Cyberoam Security Assessment Report

Prepared for: ACME Corporation Delivered on: December 27, 2014 Report Duration: October 14 - October 20, 2014

■■■■■

Cyberoam Security Assessment Report Cyberoam next-generation firewall was used to conduct a quick network risk assessment at ACME Corporation. This report aims to provide visibility into potential application and web risks, risky users, intrusion risks and usage of applications within ACME Corporation network, thereby highlighting security issues that need to be addressed by ACME Corporation. This report helps organizations understand capabilities of Cyberoam NGFW to see threats and network usage that their existing Firewalls may not see. Today’s dynamic threat landscape requires organizations to re-consider security at their network perimeterevery few years. As a result, the next-generation firewall deployment has begun taking over the mantle ofnetwork protection from the last generation of firewalls and security appliances. The truth is, previousgeneration firewalls are not equipped to identify modern day security threats and do not provide adequateprotection, leaving organization networks vulnerable against the tide of new threat vectors and actors. Cyberoam Next-Generation Firewalls (NGFW) with Layer 8 Identity-based technology offer actionablesecurity intelligence and controls to enterprises that allow complete control over L2-L8 for future-readysecurity. Cyberoam NGFW integrates multiple features over a single platform, eliminating the need tomanage multiple solutions and hence reduces complexity. This report provides a high level overview of ACME Corporation network that covers:

Report Findings User Behavior Application Risks & Usage Web Risks & Usage Intrusion attacks

■-

-

-

■-

-

Report Findings: Key Observations

■ User Behaviour- Top 2 risky users contribute to 70% of overall user risk for web usage.

■ Application Risks and Usage

- ACME Corporation is facing low Application risk with an App risk score of 1.79.- 8 risk-prone applications were found traversing the network of which 2 were very high riskapplications and 6 were high risk applications. Key observations on top risky applications:

Web Risks & Usage

4 very high risk web domains were accessed that belonged to IPAddress (1 web domains),Spyware (3 web domains).Top Web categories by data transferred include NewsAndMedia, InformationTechnology,ISPWebHosting.Top 3 web domains account for 70% of data transferred by web surfing.

Intrusion attacks

Overall 5639 intrusion attacks with Moderate severity and above were found, that includes 17attacks of Major and 5622 attacks of Moderate severity level.Top attack categories include Web Services and Applications, Reconnaissance, Multimedia,Browsers.

Application Category Number of "Risk-5 & Risk-4" Applications found

File Transfer 3

General Internet 2

Infrastructure 1

Instant Messenger 1

P2P 1

User Behavior Studies have proved that users are the weakest link in the security chain and patterns of human behaviorcan be used to predict and prevent attacks. Also usage pattern can help understand how efficiently arecorporate resources utilized and if user policies need to be fine-tuned. Cyberoam Layer 8 Technology over its network security appliances treat user identity as the 8th layer orthe "human layer" in the network protocol stack. This allows administrators to uniquely identify users,control Internet activity of these users in the network, and enable policy-setting and reporting by username. Top Risky Users Cyberoam’s User Threat Quotient (UTQ) helps security administrators spot risky users within their network.The risk could be a result of unintended actions due to lack of security awareness or malware infected hostor intended actions of a rogue user. Knowing the user and the activities that caused risk can help theNetwork Security administrator take required actions to avoid these risks. Top 6 Risky Users

Relative Risk Ranking User Relative Threat Score

1 victor 41.97

2 paul 26.97

3 david 26.97

4 robert 3.27

5 thomas 0.82

6 joseph 0.00

Application Risks & Usage Visibility Today, it is crucial for an organization to be aware about the applications traversing the network andpotential risk they pose to effectively manage related business risks. Cyberoam’s Application Visibility &Control offers complete visibility on which applications are being accessed within the network irrespectiveof their ports and protocols. This stops sophisticated application-layer threats right at the network perimeter. Application Risk Score This risk calculator indicates the overall risk associated with the applications and is calculated on the basisof individual risk associated with the application and number of hits on that application.

Top Risky Applications in use The table below lists top 17 risky applications (risk rating 5 or 4 or 3 in this order) along with risk level,application category, characteristic and technology to help understand potential application risks faced bythe network. Top 17 risky applications

Risk: 1.58

Risk Level App Name Category Technology Hits Bytes

5 Skype Services General Internet Client Server 337 150.06 KB

5 Torrent ClientsP2P P2P P2P 3 23.5 KB

4 HTTP General Internet Browser Based 15789 747.67 MB

4 Skype InstantMessenger P2P 40 1.04 MB

4 FTP Base Infrastructure Client Server 41 46.93 KB

4 Multi Thread FileTransfer File Transfer Client Server 1 39 KB

4 ZIP File Download File Transfer Browser Based 16 19.14 KB

4 RAR FileDownload File Transfer Browser Based 1 1.2 KB

3 FacebookWebsite Social Networking Browser Based 447 7.39 MB

3 Twitter Website Social Networking Browser Based 794 6.9 MB

3 HTTP ResumeFileTransfer File Transfer Browser Based 57 2.56 MB

3 Sharepoint General Business Browser Based 30 1.44 MB

3 Hotmail WebMail Web Mail Browser Based 23 195.03 KB

3 Youtube Website Streaming Media Browser Based 81 58.05 KB

Risk Level App Name Category Technology Hits Bytes

3 Yahoo Website General Internet Browser Based 6 34.18 KB

3 SWF Streaming Streaming Media Browser Based 30 25.19 KB

3 Yahoo WebMail Web Mail Browser Based 1 1.34 KB

Top Application Categories & Applications Knowing top app categories and applications help understand how efficiently are corporate resourcesutilized and also app filtering policies. These reports provide a snapshot of various application categoriesand applications accessed by users and amount of Internet traffic generated by them.  Top 10 Application Categories by Data Transfer

