Quick Search
External ( Remote ) Audit
External (Remote) Audit: 
Remote security audits are performed to find and eliminate various vulnerabilities and misconfigurations in all services and systems exposed to the Internet and other untrusted wired networks. These audits are especially critical for companies and organisations, that
- sell products or services, take payments and carry out other financial transactions online
- use the Internet to communicate with branch offices, telecommuters, travelling employees and business partners
- use the Internet to provide any paid or unpaid customer services and communicate with existing or prospective customers
- advertise products and services on any public networks
- have previous history of successful break-ins from outside
- Identifying all potential external entry points into your networks and evaluating information security risks they may present
- Checking how good your perimeter security and remote access safeguards are
- Thoroughly verifying the safety of operating your E-commerce sites
- Discovering confidential information leaks that can be a threat to your company or organisation
- Finding misconfigurations of your perimeter appliances and public services that degrade network and system performance
- Suggesting appropriate remedies and fixes for all security and quality of service problems discovered
A typical remote security audit is divided into two stages. At the network reconnaissance stage the auditors determine addresses, positioning and characteristics of all externally accessible services and systems. At the same time, all publicly available information about the company, it's IT infrastructure and personnel is harvested and analysed. Quite often, the only initial information provided to the auditors is the client company name. However, sometimes they are given limited access to the tested resources, for example, to verify different protection mechanisms deployed to secure unprivileged guest logins. Network reconnaissance procedures frequently lead to discovery and future correction of various technical issues not immediately related to information security, such as wrong naming conventions, routing errors and quality of service (QoS) problems. While these misconfigurations can not be viewed as security gaps, fixing them improves the efficiency of online services and operations.
The main stage of remote security audits is centred on discovering and analysing vulnerabilities and other security issues of all systems and services found during the reconnaissance phase. The flaws are detected employing the latest methodologies that involve both complementary use of multiple automated security scanning tools and in-depth manual assessment. It is due to the latter, that our specialists are often capable to discover and remedy novel, previously unreported vulnerabilities: no commercial or free automatic vulnerability scanner would ever do it. Follow-up vulnerability analysis aims at defining the true character and severity of the existing risks. Could any external attackers gain any form of access to confidential data? If yes, which sensitive data can they compromise and how valuable is it? What would be the consequences of it's exposure or loss? Can a vulnerability in a single service expose the whole system? Would unauthorised access to a single system provide attackers a greater opportunity to penetrate into the neighbouring computers and appliances? A complex, strategic, unified approach to vulnerability analysis is the key to it's success. Frequently, one of the discovered flaws is rather minor, and on it's own does not constitute a threat. However, when combined with other "low risk" vulnerabilities it may well spell total disaster. In a similar manner, gaining access to a "boring" non-critical system can be a prelude to taking over the highly critical ones - it is getting the initial foothold that is truly important. Only the detailed vulnerability analysis by experienced professionals capable of grasping the whole picture of the security state of all tested systems and networks can provide realistic risk assessment of your IT infrastructure. It is the only reliable way to tell whether outside attackers can inflict actual damage, to determine how far they can get, and how such malicious actions can be efficiently prevented and stopped.
- "False Alarm".
A large multinational law firm has deployed a web-based authentication gateway to allow access for its remote branches, as well as partners and clients. This gateway was tested by a different, well-recognised IT security company, which didn't find any flaws and reported it as "completely secure". We were asked to verify the results of this test. Highly reputable and expensive commercial web scanning and fuzzing application has identified 33 vulnerabilities on the gateway. However, during a more close manual examination all these vulnerabilities turned out to be mere false positives. Nevertheless, when this hands-on analysis was performed, three security holes not reported by the application were uncovered and probed. One of them allowed us to gain unauthorised web server level access to the gateway and proceed further into the network. Later, the discovered flaws were fixed by the authentication gateway's manufacturer. - "Gatecrashing".
A highly specialised IT development company boasted impenetrable perimeter defences. During the security assessment all externally visible services proved to be upgraded and patched to the latest versions and were, indeed, invulnerable to all known attack vectors. However, a gateway router leading to the company network had a fatal security flaw that allowed us to assume complete control over the device. All data passing through the router was mirrored for interception, modification and session hijacking. Eventually, this led to the further compromise of the audited network. It turned out, that unlike the perimeter firewalls and public servers, the router was administered not by the company's IT personnel, but by it's Internet provider. As an outcome of the test, the ISP was persuaded to fix the problem and pay more attention to the security of client-side routers it manages. - "A Hacker Discount".
Large international online multimedia content retailer was concerned about the possibility of illicit remote access to it's digital assets and hacktivist attacks by various software pirate groups. Thus, a full external security assessment was ordered. In the process of testing, we have uncovered a method to modify data input to buy music and video clips from their website at a fraction of the original price. Besides, two novel denial of service (DoS) attacks against industry standard firewalls protecting the retailer's network perimeter were discovered. Proof of concept code was written to demonstrate these attacks to the retailers technical team and the firewall vendor. Should these issues remain undetected and unresolved, the retailer could have suffered severe financial losses from both online shopping card abuse and service availability disruption by non-generic DoS attacks against the firewalls. The shopping card flaw was later fixed by it's vendor, while the DoS issues were resolved by the firewalls manufacturer with it's next operating system release.