CyberCop
Scanner ®
An automated suite of vulnerability tests to check the configuration of a Firewalls security
CyberCop Scanner is basically an automated
hacker that uses upwards of 500 known Firewall vulnerabilities to
defeat a Firewalls security and report the results.
An intruder will often attempt to learn everything he can about
your network before taking a crack at it. With this mind CyberCop
Scanner's Information Gathering Checks are designed to cull as
much security relevant information about a network from an
outside looking in perspective, which it then reports to the
user. This often helps an administrator find information leaks in
his or her Network that would aid an attacker in an intrusion
attempt.
To gain an idea of the type of tests CyberCop performs we have
compiled below an overview of some of the areas that CyberCop
Scanner checks:
File Transfer Protocol (FTP) Checks
The File Transfer Protocol or FTP is a staple service on the
Internet. In fact, the ability to transfer data easily via FTP is
one of the reasons the Internet is so vastly popular today. By
virtue of this, almost all network capable machines be they
Unix/Windows NT etc are equipped with FTP servers. However, many
of these servers have serious security flaws that allow remote
intruders access to the host that offers the service. CyberCop
Scanner offers an entire suite of FTP checks to define whether a
host is running a vulnerable FTP server at a software level, and
even checks to see if the FTP server handles the protocol itself
in ways that may cause security breaches.
Peripheral Device Checks
Most networks regardless of size are usually comprised of more
than just workstations. Most networks have numerous peripheral
devices such as bridges, routers and printers among other things.
Many of these devices have security considerations that are often
easy to forget. CyberCop Scanner has a suite of checks designed
to evaluate peripheral device security.
Domain Name Service (DNS) Checks
When connected to the Internet, DNS is your silent navigator. DNS
lets you know where everything else on the Internet is, and lets
the Internet know where you are. Virtually all network-related
services rely on DNS in some way or another. Many rely on DNS for
authentication. Here in lies the problem, as DNS is critical to
your existence on the Internet, it is often a tempting target for
intruders to manipulate. Attacks via DNS are often complex to
execute but reap great results for intruders. An intruder could
possibly re-route all of your Network's traffic, break into your
machines via corrupt authentication via DNS, or simply remove
your company from the Internet. With this in mind CyberCop
Scanner is equipped with the most advanced DNS auditing software
currently available on the market.
Backdoor and Misconfiguration Checks
What does an intruder do once they have gained access to a host?
As a rule they place a backdoor on it so they can re-enter at
their leisure. Luckily enough many of these backdoors are not
difficult to detect, as the intruder will likely install the
backdoor without making any modifications to it. CyberCop Scanner
will attempt to detect the default setups for these common
backdoor packages as they are circulated in intruder circles.
Network File System (NFS) Checks
NFS is the glue that holds your networks' shared file systems
together. It is the apparatus which lets you span drives across a
network maximizing hardware usage and reaping the benefits of
shared user access to any number of files. This being said,
however, NFS has a number of serious security flaws inherent to
certain releases. CyberCop Scanner is capable of auditing NFS
implementations and defining these commonly known vulnerabilities
as well some rather obscure problems.
Denial of Service Checks
An ugly reality on the Internet today is that more and more
intruders are using denial of service attacks against hapless
victims. This can effectively remove a host or entire network off
of the Internet with devastating effects of both net presence and
perhaps profit margins depending on your line of business. These
attacks are often not difficult to perform and often impossible
to trace. Secure Networks Inc. has done a great deal of research
on denial of service attacks, and due to this offers a very
advanced audit approach to these attacks. CyberCop Scanner checks
for a large number of Denial of service attacks, many of which
fall into a realm where no fixes are currently available. This is
important, if there is no fix available for a denial of service
method an administrator would be well served to know of it in
advance and take into consideration when constructing his or her
network. In performing due diligence such as this and
administrator may save his or herself a great deal of misery
later.
Password Guessing Checks
During password guessing checks, CyberCop Scanner will attempt to
gain access to a remote device by attempting to login through 6
commonly run services. These services are:
|
|
|
|
|
|
Network and Protocol Spoofing Checks
More sophisticated attackers often attempt to manipulate networks
at a protocol level in order to gain access to a host or Network.
These attacks include RIP and IP packet spoofing as well as more
trivial attacks such as source routing. CyberCop Scanner executes
a number of checks against it's target Networks for these type of
vulnerabilities. Both those which are trivial and those which are
exotic.
World Wide Web (WWW) Server checks
We all use the Web to one degree or another. And to have an
Internet connection for your company without the benefit of a Web
server is almost unheard of. People having their Web servers
attacked and altered is however, not unheard of. In fact it's
quite common. It's happened to a number of Internet Service
providers, the CIA, to the American Department of Justice and
innumerable others. NAI has done a great deal of research on HTTP
and Web Server Security. As such, we have released public
advisories on weaknesses involved with common Web Servers. We
have also incorporated this research into CyberCop Scanner so it
can provide the most advanced Web Server audits currently
available.
Application Level Firewall Checks
Application Level Firewalls are steadily becoming a norm on
Internet connected Intranets. This being the case, it is
important to ascertain whether these perimeter Security devices
are configured correctly. CyberCop Scanner has a series of checks
to define whether an application level firewall is operating in a
secure fashion.
Remote Procedure Call (RPC) Checks
RPC services are arguably one of the most frequent points of
entry for Intruders on the Internet. RPC programs by nature are
quite complicated, and often have security flaws that allow for
remote intruders to gain access to your network. CyberCop Scanner
performs a number of checks looking for weaknesses in RPC
servers.
General Network Security Checks
As well as checking for many protocol or application specific
weaknesses CyberCop Scanner also searches for a plethora of other
Security issues which are common on Internet connected machines.
The checks are structured to check common services which are
platform non-specific for Security flaws. Such services as print
server software, X11 implementations, radius daemons etc. On top
of searching general services for weaknesses this facet of
CyberCop Scanner also attempts to brute force passwords for user
names gathered during the information phase of CyberCop Scanner
execution. At this stage CyberCop Scanner also execute brute
force attacks on default accounts specific to a number of vendor
and freeware operating systems.
NetBIOS Checks
With the introduction of Window 95 and Windows NT workstations
into many network infrastructures NetBIOS file sharing has also
become prevalent. NetBIOS file sharing is to Windows 95 and
Window NT networks what NFS is to Unix based networks. Along with
the advantages of sharing file systems across networks also comes
the disadvantages, the primary disadvantage being security. When
performing a network audit, CyberCop Scanner will attempt to
discern whether your NetBIOS shares are setup securely, and
notify you of any security concerns.
Sendmail Checks
One of the great advantages, perhaps the greatest advantage of
the Internet is E-mail. Instantaneous mail across the globe is an
essential piece of the Internet. Unfortunately Sendmail, the
agent designed to send mail on most Unix systems is a program
with an ongoing legacy of serious Security problems. Almost every
version of Sendmail since it's inception has had flaws that allow
intruders access to your hosts. This being the case, CyberCop
Scanner has a large number of Sendmail checks to evaluate the
safety of your version of Sendmail.
Other checks include Authentication mechanism Checks, Windows NT
modules (running from NT & UNIX), SNMP Modules and Port
Scanning Modules.
The CyberCop suite can be used to provide conformance testing for
firewall installation.
Press here to request further information | Return to home page