Contents
Distributed Denial of Service (DDoS) Protection. 4
Network Address Translation (NAT). 5
Microsoft Baseline Security Analyzer. 13
A Web Hosting company has asked for a report based on different types of security mechanisms for a range of windows based web servers and applications. This report will identify how best to secure the servers and applications and will also evaluate any industry standard counter-measure solutions.
Incapsula (2015) states that Denial of Service (DoS) attacks are attempts to make a website and servers unavailable to ordinary and legitimate users.
Incapsula (2015) explain that DoS attacks utilise a single internet connection to exploit known software vulnerabilities such as an unpatched operating system to flood the target with fake requests in an attempt to utilise all the CPU and memory of that server thus incapacitating it. According to Cloudflare (2015) Denial of Service (DoS) attacks are evolving and increasing to include Distributed Denial of Service (DDoS) and Distributed Reflector (DRDoS) attacks.
Cloudflare (2015) states that these are attacks that cannot be protected against by traditional on premise solutions and provide an answer in the use of geographically distributed filtering networks. Cloudflare (2015) goes onto explain that most DDOS attacks target layer3, the network layer, and layer 4, the transport layer. According to Cloudflare these attacks overwhelm the target network’s ability to handle all the traffic.
Akamai (2015) agree with this and both companies answer is to set up geographically distributed networks around the world which are able to filter the traffic and ensure only legitimate traffic gets through to the protected servers. (See Appendix A)
Cloudflare (2015) show that various forms of attack have been seen over the years such as DNS amplification, SYN/ACK attacks, SMURF attacks and the latest Layer 7, Application layer attacks, all utilising various weaknesses in the TCP/IP protocols however the new solutions now on the market are able to limit if not extinguish the impact these attacks have on a target network.
According to Zen (2015), two types of firewall are Stateful Packet Inspection (SPI) firewalls and Deep Packet inspection (DPI) firewalls.
Zen (2015) explains that SPI firewalls inspect each packet comparing the source and destination ports and IP addresses to ensure the traffic is allowed. However this only controls incoming traffic and is unable to see inside the data packet to check on exactly what the packet contains. Zen (2015) goes onto explain that this is where DPI firewalls have an advantage over SPI firewalls as they are able to examine each data packet, searching for illegal statements and defined criteria. This type of firewall can guard against Trojans, spyware and malware.
However SonicWall (2014) suggest that DPI Firewalls require dedicated hardware as routers and software firewalls are incapable of providing the speeds necessary to allow for real time deep packet inspection.
Cisco (2014) explains that NAT allows multiple computers connected on a private network to access the internet using one or a few publicly accessible IP addresses (See Appendix B). This effectively masks the fact that there are many computers connected to the internet via this IP address. Pearson (2016) adds that NAT also has the additional benefit of conserving IP addresses as there is only a limited number available (approx. 4 billion)
Gibson Research Corporation (GRC) (2006) admit that NAT routers are not purchased for their inherent security benefits however they argue that NAT routers do function as effective hardware firewalls. GRC go onto explain that they prevent unsolicited, unexpected and unwanted potentially dangerous traffic from accessing the local PC’s on the local area network (LAN).
The reason they do this, GRC (2006) explains is that the NAT router creates a table of all conversations each PC on the internal LAN opens with external devices and therefore when any incoming external packets require access through the NAT firewall it simply checks this table to ensure it is a current connection that is already entered in the table. If any data arrives at the NAT router that is not in the “current connections” table then it is simply ignored. (see Appendix C)
Cisco (2015)explains that a DMZ is a sub-network that has been configured to allow the public access to services provided by systems within that sub network such as email and web servers. This ensures that the public do not have access to the internal private network where more private data may be stored.
DMZ’s can be configured using one or two separate firewalls, if one firewall is used then according to Pearson (2012)one of the internal ports must provide physical isolation from the rest of the ports and all communication from the DMZ interface must first be filtered through the internal firewall (See Appendix D).
