Tuesday, November 17, 2009

Information Security Maintenance: Week 12

Write about ways that penetration analysts limit the risk they pose to internal systems. You may need to conduct research to fulfill this task.Also, look at popular news sources for stories related to computer vulnerabilities. Research the vulnerabilities to see if there are any inconsistencies between the way the press reports them and the way researchers have documented them. Give examples.

There are several ways penetration analysts limit the risk they pose to internal systems and they are:

- Testing/Development Environments
- Perform tests during off peak times

By performing penetration tests on testing environments, analysts are able to show what a successful attack could do the environment without affecting the live environment. In doing so, situations such as network performance degradation etc, are not seen by the company or its customers.

Another method of limiting the risk is by performing all tests during off peak time, i.e. when the systems are not in use. By doing so, even if the systems have are slow or if its performance is hampered, it will not have a large impact on the business.
1) July 28. 2009 saw the release of a out-of-band (emergency patch) by Microsoft for an Internet Explorer Vulnerability. This vulnerability was in Microsoft’s web browser, Internet Explorer allowing remote code execution (through Microsoft Active Template Library (ATL). This vulnerability was reported widely, however there were varying information on news websites, with not all information given by Microsoft being released or correctly reported on. Two examples of this are:

• Microsoft source (http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx) states the vulnerability is seen as critical on, Windows 2000, XP & Vista. Age article only quotes the 2000 and XP vulnerability.

• The Age website (http://www.theage.com.au/technology/security/microsoft-releases-security-patch-for-ie-20090729-e0m5.html ) reports that "If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system whereas the Microsoft website does not stipulate that other users will not be affected. Microsoft states, they have less likely chance, by the comment “ Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. “

Late 2008 (November 21st, 2008) saw the reign of the Conflicter Virus (http://www.microsoft.com/security/worms/conficker.aspx), taking advantage of the Microsoft Vulnerability MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) which saw the Windows Operation systems Server Service allow remote code execution in Microsofts Windows 2000, XP, Vista, Server 2003 & Server 2008 operating systems. It uses flaws in Windows software to co-opt machines (zombies) and link them into a virtual computer that can be commanded remotely by its authors (capable of ddos attacks). News reports came out days before the defined “go live” date of the 1st of April (co-inciding with April Fools day). SMH articles hyped the virus up, however failed to mention that patches had been previously released in 2006 to correct this issue (http://www.smh.com.au/technology/security/conficker-worm-threatens-april-fools-chaos-20090615-c9o8.html) .

This was also the case for the Slammer Virus in 2002, which took advantage of a Buffer Overrun in the Microsoft SQL Server 2000 (Microsoft MS02-039), where a large ddos’s like attack took place, disrupting internet services around the world within 10 minutes of going live. The Slammer exploit was first corrected almost 7 months earlier by Microsoft. Since the slammer attack, more reports are coming on news websites, advising risks of new outbreaks, with system administrators taking these alerts more seriously.

No comments:

Post a Comment