fitness club was unsure whether the Web server hacking took place because of the former administrator, who quit under less than amenable circumstances, or if an external party had found their “Achilles heel.” The perpetrator was able to access the corporate Web server by using the remote login of the Microsoft (MS) Windows network administrator. Once the hack was realized, the administrator was forced to shut down the connections to all their 129 franchisees that needed access to the corporate Web server. The franchisees require access to the Web server to review their customers’ personal information, fitness progress, and goals as well as to share information with the corporate headquarters in a secure manner. Members and club staff also make periodic payments for dues and services using this system, including credit card payments.

Your company has been engaged to provide a cost-effective solution that would allow the new administrator to do the following:

Control access to resources by preventing unauthorized users from logging in to privileged areas.

Audit and review user activities to prevent future hacks that could compromise network integrity.

Change the existing system to strengthen it as necessary.

Add technology, as necessary, to detect security breaches.

To be able to develop a cost-effective solution, your company must focus on developing a reasonable and cost-effective testing plan to identify any weaknesses in the network.

Develop a comprehensive and ongoing vulnerability and penetration test plan. Include solutions in the test plan for unauthorized access in the corporate workstations, application servers, mail and Web servers, and wireless routers.

Explanation / Answer

Testing plan to identify any weaknesses in the network

There are different techniques in industry to perform the security check. I am using the penetration testing technology to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques.

Pen Testing Techniques:

Manual penetration test

Using automated penetration test tools

Combination of both manual and automated process

// The third process is more common to identify all kinds of vulnerabilities.

Examples of Free and Commercial Tools –

Nmap, Nessus, Metasploit, Wireshark, OpenSSL, Cain & Abel, THC Hydra, w3af

Commercial services: Pure Hacking, Torrid Networks, SecPoint, Veracode

Penetration Test Process involves the following methods:

Data collection: The method includes the Google search is used to get target system data.

Vulnerability Assessment: Based on the data collected in first step one can find the security weakness in the target system.

Actual Exploit: This is crucial step. It requires special skills and techniques to launch attack on target system

Result analysis and report preparation: After completion of penetration tests detailed reports are prepared for taking corrective actions.

Penetration testing sample test cases (test scenario)

Check if web application is able to identify spam attacks on contact forms used in the website.

Proxy server – Check if network traffic is monitored by proxy appliances. Proxy server make it difficult for hackers to get internal details of the network thus protecting the system from external attacks.

Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked. Many email clients come with in-build spam filters which needs to be configured as per your needs. These configuration rules can be applied on email headers, subject or body.

Firewall – Make sure entire network or computers are protected with Firewall. Firewall can be a software or hardware to block unauthorized access to system. Firewall can prevent sending data outside the network without your permission.

Try to exploit all servers, desktop systems, printers and network devices.

Verify that all usernames and passwords are encrypted and transferred over secured connection like https.

Verify information stored inwebsite cookies. It should not be in readable format.

Verify previously found vulnerabilities to check if the fix is working.

Verify if there is no open port in network.

Verify all telephone devices

Verify WIFI network security

Verify all HTTP methods. PUT and Delete methods should not be enabled on web server

Password should be at least 8 character long containing at least one number and one special character.

Username should not be like “admin” or “administrator”.

Application login page should be locked upon few unsuccessful login attempts.

Error messages should be generic and should not mention specific error details like “Invalid username” or “Invalid password”.

Verify if special characters, html tags and scripts are handled properly as an input value.

Internal system details should not be revealed in any of the error or alert messages.

Custom error messages should be displayed to end user in case of web page crash

Verify use of registry entries. Sensitive information should not be kept in registry.

All files must be scanned before uploading to server.

Sensitive data should not be passed in URLs while communicating with different internal modules of the web application.

There should not be any hard coded username or password in the system.

Verify all input fields with long input string with and without spaces.

Verify if reset password functionality is secure

Verify application for SQL Injection.

Verify application forCross Site Scripting.

Important input validations should be done at server side instead of JavaScript checks at client side.

Critical resources in the system should be available to authorized persons and services only

All access logs should be maintained with proper access permissions.

Verify user session ends upon log off.

Verify that directory browsing is disabled on server.

Verify that all applications and database versions are up to date.

Verify url manipulation to check if web application is not showing any unwanted information.

Verify memory leak and buffer overflow.

Verify if incoming network traffic is scanned to find Trojan attacks.

Verify if system is safe from Brute Force Attacks – a trial and error method to find sensitive information like passwords.

Verify if system or network is secured from DoS (denial-of-service) attacks. Hacker can target network or single computer with continuous requests due to which resources on target system gets overloaded resulting in denial of service for legit requests.

To understand each one of the techniques;

First install the application and ensure that you don't have any application running on

Port 8080.

Post Installation, we should be able to access the application by navigating to

http://localhost:8080/attack.

In order to intercept the traffic between clientBrowser and Server

SystemwhereApplicationishostedinourcase, we will have to use a web proxy. We will use Burp Proxyand can be downloaded from http://portswigger.net/burp/download.html

CONFIGURING Burp Suite

Burp Suite is a web proxy which can intercept each packet of information sent and received by the

browser and webserver.

1. The App is installed on port 8080 and Burp is installed on port 8181 as shown below. Launch

Burp suite and make the following settings inorder to bring it up in port 8181.

2. We should ensure that the Burp is listening to Port#8080 where the application is installed so

that Burp suite can intercept the traffic.

3. Then make your browser proxy settings to listen to the port 8181 BurpSuiteport. Thus we have

configured the Web proxy to intercept the traffic between clientbrowser and the serverWebserver.

The application uses untrusted data in the construction without validation. The special characters ought to be escaped.

Login to the application and navigate to cross site scriptingxss Section. Let us execute a Stored Cross Site Scripting XSS attack. Below is the snapshot of the scenario.

As per the scenario let us login as Tom with password 'tom' as mentioned in the scenario itself.

Click 'view profile' and get into edit mode. Since tom is the attacker, let us inject java script into those edit boxes.

As soon as the update is over, tom receives an alert box with the message "hacked" which

means that the app is vulnerable.

As per the scenario, we need to login as jerry HR and check if jerry is affected by the

injected script.

After logging in as Jerry, select 'Tom' and click 'view profile' as shown below.

While viewing tom's profile from Jerry's account he is able to get the same message box.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.