GRC (2006) show that if two firewalls are employed then the public facing servers should be placed on an internal interface of the router that is attached to the Internet (see Appendix E). GRC (2006) explains that this allows for a second router to be placed on one of the remaining internal ports and equipment attached to this second router will then be protected by multiple firewalls.
GRC (2006) go onto state that whilst the first router must be configured to allow packets such as SMTP, in the case of a mail server, or HTTP in the case of a Web server, this second router should be configured to block any incoming unsolicited traffic thus ensuring that the private LAN is secure.
According to Smyth (2010) Hardening involves the process of securing three main areas to reduce the risk of attacks. These are the operating system, the network and the applications.
Prowse (2010) explains that Operating system hardening can be carried out in many ways for instance by removing non-essential services. This reduces the possibilities of hackers finding a way in. Another method is to keep the operating system patched and upto date which ensures that any of the latest weaknesses found in the Operating system have been fixed. Strong Password security such as 30 day renewals, enforcement of strong passwords and disabling of accounts after repeated failed login ensures on of the hackers favorite methods, the process of using brute force to guess the password, is eliminated. Prowse (2010) Continues to explain that additionally any unnecessary accounts, such as guest, should be disabled. Access to files and directories should be controlled and where data is very sensitive file and file system encryption features should be enabled. Finally the logging of failed and successful login and access attempts will provide useful information.
Eweek (2002) shows that application hardening uses similar techniques to those of operating system hardening. The latest patches and fixes should be applied and access to sensitive data should be by additional passwords and security measures whilst unused applications should be removed.
Oxenhander (2003) explains that network hardening also uses many similar techniques, for instance, firmware and networking software should be patched and kept up to date. Management interfaces should use strong encrypted passwords, The SSH protocol should be utilized where appropriate and unnecessary protocols and services should be disabled. Oxenhander (2003) goes onto explain that all unused ports should be blocked and unnecessary services using those ports should be disabled. Wireless Security should use the latest WPA security measures and network access should be restricted.
The Hong Kong Government (2008) (HKSAR) state that honeypots are traps designed to deceive a potential attacker into trying to compromise the security of an organization. HKSAR goes onto explain that honeypots can act as an early warning of possible attack and provide a means of analysis of how attackers are attempting to compromise the organization’s systems.
Cole & Northcutt (2016)explains that a honeypot can be a computer system, Server or PC, a simulated or virtual system, a service, a single file or even a number of other possibilities. They go onto explain that the value of a honeypot is in the fact that there is no legitimate reason for accessing the honeypot and therefore any access allows an administrator to quickly identify an attack.
Sans Institute (2016) admit that Justice department Richard Salgado warns that those laws surrounding honeypots are largely untested and the information gained from the use of a honeypot may not be admissible in a court of law. Additionally he continues that in the event of a compromised honeypot being used to attack further organizations, liability issues could be invoked.
Cisco (2013)explain that the purpose of change management is to ensure that efficient and prompt standardized methods and procedures are used, any changes are recorded, business risk is minimized and all changes support business goals.
According to Computer Weekly’s Mike Gillespie (2016) Security is seldom considered as part of change and configuration management. Penetration testing identifies vulnerabilities but without ongoing security maintenance failures occur.
Gillepsie (2016) argues that a number of inherent issues are causing failures such as disparate systems, slow change management, bolted on security, legacy thinking and poor succession, limited or no security process maintenance and staff/management not kept informed of the corporate security requirements.
Cisco’s (2013) best practices list the type of changes that should be included in a change management system. These are application, hardware, software, network, environmental and documentation changes. Cisco (2013) believes that a change process model should include the steps needed to handle the change, the order of the steps, who’s responsible for each step, timescales, escalation procedures, approval and quality.
As technology increases, attacks on systems can only increase in scale and complexity. For large businesses, dependent on their public facing internet servers, traditional on site DDoS solutions cannot adapt to large scale attacks and therefore many companies are now providing geographically distributed networks capable of soaking up most large scale attacks.
