1 HEPIX Umeå May 25-29 2009 SECURITY AUDITING OF MAIL SERVICES AT INFN DIY AUDITING Ombretta Pinazza, on behalf of INFN Mailing and Security WG Fulvia.

Slides:

Advertisements

Similar presentations

Security Update Server Registration, Active scanning and Windows patching.

Advertisements

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

System Security Scanning and Discovery Chapter 14.

Web Server Administration TEC 236 Securing the Web Environment.

System and Network Security Practices COEN 351 E-Commerce Security.

Vulnerability Analysis Borrowed from the CLICS group.

Chapter 7 HARDENING SERVERS.

Web Server Administration

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Web server security Dr Jim Briggs WEBP security1.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Antispam GARR Michele Michelotto Hepix Karlsruhe, 11 May 2005.

Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.

Additional SugarCRM details for complete, functional, and portable deployment.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Human-Computer Interface Course 5. ISPs and Internet connection.

EGEE-II INFSO-RI Enabling Grids for E-sciencE PSNC work status Gerard Frankowski, Rafał Lichwała Poznań Supercomputing.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Chapter 6: Packet Filtering

1 Nessus - NASL Marmagna Desai [592- Project]. 2 Agenda Introduction –Nessus –Nessus Attack Scripting Language [ N A S L] Features –Nessus –NASL Testing.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products.

Module 6 Planning and Deploying Messaging Security.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

GOLAN SALMAN RAZI MUKATREN PRIVACY IN A DEMOGRAPHIC DATABASE PROJECT PLAN.

# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.

TCP/IP (Transmission Control Protocol / Internet Protocol)

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Module 11: Designing Security for Network Perimeters.

1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.

G.Govi CERN/IT-DB 1 September 26, 2003 POOL Integration, Testing and Release Procedure Integration  Packages structure  External dependencies  Configuration.

Footprinting and Scanning

Web Server Administration Chapter 10 Securing the Web Environment.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Manuel Brugnoli, Elisa Heymann UAB

CompTIA Security+ SY0-401 Real Exam Question Answer

Web Development Web Servers.

CompTIA Server+ Certification (Exam SK0-004)

IS3440 Linux Security Unit 9 Linux System Logging and Monitoring

Chapter 27: System Security

Presentation transcript:

1 HEPIX Umeå May SECURITY AUDITING OF MAIL SERVICES AT INFN DIY AUDITING Ombretta Pinazza, on behalf of INFN Mailing and Security WG Fulvia Costa, Francesco Ferrera, Diego Leanza, Alessia Spitaleri Patrizia Belluomo, Franco Brasolin, Roberto Cecchini, Michele Michelotto

2 O. Pinazza HEPIX Umeå, May 25-29, 2009 Contents  Project description  Why security auditing  Contingencies and planning  Methodology  From the first phase toward a regular procedure  Results  Security overview  Feedback from the sites  Conclusions

3 O. Pinazza HEPIX Umeå, May 25-29, 2009 Why auditing? How?  It’s required by the italian laws for public organizations  As a service for the INFN community  As an opportunity for our working groups  The overall procedure shall be systematic and well documented Policy Audit Evidence Actions Report Assessment

4 O. Pinazza HEPIX Umeå, May 25-29, 2009 External/Internal auditing  Professional auditors are extremely expensive  A cross-sites analysis using common parameters could be comparable to an external view  Local admins take care of monitoring and internal auditing UNIBO Ssh, dns, scan mail scan

5 O. Pinazza HEPIX Umeå, May 25-29, 2009 Objectives - expectations  Act in advance on emergencies: attacks to DNS, conficker worm, bugs and vulnerabilities  A step toward a common security policy  Feedback from site administrators  First results  Screenshot of the publicly visible services  Identified several misconfigured and vulnerable services

