SecurIT Audit
World's Largest Selection of Internet Software!
_
_
_
_
_
_
_
_
_
Click the appropriate flag above for a Real Video/Audio Player presentation.
Click here to view all our FREE Evaluations or our End User Ordering Information.
Leading Edge Software Vendors click here for Advertising Information .
Click here for Consulting Services.
Click here for Internet Stock Quotes.
Click here to download
an evaluation or/and
access more information.
1 SecurIT AUDIT
SecurIT AUDIT is part of Milkyway Network's SecurIT Suite that also includes SecurIT FIREWALL and SecurIT ACCESS. SecurIT AUDIT is a security auditing tool that assists organizations in the fight against security breaches by identifying and providing effective solutions to security vulnerabilities.
SecurIT AUDIT can test your network for most of the security vulnerabilities listed by the Computer Emergency Response Team (CERT) at Carnegie Mellon University and the US Department of Energy Computer Incident Advisory Capability (CIAC), both recognized sources of security-related information. SecurIT AUDIT can be configured to test your internal security (security practices on your internal network) as well as your perimeter security (your protection from unauthorized access from the Internet).
SecurIT AUDIT's application program interface allows new tests for security vulnerabilities to be created as new security threats are found. Once created, new tests can be easily added to the product, keeping SecurIT AUDIT up-to-date as security needs change.
2 Information Security
The need for network security is widely apparent. Distributed computing networks that carry sensitive information are continuing to grow and more and more people have access to the technology and techniques to break into them, reports Mary Gooderham, from the Toronto Globe and Mail.
A recently released Ernst & Young survey of 1,300 of information professionals found that the increased use of electronic messaging and networked computer systems such as the Internet and central database resources (open computing) have made information security a top priority among management. Of the organizations that responded to the survey:
- 84% are processing important financial data on the local area networks (LANs)
- 54% have suffered security-related financial losses
- 20% of those using the Internet had experienced an attempted or successful break-in to their network
- unauthorized access to information within a network may go undetected, particularly if the intruder does not alter the network or its data
- most organizations do not have adequate tools or properly trained personnel to defend against information security loses
These findings point to a growing understanding of the need for effective information security. Effective information security includes increased awareness of remote access security risks.
Security Risks
Effective information security begins by determining what information is to be protected and what are the significant security risks that must be overcome to protect that information. Security risks arise if an organization has assets to be protected and agents are willing to exploit security vulnerabilities to attack these assets:
- Assets are information or services that an organization seeks to protect. Assets that are at risk include proprietary information, confidential information, confidential client or third party information (such as client credit card numbers), services to clients or the public, and the reputation of the organization.
- Security vulnerabilities are weaknesses or faults in network protocols, software, and configurations that can potentially be exploited to breach security. Even though vulnerabilities may exist, they require an agent to actually become a security risk.
- Agents are the people who exploit vulnerabilities. Agents target different types of assets and pose different types of threats depending on their motivation. Agents may steal (either information or related material such as credit card numbers), show off, change information, or vandalize. The result of exploiting a vulnerability could be a denial of service, loss of data, theft of resources, loss of secrecy, or loss of reputation.
Source of Security Risks
Agents can start attacks from outside or inside a private network. Thus effective security must strengthen:
- Perimeter security to prevent unauthorized access to a private network from the Internet or from dial-in connections. A firewall can be used to protect a private network from the Internet. Access to dial-up connections should be restricted and require strong authentication to log on to the private network.
- Internal security to protect sensitive data from unauthorized access from within the company. Internal security protects sensitive data from internal agents as well as from external agents who gain unauthorized access to the private network.
3 The SecurIT AUDIT Solution
SecurIT AUDIT is a pre-emptive security auditing tool that assists companies in fighting against security breaches by identifying, preventing, and responding to many network security (remote access) vulnerabilities. SecurIT AUDIT can identify and provide solutions to strengthen both perimeter and internal security problems by testing for three basic categories of network system vulnerabilities:
- Protocol, fundamental rules that govern the communication between computers and between networks. A company network may use one or more protocols for their internal network and a different protocol to communicate with the Internet. By their nature some protocols have inherent security holes that can be exploited by an attacker. A Firewall can protect a network from many protocol problems, and SecurIT AUDIT can test the Firewall to make sure it is working effectively.
- Software, including the operating systems and network communications applications supporting communications between computers and between networks. Software vulnerabilities usually result from using insecure versions of vendors software products.
- Configuration, the way in which hardware and software is configured on a network. Configuration vulnerabilities can result from not understanding how to install hardware and software securely and by not having effective security policies. Configuration is a complex area and security configurations are often prone to error, for example a simple typographic error can cause security problems.