A firewall is a must for any size business, however to provide serious security a Deep Packet Inspection (DPI) firewall should be employed which will secure the network from the more sophisticated internet attacks.
Network Address Translation is in common use in small, medium and large businesses alike. NAT should not be seen as a security precaution in its own right but is viable when combined with other options such as firewalls. However with the advent of IPV6 this may become an outdated method of securing a network altogether.
A DMZ is necessary to ensure private networks are not open to attack directly from the internet. Demilitarized Zones (DMZ) provide a location for public facing internet servers to be accessed from the internet whilst keeping the private LAN secure behind a second firewall.
Hardening is the vital task of ensuring all systems are kept patched and upto date. As software and systems become older they become more open to possible vulnerabilities as hackers learn more about how they work.
Honeypots have advantages & disadvantages, they are a useful tool for capturing information on potential attack methods however deploying honeypots may introduce more risks, and hackers may see them as a prize to try to exploit them. This may then give them a way in to take over other more confidential systems.
One of the most important service management processes is change management. Changes have the potential to disrupt the business, and therefore controlling the release of changes is critical. Reduced service disruption can be gained by integrating change management with the Security of the network,
This report will provide the possible countermeasures required to resolve issues shown up by the provided NMAP, and Nessus scans and the information provided by the Microsoft Baseline Analyzer. The information from each report will show security weaknesses in the clients web server and, where appropriate, a course of action to resolve each issue.
The Nessus scan is run on the server itself and provides a list of Operating system vulnerabilities many of which can be resolved by running the Windows update service as shown in Appendix I. other Security weaknesses found by the Nessus Scan are listed below along with their suggested resolutions:-
Critical Severity – Unsupported version of PHP. |
The PHP version is updated constantly to enhance security and remove flaws in its design and therefore it should be updated to the latest release (PHP Group, 2015)
Critical Severity – DNS Server Vulnerabilities. |
The DNS server software needs to be patched to the latest version because in the version of DNS running on the target server vulnerabilities exists that allows the execution of remote code and denial of Service attacks. (Microsoft, 2014)
High Severity – PHP Version Vulnerability. |
The specific version of PHP running on this server has known vulnerabilities that allows denial of service attacks which if exploited would mean the DNS server becomes overloaded or crashes the server and therefore it should be updated to the latest release (Tenable, 2015). This can be done using the platform installer.
Medium Severity – Untrusted SSL certificate. |
A proper certificate need to be purchased for this server as an untrusted SSL certificate allows anyone to establish a man-in-the-middle attack by creating a similar website and pretending to be that company. (Tenable, 2015)
Medium Severity – Self Signed SSL certificate. |
Same as above a proper certificate need to be purchased for this server because The SSL has not been signed by an accredited authority and therefore the company to which this website belongs cannot be verified. (Tenable, 2015)
Medium Severity – MS Windows Vulnerability. |
The version of SSL running on this server is affected by a security feature bypass and needs to be Microsoft patched (Tenable, 2015). SSL will be removed using the IIS Crypto software.
Medium Severity – SSL Certificate Expiry. |
The SSL certificate for domain on the target server has expired and needs renewing. (Tenable, 2015)
Medium Severity – SSL version out of date. |
The version of SSL running on this server is an obsolete and insecure protocol and therefore should be updated, preferably to Transport Layer Security(TLS) according to Moeller (2014).
