You are here: Home / Services / Information security audit / Analysis of Security of Information Systems

Analysis of Security of Information Systems

The short description of approaches, methods, tools and competences of GlobalTrust in the field of the analysis of security of corporate information systems and carrying out penetration tests (pentests) is provided in the present section.

Concept of security of information systems

Security is one of the most important indicators of efficiency of functioning of IS, along with such indicators as reliability, fault tolerance, productivity, etc. Security of IS usually is understood as degree of adequacy of the information security controls realized in it to the risks existing in this environment of functioning connected with implementation of the threats to security breaking such properties of information as confidentiality, integrity and availability.

The standard security analysis technique includes the following methods:

  • Collecting and studying of input data on IS
  • Assessment of information security risks
  • The analysis of security controls of organizational level, security policy of the organization and organizational and administrative documentation on information security and assessment of their compliance to requirements of the existing normative documents, and also their adequacy to the existing risks
  • The manual analysis of configuration files of the routers, firewalls, proxy servers, DNS servers, and other critical elements of network infrastructure
  • Scanning of external network addresses of LAN
  • Scanning of the LAN resources from within the security perimiter
  • The analysis of a configuration of servers and workstations with specialized security tools

The listed methods of research assume use of both active, and passive testing of IS. Active testing consists in emulation of actions of the potential malefactor for overcoming of security safeguards. Passive testing assumes the analysis of a configuration of IS with checklists. Testing can be made manually, or with use of specialized tools.

Analysis of security of external perimeter of a corporate network

The purpose of audit of external perimeter of a corporate network is the assessment of level of security of IS of the organization from attacks from the Internet, an assessment of degree of criticality of the revealed vulnerabilities and opportunities for implementation of attacks, and also development of recommendations about elimination of the found vulnerabilities.

The analysis is made by emulation of actions of the potential malefactor for penetration into a corporate network (Penetration test) for the purpose of violation of its functioning, introduction of malicious software, theft of confidential information and performance of other destructive actions. It also includes the analysis of a configuration of network perimeter.

When performing checks the rich arsenal of modern tools of network scanning, specialized means of the analysis a web-sites and network applications, the programs realizing concrete methods of breaking (exploits), means of selection of passwords, and also manual checks is used. The used information sources including SANS Top20, CVE, CERT, BugTraq, Microsoft Bulletins, CIS Security Benchmarks, etc. allow to guarantee reliable identification of all known vulnerabilities.

External tests include:

  • Check on possibility of penetration into a local network of the company, stealing and damage of data
  • Inspection of network services, available from the Internet (including e-mail, services of instant messages, p2p, etc.)
  • Check of firewalls
  • Inspection of Web and E-mail servers

In case of detection of vulnerabilities, documentary evidenсe ща opportunities of a compromise or destruction of critical information are given.

Scanning includes more than 1000 tests for UNIX, Windows and Mac systems and the active network equipment. Some tests are called "collection of information" and are carried out to show that the stranger can learn about IS. Other tests check vulnerability of systems, by scanning for existence of known "breaches". Each computer is scanned on existence of open ports and the active services. Scanning doesn't do harm as "destructive" actions aren't taken. The risk is minimized, the overload of a network or excess of a maximum of capacity is avoided.

In the analysis of a configuration of external perimeter safeguards special attention is paid on the following aspects:

  • traffic filtering rules on firewalls and routers
  • the used schemes and parameters of authentication
  • event logs
  • topology of the protected network, NAT, broadcasting, maskarading and use of split DNS system
  • setup of mechanisms of the notification about attacks
  • attacks detection and prevention
  • existence and operability of system integrity controls
  • versions of used software and existence of the program corrections

The report on results of work contains the general assessment of level of security of a corporate network from external network attacks, the detailed description of the found vulnerabilities to each IP address, and also the recommendation about elimination of vulnerabilities and improvement of protection.

Analysis of security of internal IT infrastructure

The purpose of the analysis of security of internal IT infrastructure is detection of the vulnerabilities of a corporate network to network attacks from internal malefactors, an assessment of degree of criticality of the revealed vulnerabilities and opportunities for implementation of attacks, and also development of recommendations about elimination of the found vulnerabilities.

The analysis of security of internal network hosts includes besides external, as well internal checks of hosts and the applications installed on them. Internal checks include the analysis of a configuration of operating systems and applications with checklists on compliance to technical standards and recommendations of vendors, the audit of passwords and other checks determined by specifics of IS.

The analysis of security of internal IT infrastructure of the organization assumes carrying out a full complex of actions for technical audit, including:

  • Analysis of configuration of routers, firewalls, e-mail servers, DNS servers and other critical elements of network infrastructure
  • The analysis of a configuration of servers and workstations with specialized security tools and checklists
  • Scanning of the hosts in LAN

Security Analysis Tools

The following security tools are used by GlobalTrust for the analysis of security of IS:

  • Network security scanners: Nessus, OpenVAS, XSpider, Lumension Security Vulnerability Scanner, Retina Network Security Scanner, metasploit, nexpose, backtrack, MBSA, Kali-Linux, Burp Suite, OWASP dirbuster, ProxyStrike
  • Host based tools: Security Benchmarks, CIS Scoring Tools, CIS Router Audit Toolkit, Windows Security Templates, Security Analysis Tool
  • Network password breakers: Brutus, Hydra, LC5
  • Standard network utilities: host, showmount, traceout, rusers, finger, ping
  • Inventory tools and scanners: LanScope, nmap
  • Network sniffers and protocol analyzers: tcpdump, wireshark
  • Known techniques (OSSTMM, OWASP Testing Guide) and lists of vulnerabilities (OWASP top-10, SANS top-20, CVE).