How Insecure Are You, Really… Test. Everyone is just a weeeeee bit insecure. Some people retreat from others and let their insecurities …

Your site is protected by a firewall, you server has a leading AV, you update your OS  every second Tuesday of each month. You employ a team of network admins, server admins and data base engineers. Your support is covered 24/7, 365 days a year.

The question is how secure are you?

17 Feb 2012 – Let’s review: #ibmscforum. 2 Responses to Let’s review:

1. firewall – Commonly positioned to restrict access from an untrusted zone to a trusted zone. The Web -sS erver in question can be connected on port 80 (HTTP) and 443 (HTTPS) so by simply accessing the web server in the way imagined you have already bypassed the firewall.

access-list outside_in extended permit tcp any host 10.1.1.1 eq www (hitcnt=254)
access-list outside_in extended permit tcp any host 10.1.1.1 eq 443 (hitcnt=25)

Most attacks today are aimed directly at the web application. Port HTTP/HTTPS allows access to the web application. The database can be directly accessed by manipulation of the web application.

Access Granted is an American television series that features an in depth look at the planning and production of R&B

2. Antivirus and anti-spyware security software for Windows – The web is littered with examples of AV bypass options.   Also Social Engineering is commonly connected to such bypass. Do you know of your personal social network fingerprint. Understand the worth of this as attackers do!

3. Regular Updates – If honest the days of attacking an operating system are beginning to dwindle. Yet still a risk and with sites like uptime.netcraft.com/ telling you the up times of a server it’s easy for any one to to work out if the device is patched regularly. Windows still loves a restart after an update!

4. Teams of network admins, Server admins and Data base engineers and not one single security engineer. To see the world from a security prospective takes a level of broken, paranoid, dis·il·lu·sioned/ˌdisəˈlo͞oZHənd/ understanding, and that’s on a good day!

5. 24/7 365 days a year support – all looking for broken devices. An attacker will do all they can hide there access. Braking things is not the common style!

Conclusion- 19 Feb 2004 – Article offers ideas for effectively creating a conclusion for an academic

Firewalls are required for securing port access to internet facing servers. They do not protect against the most common forms of attacks happening today.

AV is required but under no  circumstance conclude your safe because of it.

Regular Updates are required but can be seen if internet facing and picked up by such sites as netcraft.

Cut to the point as this is getting dull – The site in example is not secure!

https://myexploit.wordpress.com/control-respect-to-armitage1989/
https://myexploit.wordpress.com/2-information-gathering-theharvester/
https://myexploit.wordpress.com/information-gathering-search-engine-manipulation/
https://myexploit.wordpress.com/web-application-w3af-console/
https://myexploit.wordpress.com/information-gathering-owasp_webslayer/
https://myexploit.wordpress.com/information-gathering-nikto/
https://myexploit.wordpress.com/information-gathering-robots-txt/
https://myexploit.wordpress.com/control-medusa-passwords/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s