Network Architecture
A safe network architecture would require a good even amount of confidentiality, integrity, and availability. As it should be used all around to secure a good network architecture. As Network topology is the arrangement certain components of a communication network.
Action Plan
Action Plan |
|
Identify |
We need to check directory browsing, log file locations, FTP, loose-lipped error messages, and SMTP, and make sure there are protections in place against cross site scripting, SQL injections, and DDoS attacks. |
Detect |
We can test directory browsing by trying to access files for the site by typing them into the address bar, we can check if the log files are in a secure location in this way as well. We can check FTP by trying to upload a file to the server through FileZilla. We can check loose-lipped error messages by browsing to an inaccessible page and checking to see if it shows us server details. We can check SMTP by making the netstat_output file. We can check XSS, SQL, and DDoS by trying to inject code into each of the textboxes. |
Protect |
We can disable directory browsing in the IIS Manager and SMTP in the IIS 6.0 Manager and disabling the ports in the firewall. We can secure the log files by changing their location in the IIS Manager. We can remove FTP by removing it in the Server Roles as well as disabling its ports in the firewall. We can fix loose-lipped error messages by changing error messages from custom to default in the IIS Manager. We can secure against XSS Reflected by setting up code to remove slashes and special characters from the entered string. We can do the same for XSS Stored, SQL, and DDoS. For XSS Stored and SQL, we also have to turn the string to plaintext. We also have to suppress SQL errors. For DDoS, we have to separate the string into four sections, verify that the sections are integers, and then recombine them. |
Respond |
We can verify our changes by running all of the same tests from the detection step. |
Vulnerabilities
Identify |
Detect |
Protect |
Respond |
|
Directory Browsing |
We went to the base IP of the site and found important files. |
We disabled directory browsing in the IIS Manager. |
We can no longer browse the directory. |
|
Log Files |
We were able to find the log files easily through the directory. |
We can fix this by moving the log files to a new location, C:\Logs. This can also be fixed by simply disabling directory browsing. |
The logs are in the C:\Logs file. |
|
Loose-Lipped Error Messages |
The error messages did not give us any extra data. This is not a loose lipped error message. |
To fix this, I would go to the IIS Manager and change the settings from custom error messages to default error messages, meaning no unnecessary information is shown. |
To check, I would go to 172.30.0.15/fnf.html again to check if the error message gives me data it shouldn't. |
|
FTP |
Used FileZilla to identify that FTP is running and is enabled. |
For this, we went to Manage and then Remove Roles and Features, unchecked FTP, and finished the removal process. |
It does not let us connect to the server to upload files. |
|
SMTP |
Ran PowerShell to find SMTP and was not able to locate an active connection, thus implying that there is no SMTP link that is used. |
To fix SMTP, we would disable it in the Default Website on the Server Manager, then turn on the Firewall and disable port 25. |
We would check by creating another netstat_output file and seeing if port 25 was on. |
Exploits
Identify |
Detect |
Protect |
Respond |
|
XSS Reflected |
The Java script code is activated when clicked submit. Thus showing that the website is vulnerable to XSS Reflected attacks if an attacker decides to implement malware into the script. |
We would fix this by adding code to clear slashes and special characters. |
We could check it by trying to inject XSS code again. |
|
SQL Injection |
Displays the vulnerabilities since there is no security against SQL Injections. As we did 1=1;# we were able to get a lot of pertinent information from that vulnerability alone. |
We would protect against this by adding code that removes slashes and special characters and changes the string to plaintext, as well as suppress SQL errors. |
We could check it by trying to inject SQL code again. |
|
XSS Stored |
Shows a vulnerability that is very dangerous as it is a permanent attack that would require large amounts of work to secure it. Not to mention it is an open hole that can be used to obtain other data and open a backdoor for constant easy access. |
We would protect against this by adding code that removes slashes and special characters and changes the string to plaintext. |
We could check it by trying to inject XSS code again. |
|
DDoS |
The ping would not go through, meaning that we could not do a ping attack. |
To protect against DDoS, we would change all text boxes to clear slashes and special characters. |
We could check it by trying to enter another ping command. |
Directory Browsing:
Detect Protect Respond
Detect Protect Respond
Log Files:
Detect Protect Respond
Detect Protect Respond
Loose-Lipped Error Message:
Detect
Detect
XSS Reflected:
Detect
Detect
FTP:
Detect Protect Respond
Detect Protect Respond
SMTP:
Detect (Both pictures)
Detect (Both pictures)
SQL Injection:
Detect (Both pictures)
Detect (Both pictures)
XSS Stored:
Detect (Both pictures)
Detect (Both pictures)
DDoS:
Detect (Both pictures)
Detect (Both pictures)
Reflection
Security analysts need to be able to read and understand Javascript as that is important because attackers use Javascript in their exploits towards people, thus understanding how and what Javascript is and does will be crucial to the development of a security analysts' career.
It is important to plan and document so you can refer back to it later in case of seeing any potential vulnerabilities or exploits. As well as you also see that a lot of documentation is necessary to draft a report on your findings and data.
It is important to plan and document so you can refer back to it later in case of seeing any potential vulnerabilities or exploits. As well as you also see that a lot of documentation is necessary to draft a report on your findings and data.