Medium Severity – PHP Configuration Change. |
This resolution of this requires a simple change to the PHP configuration file php.ini . set the value for
‘expose_php’ to ‘Off’ and restart the web server (Tenable, 2015)
Medium Severity – DNS Denial of Service attack. |
The version of DNS server running on the target is susceptible to a Denial of Service attack which will stop users from being able to find internet and intranet based services. Microsoft has re;eased a set of patches to resolve this. (Microsoft, 2012)
Medium Severity – RC4 cipher in use. |
The affected application should be reconfigured to use TLS 1.2 as the RC4 cipher is flawed and if an attacker obtains many ciphertext messages he may be able to recover the plaintext information (Tenable 2013). RC4 will be removed
Medium Severity – SSL padding vulnerability. |
A vulnerability in SSL could allow a man in the middle attack (MITM), known as POODLE. Web servers should be updated to use versions of TLS later than 1.2 AND SSL3 should be disabled. (ImperialViolet, 2014). SSL can be disabled by Editing the system registry, however a far simpler way is to use the software, IIS Crypto, a free download which provides a simple GUI interface. ( see Appendix H)
Medium Severity – TLS padding vulnerability. |
A vulnerability in TLS could allow a man in the middle attack (MITM) known as POODLE, Web servers should be updated to use versions of TLS later than 1.2. (ImperialViolet, 2014)
Medium Severity – Clickjacking vulnerability |
Clickjacking is a vulnerability that hides what the user is actually clicking on and therefore potentially allows for the input of sensitive information. One way to resolve this is to add the HTTP Response Header manually to every page. Or add a filter that automatically adds the header to every page. (Tenable, 2015)
Low Severity – Unsupported version of PHP. |
The Server is running a File Transfer Protocol(FTP) service. This server allows unencrypted transmission of login and passwords which could be intercepted. (Tenable, 2015), This should be turned off if it is not required or alternatively a secure FTP (FTPS) should be used.
The Nmap scan is run externally to the server targeting its IP address to see what ports it can communicate with, it does this by sending a SYN packet and where a port is open the server will return an ACK packet. The Nmap Scan targeting the clients server shows a list of Open firewall Ports an NMAP Scan of the server is shown at Appendix F. Each open port is listed below along with a suggested resolution:-
A Microsoft Security baseline analysis can be seen at Appendix G. This report compares Microsoft Best practices with the configuration of the target server and provides solutions to bring the system in line with these practices. Listed below are the issues that the report has found:-
According to SecureIT (2006) Obfuscation of the operating system is important because any scanner can interrogate a system to find out what operating system is in use. A potential hacker can then use this information to research the potential vulnerabilities of that operating systems.
Programs such as Security Cloak and obfuscate are designed to spoof a different operating system tricking the potential hacker into thinking the system runs this spoofed operating system. It does this by editing relevant registry settings. A newer and better method of server obfuscation is to use a Geographically Distributed Network such as the Cloudflare (2015)solution discussed earlier in this report. This completely hides the organisations systems behind that of the solution provider.
No Antivirus solution is installed on the server and according to Kaspersky (2015) Hundreds of thousands of new malware items are being released daily. There are various solutions available but Sophos will be installed on this server. See Appendix P
The client has asked that the solutions suggested in Task 2 are now deployed to the webserver. Each solution will be evaluated to ensure each security issue has been resolved.
The Nessus Scan Pre fix report at Appendix J provides a list of Operating System issues that need to be resolved. The following points highlight the completed tasks :-
The Pre fix Nmap scan can be seen at Appendix F. This provides a list of Firewall port issues that need to be resolved.
The following list ensures that the solutions that have been applied have resolved the issues described, where possible, in the various reports.
