|
|
Feel Good About Your Network
|
|
IDsec Limited
31-33 College Road
Harrow, Middlesex
HA1 1EJ
United Kingdom
(Map)
T: 020 8861 2001
F: 020 8861 3433
www.idsec.co.uk
Copyright © 2008
IDsec Ltd
5.08
|
|
|
|
|
|
|
|
|
 |
An on-site review of an Internet gateway goes beyond a simple external
scan, making sure that there is defence in depth by examining each
perimeter network in detail.
|
|
|
|
|
Remote scanning of a gateway does not test the actual
functioning of the firewalls, in that it cannot find out which types
of connection are allowed, how the firewall and other systems react
to anomalous traffic or whether the day-to-day management of the
systems is adequate. This requires connecting to the various gateway
networks on site and inspecting the critical components.
|
|
|
Firstly, we examine the actual configuration of the existing
gateway platforms: for example, firewall, router and SMTP gateways. This includes
rule sets, logging configuration and underlying platform security.
For critical networks, the latter may take the form of a full build
review.
To complement this manual examination, we use various security
scanning tools
to check for specific vulnerabilities. These may be run
several times: from the router LAN (if possible), from various gateway
LAN and from the internal network. Coupled with this, we can also
use a dummy responding host to see which services are actually passed
by the firewall. This test is run twice to check both inward
and outward flow.
Where appropriate, we review procedures for log handling and
archiving, alert monitoring and forwarding, backup and recovery, and
administrator security. We make recommendations where
necessary.
We use our own Netwalk tool for network mapping and host
characterisation. For finding specific vulnerabilities we use a number
of tools, including Internet Scanner from ISS and the public domain
tool Nessus.
|
|
|
Our charges are based purely on the consultancy hours required to
carry out the work, plus expenses charged at cost (depending on site
location).
|
|
|
We need full access to appropriate policy, architecture and design
documents.
The client must provide a technical contact for general liaison.
Some testing may be limited by wiring or network address
restrictions, particularly if the gateway is live and service cannot
be interrupted.
|
|
|
The deliverable is a report detailing our findings on
the gateway operation. Where security vulnerabilities are found, we
give general guidance on removing them.
|
|
|
For a mobile phone company we assessed all the networks that
made up their main Internet portal, covering more than 100 large
servers plus supporting infrastructure across 15 networks. Although
the total host count was relatively small, this required a
significant operational effort as the various networks were
firewalled and required specific attachment of our scanning machines
in the data centre.
|
|
|
|
Network Penetration Testing
|
|
External penetration testing puts us in much the same position as a potential
intruder, trying to break into the Internet gateway and systems behind it.
|
|
|
Superwalk: Automated Monitoring
|
|
Superwalk runs regular scans of an Internet gateway and
characterises all hosts that give any IP response. It also uses
a number of tools to find specific vulnerabilities in the
services offered.
|
|
|
|
