Solved

Network security check

Posted on 2011-03-25
7
338 Views
Last Modified: 2013-12-07
Hello, we have a client that seems to be convinced that a competitor has hacked their servers and
is stealing information about their bids and making a bid below their asking price.

What they want us to do is find out if this is actually going on.

Does anybody have an idea of what kind of software we could use for this?

Take care


0
Comment
Question by:daxa78
7 Comments
 
LVL 4

Assisted Solution

by:MaximumIQ
MaximumIQ earned 100 total points
ID: 35216958
Check out http://www.qualys.com/ this is what I use in my organization. They Scan your network from the outside in and report any security holes, vulnerabilities or potential vulnerabilities to you. They're very well trusted and they’re also SAS70 a PCI compliant.
0
 
LVL 25

Accepted Solution

by:
madunix earned 200 total points
ID: 35217320
actually i use Backtrack for vulnerability
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf

Look also for the following software (AppScan) from IBM
http://www-01.ibm.com/software/awdtools/appscan/
0
 
LVL 15

Assisted Solution

by:Russell_Venable
Russell_Venable earned 200 total points
ID: 35224451
Your stepping into a wide alley here. There is a lot of things to look at instead of blinding scanning for vulnerability's. Even if you scan with these tools it does not mean its guaranteed to find your problem. This always falls on how good the administrator is at his\her job. Administrators need to make sure all user input is filtered and escaped properly especially all code that is exposed to the world. Paranoia is the key to survival here.

You will need to look at:

1. Your current running environment(Your Operating System, PHP, SQL, PERL, ASP, Anything else that has a port to the outside world.)

2. Current running processes

3. Check user credentials(Weak passwords, Suspicious accounts, etc)

4. Check up on advisory boards for updates on vulnerabilitys that relate to your current environment.

5. Check Security settings for weak setup.( AKA: No encryption, Allow Anonymous logins, unchecked/escaped user input fields, etc)

6. Check logs for activity(Router, Firewall, Event logs, anything with a history)


Once you have a grasp of your security in that manor you can start using vulnerability scanning tools to see if it there is a hole in your security. Most successful attacks happen because the administrator of the server is not security conscious and thus leaves the server weakly protected or no protection.

Backtrack is only suggested to be used by power users and certified(CEH) Penetraton specialists who have a good understanding of security tools and linux operating system. Improper use of these tools is a criminal offense and punishable by applicable law where you reside or depending on export laws of the software agreement. Just to stay on the safe side. If you run a personal remote attack on your server without notifying (Security Manager, ISP(BIG ONE!!!), CEO, etc) things can get really interesting quickly. If its just a internal audit then you dont need to worry about remote tests and only need to alert your companys CEO, etc as these tests will consume resources  and be a burden on the systems during the tests.

Thats just a few things to keep in mind if your trying to do this manually.

If you can Afford to hire a Penetration specialist I would suggest that you make sure they are legit. Do good checkup on there reputation.

Compliant with:
Customer Defined
Government Assurance Pack
HIPAA
ISO27001
Microsoft Lockdown
NSA Lockdown
Sarbanes Oxley
Etc.
If they dont keep your info to any of these standards then your confidential information is not a secret anymore and would be suggested to not use them.

Each company doing the test will give you a update before they perform any tests and when there done they will give a you a full report of what is vulnerable.

Included reports are:
Vulnerability Assessment
Penetration Test Type:

1. White-Box

2. Black-Box

3. Grey-Box

Purpose of Test

Other things they will do are
Obtain appropriate Network details (dependant on level of test.)
Obtained signed Authority to Test
Non-Disclosure Agreement
Obtain Special Clearances required
Known waivers/exemptions
Contractual constraints
Points of Contact
Who carried out
Physical inspection

At the end you get a risk assessment and usually operational risk management training.

MaximumIQ's suggestion is a good one. One of many but he has a good point from his experience and I would agree with him on that company.

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Expert Comment

by:anthonyhardy
ID: 35241089
Russell is largely correct here, but don't forget the most common method of hacking, social engineering.

As far as process, I recommend getting permission for a full check of their systems and personnel (including hacking it yourself) and then do pen-testing via phone.  Call up, ask for passwords (pretend you are "tech support").  Find out who "supposedly" has access to the bid documents and setup auditing on those files (assuming that IT isn't involved in the leak).  

90% of the time, if there is a specific reason for the attack/theft, it's someone inside or at least with close ties to the organization. If you aren't familiar with SE, a quick google search will do wonders.  Like:
http://www.csoonline.com/article/596512/social-engineering-techniques-4-ways-criminal-outsiders-get-inside
and
http://www.pcworld.com/article/182180/top_5_social_engineering_exploit_techniques.html
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35439735
Did you get your answer?
0
 
LVL 1

Author Comment

by:daxa78
ID: 35452495
HI Russel, Im still doing some more research than you so much for the input. I will close this q very soon.
Sorry for the delay. Been crazy busy.
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35453346
I can understand. Just wanted to let you know you're not being ignored. Hope all goes well in your further research.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now