192.168.151.184(online) | |||||||
Address | |||||||
192.168.152.184 – (ipv4) | |||||||
Ports | |||||||
The 89 ports scanned but not shown below are in state: filtered | |||||||
Port | State (toggle closed [0] | filtered [0]) | Service | Reason | Product | Version | Extra info | |
21 | tcp | open | ftp | syn-ack | |||
23 | tcp | open | telnet | syn-ack | |||
53 | tcp | open | domain | syn-ack | |||
80 | tcp | open | http | syn-ack | |||
135 | tcp | open | msrpc | syn-ack | |||
139 | tcp | open | netbios-ssn | syn-ack | |||
443 | tcp | open | https | syn-ack | |||
3389 | tcp | open | ms-wbt-server | syn-ack | |||
49153 | tcp | open | unknown | syn-ack | |||
49154 | tcp | open | unknown | syn-ack | |||
49155 | tcp | open | unknown | syn-ack | |||
Remote Operating System Detection | |||||||
Windows 2008R2 |
Security assessment: | |
Incomplete Scan (Could not complete one or more requested checks.) |
Computer name: | WORKGROUP\WEB184 |
IP address: | 192.168.151.184 |
Security report name: | WORKGROUP – WEB184 (31-12-2015 11-45) |
Scan date: | 31/12/2015 11:45 |
Catalog synchronization date: | |
Security update catalog: | Microsoft Update |
Security Updates
Score | Issue | Result | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Developer Tools, Runtimes, and Redistributables Security Updates |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Windows Security Updates |
INSTALL ALL UPDATES |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SQL Server Security Updates |
|
Windows Scan Results
Administrative Vulnerabilities
Score | Issue | Result | ||||||||||||||||||
Automatic Updates |
|
|||||||||||||||||||
Password Expiration |
|
|||||||||||||||||||
Windows Firewall |
|
|||||||||||||||||||
Incomplete Updates |
|
|||||||||||||||||||
Local Account Password Test |
|
|||||||||||||||||||
File System |
|
|||||||||||||||||||
Guest Account |
|
|||||||||||||||||||
Autologon |
|
|||||||||||||||||||
Restrict Anonymous |
|
|||||||||||||||||||
Administrators |
|
Additional System Information
Score | Issue | Result | ||||||||||||||||||
Windows Version |
|
|||||||||||||||||||
Auditing |
|
|||||||||||||||||||
Shares |
|
|||||||||||||||||||
Services |
|
Internet Information Services (IIS) Scan Results
Administrative Vulnerabilities
Score | Issue | Result | |
IIS Status |
|
||
IIS Status |
|
||
IIS Status |
|
||
IIS Status |
|
||
IIS Status |
|
||
IIS Lockdown Tool |
|
Additional System Information
Score | Issue | Result | |
Domain Controller Test |
GOOD |
SQL Server Scan Results
Score | Issue | Result | |
SQL Server/MSDE Status |
GOOD |
Desktop Application Scan Results
Administrative Vulnerabilities
Score | Issue | Result | |
IE Enhanced Security Configuration for Administrators |
|
||
IE Enhanced Security Configuration for Non-Administrators |
|
||
IE Zones |
|
||
Macro Security |
|
192.168.151.184(online) | |||||||
Address | |||||||
192.168.152.184 – (ipv4) | |||||||
Ports | |||||||
The 89 ports scanned but not shown below are in state: filtered | |||||||
Port | State (toggle closed [0] | filtered [0]) | Service | Reason | Product | Version | Extra info | |
53 | tcp | open | domain | syn-ack | |||
80 | tcp | open | http | syn-ack | |||
443 | tcp | open | https | syn-ack | |||
3389 | tcp | open | ms-wbt-server | syn-ack | |||
Remote Operating System Detection | |||||||
Linux |
Akamai, 2015. WHY AKAMAI CLOUD SECURITY FOR DDOS PROTECTION? [Online] Available at: HYPERLINK “https://www.akamai.com/us/en/solutions/products/cloud-security/ddos-protection-service.jsp” [Accessed 2nd Jan 2016].
Blackhat, 2003. BlackHat Briefings. [Online] Available at: HYPERLINK “http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-hackercourt.pdf” http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-hackercourt.pdf [Accessed 4th Jan 2016].
Cisco, 2013. Change Management: Best Practices. [Online] Available at: HYPERLINK “http://www.cisco.com/c/en/us/products/collateral/services/high-availability/white_paper_c11-458050.html” http://www.cisco.com/c/en/us/products/collateral/services/high-availability/white_paper_c11-458050.html [Accessed 4th Jan 2016].
Cisco, 2014. Network Address Translation (NAT) FAQ. [Online] Available at: HYPERLINK “http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html” http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html [Accessed 2nd Jan 2016].
Cisco, 2015. Configuring DMZ. [Online] Available at: HYPERLINK “https://www.cisco.com/assets/sol/sb/isa500_emulator/help/guide/ad1681599.html” https://www.cisco.com/assets/sol/sb/isa500_emulator/help/guide/ad1681599.html [Accessed 3rd Jan 2016].