SecurIT AUDIT is Part of a Complete Security Solution
SecurIT AUDIT can play a key role in protecting information by working with existing protection systems, such as a firewall to enhance perimeter security. SecurIT AUDIT also strengthens your internal network by ensuring that network communications software is secure and that policies for internal security remain effective. In this way you can judge the effectiveness of your protection systems and ensure that they are functioning correctly.
SecurIT AUDIT provides the system administrator with a powerful tool for auditing network security to ensure both that security policies are implemented sucessfully and that users and systems are secure from attack.
SecurIT AUDIT increases the value of your existing security investment by confirming that your security measures are functioning effectively before an intruder finds the holes for you.
Who Benefits
The benefits of using SecurIT AUDIT to keep your network secure extend throughout entire organizations. Not only does the system administrator sleep better, knowing that the network is as secure as it can be, but SecurIT AUDIT reports provide security information needed by:
- Network Administrators, detailed information about what tests found security vulnerabilities, what those vulnerabilities are, and how to fix them
- MIS/IT Management, higher-level information such as specifics about the network and the overall state of security
- Executive Management, high-level reporting on network security status
- Audit and Control departments, inventory information about network contents and security (profile)
In fact SecurIT AUDIT reports allow organizations to get a grip on their security, by creating statistical snapshots of network security as well as measurements of security over time to track the effectiveness of efforts to improve security and fix security weaknesses found by SecurIT AUDIT.
Internal and Evaluation
Evaluating internal and perimeter security depends on the location from which the evaluation is run. SecurIT AUDIT can be used to evaluate your perimeter defenses from the Internet and your internal configuration from your internal network:
- Perimeter, SecurIT AUDIT runs from a host on the Internet or from a host directly outside of your network or firewall and is used to test your private network defenses, which may include a firewall. SecurIT AUDIT can also be used by a network security evaluation company to evaluate a client's perimeter security from a remote site on the Internet.
- Internal, SecurIT AUDIT runs from a host on your internal network and evaluates the computers running on the internal network. You can also use SecurIT AUDIT to evaluate the internal security of your firewall.
Systems Tested
SecurIT AUDIT tests check for security problems for the following platforms:
- SunOS 4.1.1/4.1.3/4.1.4 (Sun)
- Solaris 2.x (Sun, PC)
- BSDI (PC) and similar products
- Linux (PC/Alpha)
- Windows NT, 95, Workgroups (PC)
- AIX (IBM)
In the future, SecurIT AUDIT will be extended to the following platforms:
- HP/UX
- Ultrix (DEC)
- SCO (PC)
- OSF/1 (DEC Alpha)
- Open VMS (DEC Alpha)
- Irix (Silicon ../graphics)
4 Using SecurIT AUDIT to Evaluate a Network
SecurIT AUDIT is configured and run from a single fully-functional GUI. To evaluate a network you begin by creating a scenario that defines:
- Target addresses or address ranges to be tested
- Vulnerability tests to be run on the targets
Users can also create target groups and test groups to simplify the creation of scenarios to meet specific needs. For example you could create a Windows NT target group that includes all of the Windows NT machines installed on your network. Then a scenario could be created using a Windows NT test group that includes all Windows NT vulnerability tests. Then testing the Windows NT machines on your internal network simply involves running the Windows NT scenario.
Once a scenario is created, the evaluation process can begin You can run the scenario immediately, schedule execution for another time or day, or schedule the scenario to be run weekly, monthly, or yearly.
SecurIT AUDIT runs the scenario against your internal network using the following steps:
- 1. Inventory, SecurIT AUDIT probes all the networks and computers defined in the scenario to identify each machine on the network (by recording the Ping and ARP information) and to identify the active TCP ports on each machine.
- 2. Security Testing, SecurIT AUDIT tests security of the target machines found in the first step by scanning using the tests added to the scenario.
- 3. Reporting, SecurIT AUDIT results include the vulnerability tests run and the results of each test. These results are stored in the SecurIT AUDIT test database and you can use the SecurIT AUDIT reporting function to produce customized reports.
Automatic Targeting
During the Inventory phase of the evaluation, SecurIT AUDIT scans for the targets in the scenario. If one or more of the targets is an address range, SecurIT AUDIT looks for the actual network addresses in the range. Then during the evaluation stage, only the targets that are found are tested.
Concurrent Evaluations
Using load factor controls the system administrator can set the number of evaluations that SecurIT AUDIT runs concurrently during a scan. Concurrent processing means that SecurIT AUDIT runs multiple evaluations against multiple targets at the same time. The result is very fast and efficient security auditing. SecurIT AUDIT does not add any significant load to network traffic or target machines. System administrators can optimize concurrent evaluations depending on the processing power of the machine running SecurIT AUDIT and the number of targets and tests being run.
