1. Case Studies for Projects

2. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described (like which other machines are on the same LAN segment, which switch connects this machine to other segments etc) Access controls to and from the system Include: All network login-password sessions to any authentication service (ftp, webmail, nfs, samba etc) –check for password strength (Packet sniffer like Wireshark) Check versions of secure protocols being used and report any older and vulnerable protocols, also review negotiation of cryptographic suites in such protocols (SSL specifically, using packet sniffer) Review access controls of routers/switches attached to these machines, specifically check for, router passwords List of listening ports, maximum number of TCP connections allowed, any protection against half-open connections (port scanners can be used)

3. Network Audit Finally, record time taken to perform the audit (in hours). Optimal auditing period needs to be calculated A final report that consists of parts that are given to: administrators, users and management personnel for action A major aspect that needs to be worked out is that a user should not run applications that he is not privileged to For more details on what to look for refer to the case study posted on course website Also: http://www.linux-sec.net/Ethernet/#Testing

4. Wireless Network Audit Passive auditing Issues to look out for Unsecured access points and machines connecting to those access points 802.1x security issues Applications hogging wireless bandwidth using pinging techniques Setup of adhoc networks More detailed issues can be found from the case study posted online

5. Mail Server Audit Check for unnecessary services Check for versions of protocols (POP, IMAP) being used and if secure versions of the same are available Check for unauthorized/unnecessary user accounts on the server Check for integrity of important configuration files Check for logging mechanism and log management techniques Check for mail storage technique used Check for anti-virus defenses For more details look into the mail server audit case study on course website Also: http://www.linux-sec.net/Mail/#Testing

6. Web Server Audit Proper administrator support (??) Test web server with attack tools available online (HTTPrint, websniff and Nikto) Check for existence of security tools such as ModSecurity and Mod_Evasive and implement them if missing Analyze a few day’s worth of apache web server logs for possible intrusions (ref: Honeynets project) Document the techniques and tools used to do this Check for DOS vulnerabilities, SSL implementations Check for default settings Tools of importance for apache: ModSecurity, Mod_Evasive, Nikto, Whisker WebSniff, BRUTUS, Crowbar, WebScarab, BuggyBank, HTTPrint, WhiteHat Web Server Fingerprinter For IIS refer to case study paper online Also: http://www.linux-sec.net/Web/#Testing

7. Database Audit Check for all network access to and from the machine on which DB runs Shut down ports which are not necessary Check for replication technique used If it online technique then secure data transfer is required Check for authentication mechanism used and access controls available to users Prepare a matrix of data vs users and access levels, ensure that appropriate access levels are given to these users Test database for SQL injection attacks, inference attacks For more details: check the oracle audit and sqlserver audit case studies posted online Most features are common to MySql as well For more details on auditing firewalls, DNS etc: http://www.linux-sec.net/Audit/