Cloudflare, 2015. Affordable advanced DDoS protection. [Online] Available at: HYPERLINK “https://www.cloudflare.com/ddos/” https://www.cloudflare.com/ddos/ [Accessed 2nd January 2016].
Cole, E. & Nortcutt, S., 2016. Honeypots: A Security Manager’s Guide to Honeypots. [Online] Available at: HYPERLINK “http://www.sans.edu/research/security-laboratory/article/honeypots-guide” http://www.sans.edu/research/security-laboratory/article/honeypots-guide [Accessed 2016].
EWeek, 2002. Application Hardening Checklist. [Online] Available at: HYPERLINK “http://www.eweek.com/c/a/Application-Development/Application-Hardening-Checklist” http://www.eweek.com/c/a/Application-Development/Application-Hardening-Checklist [Accessed 3rd Jan 2016].
Gibson Research Corporation, 2006. NAT router Security Solutions. [Online] Available at: HYPERLINK “https://www.grc.com/nat/nat.htm” https://www.grc.com/nat/nat.htm [Accessed 2nd Jan 2016].
Gillespie, M., 2016. Security Think Tank: Security needs to be part of change management processes. [Online] Available at: HYPERLINK “http://www.computerweekly.com/opinion/Security-Think-Tank-Security-needs-to-be-part-of-change-management-processes” http://www.computerweekly.com/opinion/Security-Think-Tank-Security-needs-to-be-part-of-change-management-processes [Accessed 4th Jan 2016].
Heffner, C., 2006. Security Cloak – Fool Passive Fingerprinting. [Online] Available at: HYPERLINK “http://www.securiteam.com/tools/5MP052KI0A.html” http://www.securiteam.com/tools/5MP052KI0A.html [Accessed 6th Jan 2016].
Hong Kong Government, 2008. HONEYPOT SECURITY. [Online] Available at: HYPERLINK “http://www.infosec.gov.hk/english/technical/files/honeypots.pdf” [Accessed 4th Jan 2016].
IETF (1987) RFC 1034. Available at: HYPERLINK “https://www.ietf.org/rfc/rfc1034.txt” https://www.ietf.org/rfc/rfc1034.txt (Accessed: 17th November 2015).
ImperialViolet (2014) ImperialViolet. Available at: HYPERLINK “https://www.imperialviolet.org/2014/12/08/poodleagain.html” https://www.imperialviolet.org/2014/12/08/poodleagain.html (Accessed: 22nd November 2015).
incapsula, 2015. Denial of Service Attacks. [Online] Available at: HYPERLINK “https://www.incapsula.com/ddos/ddos-attacks/denial-of-service.html” https://www.incapsula.com/ddos/ddos-attacks/denial-of-service.html [Accessed 3rd Jan 2016].
Kaspersky, 2015. Internet Security. [Online] Available at: HYPERLINK “http://www.kaspersky.co.uk/internet-security” http://www.kaspersky.co.uk/internet-security [Accessed 6th Jan 2016].
Microsoft (2012) Microsoft Security Bulletin MS12-017 – Important. Available at: HYPERLINK “https://technet.microsoft.com/library/security/ms12-017” https://technet.microsoft.com/library/security/ms12-017 (Accessed: 22nd November 2015).
Microsoft (2014) Microsoft Security Bulletin MS11-058 – Critical. Available at: HYPERLINK “https://technet.microsoft.com/library/security/ms11-058” https://technet.microsoft.com/library/security/ms11-058 (Accessed: 22nd November 2015).
Moeller, B. (2014) This POODLE Bites: Exploiting The. Available at: HYPERLINK “https://www.openssl.org/~bodo/ssl-poodle.pdf” https://www.openssl.org/~bodo/ssl-poodle.pdf (Accessed: 22nd November 2015).
oxenhander, D., 2003. Designing a Secure Local Area Network. [Online] (1.4b) Available at: HYPERLINK “https://www.sans.org/reading-room/whitepapers/bestprac/designing-secure-local-area-network-853” https://www.sans.org/reading-room/whitepapers/bestprac/designing-secure-local-area-network-853 [Accessed 3rd Jan 2016].