6 O. Pinazza HEPIX Umeå, May 25-29, 2009 Phase one  SSH  Vulnerable versions  Filter policies (firewall, bastion hosts, …)  HTTP and HTTPS  PHP and apache vulnerabilities  Several public servers  Unconfigured servers, open DBs, wikis, …  DNS  Root queries  Recursive queries  Vulnerabilities (Debian, …)  Conficker Security Auditing WG

7 O. Pinazza HEPIX Umeå, May 25-29, 2009 Mail services  not only OS or software vulnerabilities  check for misconfigured servers, open relays, explicit banners, unauthorized services  dangerous ESMTP features  SMTP AUTH Mailing Auditing WG

8 O. Pinazza HEPIX Umeå, May 25-29, 2009 Methodology 1  Define the hosts subset to be analyzed  MX query to all DNS servers to build the list of official mail servers  Nmap scan of all INFN subnets to reveal open “mailing” services  Sys admin indication  Analysis of the mailing services TCL scripts managing the connection and saving the dialog in a file Perl scripts handling ssl and starttls connections Perl scripts parsing output files and recognizing problems  SMTP Banner, exposed information, ESMTP features SMTP/SSL: port 25 or 465, INFN CA or self cert., features STARTTLS (587/tcp) SMTP AUTH

9 O. Pinazza HEPIX Umeå, May 25-29, 2009 Methodology 2  The aim is to verify if multiple services are available on the same host  Mailboxes  POP, POPS  IMAP, IMAPS  Other services  HTTP, HTTPS  LDAP  POPPASSD

10 O. Pinazza HEPIX Umeå, May 25-29, 2009 Methodology 3  Reporting  Global document with an evaluation of the security level, containing recommendations for the sites, based on common policies  Detailed modular reports on a web site with restricted access  Instructions, help and configuration documents  WIP Needs of an organized database Automatize data collection and analysis, and scan comparison

11 O. Pinazza HEPIX Umeå, May 25-29, 2009 Results 1  SSH  3048 server open  High severity problems (Nessus): Scan date Number Nov Dec Jan sites (*.infn.it) 151 subnets (B/C/trunks) IPs scanned

12 O. Pinazza HEPIX Umeå, May 25-29, 2009 Results 2 Date Recursive queries Root queries off oknookno Jan ??0 Feb Mar  DNS  65 official servers per 34 sites

13 O. Pinazza HEPIX Umeå, May 25-29, 2009 Results 3 Scan date web servers total number High severity problems Medium severity problems Low severity or no problems Mar May  Web (HTTP and HTTPS)

14 O. Pinazza HEPIX Umeå, May 25-29, 2009 Results 4 Census2007Census2008Scan2009 Hosts71 * 80 * 150 Avg per site * Census: declared by sites admins  Mailing services

15 O. Pinazza HEPIX Umeå, May 25-29, 2009 Results 5

16 O. Pinazza HEPIX Umeå, May 25-29, 2009 Results 6 34 INFN sites 150Hosts 22 (64%)SMTP AUTH55MX 11 (32%)SMTP/SSL on 46577SMTP Security evaluation of mail services 14 (41%)35 (23%) 7 (21%)10 (7%) 13 (38%)4 (3%) High severity problems (bugged version, open relay, clear text auth, …) Medium severity problems (unconf. web, dangerous ESMTP feat., …) not working (official MX off, wrong IP/name corresp. on DNS, …) ok

17 O. Pinazza HEPIX Umeå, May 25-29, 2009 Conclusions  Positive feedback from sites admins:  74% sites have promptly checked their reports  Sent corrections, comments, requests  Several colleagues have intervened immediately to patch and protect their systems  This self made analysis can represent a starting base for an organized auditing procedure  INFN is trying to hire an IT graduate to carry on with the auditing activity

18 O. Pinazza HEPIX Umeå, May 25-29, 2009 Thanks  Security auditing group:  Roberto Cecchini, Franco Brasolin, Michele Michelotto, Patrizia Belluomo  Mailing auditing group:  Fulvia Costa, Franco Ferrera, Diego Leanza, Alessia Spitaleri