Network security check

Hello, we have a client that seems to be convinced that a competitor has hacked their servers and
is stealing information about their bids and making a bid below their asking price.

What they want us to do is find out if this is actually going on.

Does anybody have an idea of what kind of software we could use for this?

Take care


LVL 1
daxa78Asked:
Who is Participating?
 
madunixCommented:
actually i use Backtrack for vulnerability
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf

Look also for the following software (AppScan) from IBM
http://www-01.ibm.com/software/awdtools/appscan/
0
 
MaximumIQCommented:
Check out http://www.qualys.com/ this is what I use in my organization. They Scan your network from the outside in and report any security holes, vulnerabilities or potential vulnerabilities to you. They're very well trusted and they’re also SAS70 a PCI compliant.
0
 
Russell_VenableCommented:
Your stepping into a wide alley here. There is a lot of things to look at instead of blinding scanning for vulnerability's. Even if you scan with these tools it does not mean its guaranteed to find your problem. This always falls on how good the administrator is at his\her job. Administrators need to make sure all user input is filtered and escaped properly especially all code that is exposed to the world. Paranoia is the key to survival here.

You will need to look at:

1. Your current running environment(Your Operating System, PHP, SQL, PERL, ASP, Anything else that has a port to the outside world.)

2. Current running processes

3. Check user credentials(Weak passwords, Suspicious accounts, etc)

4. Check up on advisory boards for updates on vulnerabilitys that relate to your current environment.

5. Check Security settings for weak setup.( AKA: No encryption, Allow Anonymous logins, unchecked/escaped user input fields, etc)

6. Check logs for activity(Router, Firewall, Event logs, anything with a history)


Once you have a grasp of your security in that manor you can start using vulnerability scanning tools to see if it there is a hole in your security. Most successful attacks happen because the administrator of the server is not security conscious and thus leaves the server weakly protected or no protection.

Backtrack is only suggested to be used by power users and certified(CEH) Penetraton specialists who have a good understanding of security tools and linux operating system. Improper use of these tools is a criminal offense and punishable by applicable law where you reside or depending on export laws of the software agreement. Just to stay on the safe side. If you run a personal remote attack on your server without notifying (Security Manager, ISP(BIG ONE!!!), CEO, etc) things can get really interesting quickly. If its just a internal audit then you dont need to worry about remote tests and only need to alert your companys CEO, etc as these tests will consume resources  and be a burden on the systems during the tests.

Thats just a few things to keep in mind if your trying to do this manually.

If you can Afford to hire a Penetration specialist I would suggest that you make sure they are legit. Do good checkup on there reputation.

Compliant with:
Customer Defined
Government Assurance Pack
HIPAA
ISO27001
Microsoft Lockdown
NSA Lockdown
Sarbanes Oxley
Etc.
If they dont keep your info to any of these standards then your confidential information is not a secret anymore and would be suggested to not use them.

Each company doing the test will give you a update before they perform any tests and when there done they will give a you a full report of what is vulnerable.

Included reports are:
Vulnerability Assessment
Penetration Test Type:

1. White-Box

2. Black-Box

3. Grey-Box

Purpose of Test

Other things they will do are
Obtain appropriate Network details (dependant on level of test.)
Obtained signed Authority to Test
Non-Disclosure Agreement
Obtain Special Clearances required
Known waivers/exemptions
Contractual constraints
Points of Contact
Who carried out
Physical inspection

At the end you get a risk assessment and usually operational risk management training.

MaximumIQ's suggestion is a good one. One of many but he has a good point from his experience and I would agree with him on that company.

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
anthonyhardyCommented:
Russell is largely correct here, but don't forget the most common method of hacking, social engineering.

As far as process, I recommend getting permission for a full check of their systems and personnel (including hacking it yourself) and then do pen-testing via phone.  Call up, ask for passwords (pretend you are "tech support").  Find out who "supposedly" has access to the bid documents and setup auditing on those files (assuming that IT isn't involved in the leak).  

90% of the time, if there is a specific reason for the attack/theft, it's someone inside or at least with close ties to the organization. If you aren't familiar with SE, a quick google search will do wonders.  Like:
http://www.csoonline.com/article/596512/social-engineering-techniques-4-ways-criminal-outsiders-get-inside
and
http://www.pcworld.com/article/182180/top_5_social_engineering_exploit_techniques.html
0
 
Russell_VenableCommented:
Did you get your answer?
0
 
daxa78Author Commented:
HI Russel, Im still doing some more research than you so much for the input. I will close this q very soon.
Sorry for the delay. Been crazy busy.
0
 
Russell_VenableCommented:
I can understand. Just wanted to let you know you're not being ignored. Hope all goes well in your further research.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.