Paterson, K. (2013) On the Security of RC4 in TLS and WPA. Available at: HYPERLINK “http://www.isg.rhul.ac.uk/tls/” http://www.isg.rhul.ac.uk/tls/ (Accessed: 22nd November 2015).
Pearson Education, 2012. Network Security First-Step: Firewalls. [Online] Available at: HYPERLINK “http://www.ciscopress.com/articles/article.asp?p=1823359&seqNum=5” http://www.ciscopress.com/articles/article.asp?p=1823359&seqNum=5 [Accessed 3rd Jan 2016].
Pearson, 2016. Internet Addressing and Routing First Step. [Online] Available at: HYPERLINK “http://www.ciscopress.com/articles/article.asp?p=348253&seqNum=7” http://www.ciscopress.com/articles/article.asp?p=348253&seqNum=7 [Accessed 2nd Jan 2016].
PHP Group (2015) PHP. Available at: HYPERLINK “http://php.net/” http://php.net/ (Accessed: 22nd November 2015).
Prowse, D.L. (2010) CompTIA Security+ SYO-201 Cert Guide. Pearson.
Smyth, N. (2010) Security+ Essentials. Payload Media.
Sonicwall, 2014. Deep Packet Inspection. [Online] Available at: HYPERLINK “http://www.sonicwall.com/documents/deep-packet-inspection-datasheet-74705.pdf” http://www.sonicwall.com/documents/deep-packet-inspection-datasheet-74705.pdf [Accessed 2nd Jan 2016].
Tenable (2015) FTP Supports Cleartext Authentication. Available at: HYPERLINK “http://www.tenable.com/plugins/index.php?view=single&id=34324” http://www.tenable.com/plugins/index.php?view=single&id=34324 (Accessed: 22nd November 2015).
Tenable (2015) MS13-006: Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) (uncredentialed check). Available at: HYPERLINK “http://www.tenable.com/plugins/index.php?view=single&id=63643” http://www.tenable.com/plugins/index.php?view=single&id=63643 (Accessed: 5th Jan 2016).
Tenable (2015) PHP 5.3.x< 5.3.29 Multiple Vulnerabilities. Available at: HYPERLINK “http://www.tenable.com/plugins/index.php?view=single&id=77285” http://www.tenable.com/plugins/index.php?view=single&id=77285 (Accessed: 21st November 2015).
Tenable (2015) PHP expose_php Information Disclosure. Available at: HYPERLINK “http://www.tenable.com/plugins/index.php?view=single&id=46803” http://www.tenable.com/plugins/index.php?view=single&id=46803 (Accessed: 22nd November 2015).
Tenable (2015) SSL Certificate Expiry. Available at: HYPERLINK “http://www.tenable.com/plugins/index.php?view=single&id=15901” http://www.tenable.com/plugins/index.php?view=single&id=15901 (Accessed: 21st November 2015).
Tenable (2015) SSL Self-Signed Certificate. Available at: HYPERLINK “http://www.tenable.com/plugins/index.php?view=single&id=57582” http://www.tenable.com/plugins/index.php?view=single&id=57582 (Accessed: 21st November 2015).
Tenable (2015) Web Application Potentially Vulnerable to Clickjacking. Available at: HYPERLINK “http://www.tenable.com/plugins/index.php?view=single&id=85582” http://www.tenable.com/plugins/index.php?view=single&id=85582 (Accessed: 22nd November 2015).
Zen, 2015. Stateful vs Deep Packet Inspection. [Online] Available at: HYPERLINK “https://www.zen.co.uk/business/broadband/business-broadband/stateful-vs-deep-packet-inspection.aspx” https://www.zen.co.uk/business/broadband/business-broadband/stateful-vs-deep-packet-inspection.aspx [Accessed 2nd Jan 2016].
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Comments are closed.