English | Français
Main
Ethical Hacking
Penetration TestingWhat a Penetration Test is Methodologies and Standards Results Analysis
Case StudiesCase Study For ManagementCase Study For IT Experts
Security Auditing
Security EvaluationSecurity AuditSource Code Review
Case StudiesCase Study For ManagementCase Study For IT Experts
Risk Management
PreventionSecurity Training Secure Programming
Reaction Incident Recovery Incident Forensics
Company
GeneralCareersOverviewManagement TeamCorporate Presentation
PartnersOur Partners
Contacts
Sales & MarketingLocationsHave Us Contact You
SupportCustomer Login

Case Studies For IT Experts

Penetration Testing


This section highlights the importance of regular penetration tests for IT experts and IT security professionals. Today many corporate IT departments underestimate the importance of their web sites security. They believe that a stand-alone web server compromise may not affect the local network in any manner, and if on their web site there is no confidential or commercial information hackers will never attack it.

The following Case Study illustrates why hackers may chose your web site as their target even if you strongly believe that they will never do so. The possible technicals consequences of the web site compromise, which are not always obvious, are also described.


Case study: Local Network Compromised Through the Corporate Website.


Well known financial company in Europe had a perfectly protected local corporate network. Direct access from the Internet was blocked. Patches were installed regularly and antivirus was updated daily. Local users only had access to their emails and the corporate web site. Internal security policy was very strict.
However, the corporate website has never received as much security attention as the internal network, the web server was separated from it and did not contain any confidential information. The IT department has never paid lot of attention to the web server security. Itʼs remote location led them to believe that any compromise to the web server would not have any negative impact on the local network. Therefore IT department considered website penetration tests as wasting of time and budget and has never performed them.

The negligence with the web site security opened a door to hackers who easily penetrated the web server, modifying web site content. The visual appearance of the web site remained absolutely the same as before, however hackers inserted a malicious iframe with 0day exploit for Opera (browser used by default in the local network) to the website source code. From this point of time all the website visitors, including all local users, were compromised and infected with a backdoor. Their regularly updated antivirus (which recently won a «Best Antivirus of The Year» award) was unable to detect this backdoor neither by signatures, nor by heuristic analysis. The expensive hardware firewall in charge of filtering all outgoing traffic was not an obstacle for the backdoor as well: stolen data was encrypted and encapsulated into the DNS protocol, leaked out to the Internet via DNS requests to a local DNS server, which then forwarded them to a remote DNS server controlled by the hackers.

Within few weeks, almost all confidential information from the local network had been stolen. Hackers had taken advantage of IT departmentʼs conviction that the security of a remote web server cannot negatively affect perfectly protected and almost isolated local network.
Following the growing number of customer complaints, whose commercial information had been stolen and resold by hackers on the black on-line market, the intrusion was finally detected. Unfortunately, it was already too late to react.



Solution


In this case High-Tech Bridge security experts will immediately start incident recovery process, followed with careful incident forensics. As the compromised system is restored and hackers are identified, a detailed security audit, in some cases with with source code review, should be performed. To complete security and reliability verification we recommend to perform a penetration test.

High-Tech Bridge’s approach to penetration test not only identify all the weaknesses and vulnerabilities, but also explain in details the latest hacker’s attacks and methodologies used during the penetration test and provides recommendations and solutions on how to fix all the discovered issues. During the penetration test you will also be able to ask our experts any question you might have about hacking techniques and security testing approaches.

Please contact High-Tech Bridge or request a call back to receive a presonolized penetration test offer in the next 24 working hours.

High-Tech Bridge Corporate Presentation

Recent US-CERT Alerts:

Microsoft Updates for Multiple Vulnerabilities Microsoft Updates for Multiple Vulnerabilities Microsoft Internet Explorer Vulnerabilities Adobe Reader and Acrobat Vulnerabilities

Recent Vulnerabilities:

RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities Microsoft Excel DbOrParamQry Record Remote Code Execution Vulnerability Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability
Ethical Hacking ISO 27001 CISO/CSO OWASP OSSTMM CERT MELANI CEH IMPACT PCI DSS Security Policy COBIT
2007-2010 © High-Tech Bridge SA, Switzerland
Contacts Legal Disclaimer Privacy Policy
World Trade Center, CP 390
29, Route de Pre-Bois
CH-1215 Geneva 15, Switzerland
Tel: +41 (0) 22 723 24 24
Fax: +41 (0) 22 788 35 71
Print VersionPrint Version