5 Security Audit Reports
SecurIT AUDIT reports the computers that were tested and lists the security weaknesses found for each computer. The reports also provide detailed information about each test that found a security weakness and how to correct the problem. Also included are links to CERT and CIAC advisories, other security information, and (where appropriate) links to software upgrades.
SecurIT AUDIT Reports can also provide an inventory of the network tested and detailed information about each of the hosts on the network. Finally, SecurIT AUDIT can report hi-level test result statistics that can be used by management to track the results of using SecurIT AUDIT to improve network security
SecurIT AUDIT reports can be displayed on the screen or output to a file as ASCII text or in HTML format. HTML files can be viewed with any web browser.
All reports contain direct links to CERT, CIAC, and other security resources on the World Wide Web. These resources provide addition information about the security vulnerabilities found and how to fix them. Fix information is usually very detailed and includes software patches where appropriate.
Report Formats
Each SecurIT AUDIT Report that you create reports the results of one Scan of one scenario. Creating the report involves selecting the information to be included in the report and the level of detail at which the information is presented. Different levels of detail mean that SecurIT AUDIT reports can be customized for different audiences.
You can choose whether or not to include the following information in the report:
Report Information
SecurIT AUDIT reports have been formulated to provide as much usable information as possible to the end user. Typically a report entry for a specific test would list the name of the test and a brief description of the test:
Anon FTP Passwords
Checks for real passwords in the anonymous FTP directory /etc/passwd file.
The report also lists what the result of the test was and what action should be taken to correct the problem:
Result: FTP passwd File Real
The anonymous FTP directory contains a real password file with encrypted passwords. This allows any one connected to your network to download this password file and attempt to guess at the passwords on your system.
CIAC: A-01,http://ciac.llnl.gov/ciac/bulletins/a-01.shtml
CERT: CA-90:01,ftp://ftp.cert.org/pub/cert_advisories/ CA-93_10.anonymous.FTP.txt
There is no reason for any password to be stored in the anonymous FTP directory. Simply replace all of them with '*'.
Creating Reports for Different Audiences
Reports are created by selecting the information to be included in the report and the level of detail at which the information is presented. Different information and levels of detail may be appropriate for creating reports for different audiences.
Begin by defining your audiences, then consider what information each audience would like to see in a report. Depending on your organization you can consider different levels your organization to be different types of audiences. For example:
6 SecurIT AUDIT Vulnerability Tests
When SecurIT AUDIT scans a network for security vulnerabilities, the software runs security tests against all of the machines to be tested. Each test is an independent software module that tests a target machine for one or more known security vulnerabilities. SecurIT AUDIT runs the test against the target. The test reports results back to SecurIT AUDIT where they are stored in the SecurIT AUDIT database.
SecurIT AUDIT includes tests for a wide variety of remote access security vulnerabilities including a majority of the remote access vulnerabilities documented by CERT and CIAC. These tests can be used to test the general security of computers on a network or for more exacting testing of firewalls, public information servers, or mission critical servers.
In addition to the tests for CERT and CIAC security vulnerabilities, SecurIT AUDIT tests find and provide information about correcting:
As more vulnerabilities are found Milkyway will continue to develop tests to detect and protect against them. The SecurIT AUDIT application program interface (API) also makes it easy for users to add new tests as they are developed.
Test Groups
Test groups, are collections of tests that you group together according to your security objectives. Once created, test groups can be added to a scenario in the same way as adding a single test. You can create your own test groups or use the test groups that are shipped with SecurIT AUDIT:
- Generic, a basic set of tests that should be run against any target
- UNIX, the generic tests, plus tests for vulnerabilities potentially experienced by most UNIX operating systems (SunOS, Solaris, Linux, AIX, etc.)
- NT, the generic tests plus specific modules for testing for Windows NT-specific security vulnerabilities
- Denial of Service, tests for vulnerabilities that if exploited could deny remote access to the target. Use this test group to test public servers (World Wide Web and Mail) and mission critical servers
- Firewall, all SecurIT AUDIT tests, your firewall should be able to withstand testing for all known vulnerabilities
7 Application Programming Interface
SecurIT AUDIT tests are generic and can be added to SecurIT AUDIT without having to re-program the main product. This means that SecurIT AUDIT can easily be adapted to security testing for new vulnerabilities or new platforms simply by creating new tests. Milkyway plans to continue to create new tests and make them available to users in a timely fashion. In this way, Milkyway will keep its users up-to-date with tests for the latest security vulnerabilities.
In addition, individual users can create their own security tests and use the application programming interface (API) to add them to SecurIT AUDIT.
8 System Requirements
SecurIT AUDIT must be installed on a Sun SparcStation 5 or faster computer running Solaris 2.51 and connected to the network to be tested. The SparcStation should include at least:
_______
