Is Firewall and Anti-Virus Adequate?
There are absolute essentials such as Firewall, Anti-Spyware, Anti-Virus that a PC or server requires against Internet threats such as Hacking, Viruses and so on. From my observation, most corporate PCs or servers had installed Anti-Virus and firewall only. That’s it. What other areas that are equally essential ?
I will not cover the essential of firewalls. These are a must or else anybody can sail through the network. It is like a house with the front door wide open with a sign, rob me !
Assumed Firewall, Anti-Virus installed… What about folders and files ? Are you sure those sensitive files are not able to be accessed by all of your office staff but only trusted Sr. Managers or yourself. Say a technical savy personnel happen to have some knowledge of hacking, high possibility that your most valuable data in your server may be compromised.
Further, the vendor that installed the server and application, does he/she has the admin password ? What services are installed in the server ? Intruders may exploit the services vulnerabilities to gain access into the server.
It is difficult to to know where or who is the Intruder. Are they the intruders from the Internet only ? These are attackers that need to break into your firewall and IPS (Intrusion Prevention System) before getting their hands on the servers. There are those that can break into even the most advance security systems. Fortunately, the numbers are not many. However if they are your personnel, temporary staff, vendors, contracts, dispatch personnel. This will be easier as it is an insider job. Someone that have knowledge of your application, server or network. You will never know.
Windows Hacking Checkout this video on how a basic penetration is done using Windows. http://www.youtube.com/watch?v=sSHIVCkqrlw
There are many more ways of doing this for those with Linux/Unix machines.
So what to do ? I have observed banks and large companies taking the trouble to view every folders, files in their servers and ensure only authorized IDs are allowed to access these servers.
For example, to check world writable files and directories in Unix servers and output to a file for analysis, use this command:
Check world writable files and directories.
find / -type f -perm -22 -exec ls -l > /home/Gabriel/worldfiles.csv ;
find / -type d -perm -22 -exec ls -l > /home/Gabriel/worlddirectory.csv ;
I will cover more on Unix security in my coming article. Windows Hardening – part of Security Assessment As for Windows, use DumpSec ACL to retrieve the relevant files for analysis and Nmap, Nessus for services. I have conducted security assessments for a number of companies and they were surprised to find IDs of staff that have resigned still active in their servers. Worst still, most of the files that contained critical data are also read and writable by everybody. If the person with ill intention did what the video above demonstrated, he/she may have access to these files already.