Top 20 Applications by Data Transfer

Application Category Hits Bytes

General Internet 16302 750.6 MB

Infrastructure 42507 145.85 MB

Social Networking 1383 15.54 MB

N/A 5562 2.8 MB

File Transfer 75 2.62 MB

General Business 40 1.5 MB

Instant Messenger 40 1.04 MB

Web Mail 24 196.37 KB

Streaming Media 111 83.24 KB

P2P 3 23.5 KB

Application Application Risk ApplicationCategory Hits Bytes

HTTP 4 General Internet 15789 747.67 MBSecure Socket LayerProtocol 1 Infrastructure 20627 114.6 MB

SMTP 1 Infrastructure 17 17.35 MB

POP3 1 Infrastructure 10 9.25 MB

Facebook Website 3 Social Networking 447 7.39 MB

Twitter Website 3 Social Networking 794 6.9 MB

DNS 1 Infrastructure 21785 4.46 MBHTTP ResumeFileTransfer 3 File Transfer 57 2.56 MB

TCP:80 N/A N/A 4779 2.4 MB

Google Website 2 General Internet 117 2.34 MB

Sharepoint 3 General Business 30 1.44 MB

Skype 4 Instant Messenger 40 1.04 MB

Facebook Like Plugin 2 Social Networking 47 740.6 KB

Facebook Plugin 2 Social Networking 52 351.92 KB

Bing Search Query 2 General Internet 1 226.45 KB

TCP:443 N/A N/A 364 210.65 KB

Hotmail WebMail 3 Web Mail 23 195.03 KB

Pinterest Website 2 Social Networking 43 179.97 KB

Skype Services 5 General Internet 337 150.06 KB

NetBIOS 1 Infrastructure 11 107.63 KB

Web Risks & Usage Visibility Organizations need a strong security mechanism that blocks access to harmful websites, prevent malware,phishing, pharming attacks and undesirable content that could lead to legal liability & direct financial losses.Being able to do so also enables them to manage productivity of their users and helps achieve effectiveutilization of bandwidth. Cyberoam’s Web Filtering offers one of the most comprehensive URL databases with millions of URLsgrouped into 89+ categories providing Web Security, HTTPS Controls and comprehensive web & contentfiltering solution.

Risky Web Categories & Domains being accessed These reports help administrator monitor risky web categories and domains that can pose security andlegal risks. Top Risky Web Categories

Top 4 Risky web domains

Risky Category No Of Domains Bytes Hits

Spyware 3 349.28 KB 43

IPAddress 1 1.61 KB 6

Risky Web Domain Web Category Bytes Hitsdirectrev.blob.core.windows.net Spyware 149.75 KB 22

stats.g.doubleclick.net Spyware 185.54 KB 12

yllix.com Spyware 13.99 KB 9

10.201.4.42 IPAddress 1.61 KB 6

Top Web Categories & Domains visited These reports can give an insight into the general user browsing habits that can help understand howefficiently corporate resources get utilized and efficacy of web filtering policies.This Report displays a list of top categories along with the number of hits that generate the most traffic forvarious domains, users and contents. Top 15 Web categories by Hits

Top 15 Web categories by Data Transfer

Category Bytes Hits

InformationTechnology 197.9 MB 17221

Chat 1.79 MB 10097

NewsAndMedia 213.67 MB 9217

Advertisements 26.64 MB 4447

SearchEngines 22.44 MB 1641

ISPWebHosting 44.38 MB 1570

SocialNetworking 15.3 MB 1050

JobsSearch 4.86 MB 869

BusinessAndEconomy 9.87 MB 837

Cricket 1.38 MB 589

Music 8.18 MB 487

TravelFoodAndImmigration 18.49 MB 479

Portals 2.95 MB 355

PoliticalOrganization 8.69 MB 317

SharesAndStockMarket 1.4 MB 299

Category Hits Bytes

NewsAndMedia 9217 213.67 MB

InformationTechnology 17221 197.9 MB

ISPWebHosting 1570 44.38 MB

Advertisements 4447 26.64 MB

SearchEngines 1641 22.44 MB

TravelFoodAndImmigration 479 18.49 MB

SocialNetworking 1050 15.3 MB

WebBasedEmail 44 12.11 MB

DownloadFreewareAndShareware 216 10.65 MB

BusinessAndEconomy 837 9.87 MB

PoliticalOrganization 317 8.69 MB

Music 487 8.18 MB

JobsSearch 869 4.86 MB

Entertainment 78 3.74 MB

Top 15 Web Domains by Hits

Top 15 Web Domains by Data Transfer

Category Hits Bytes

Portals 355 2.95 MB

Web Domain Web Category Bytes Hits

secure.livechatinc.com Chat 492.44 KB 10024

http.00.s.sophosxl.net InformationTechnology 38.41 KB 4642

i.dailymail.co.uk NewsAndMedia 41.92 MB 2918

media2.intoday.in NewsAndMedia 15.58 MB 1479

www.manashosting.com ISPWebHosting 37.37 MB 1288

www.google-analytics.com InformationTechnology 1.05 MB 927

www.ewebstream.com InformationTechnology 6.8 MB 913

www.cyberoam.com InformationTechnology 47.97 MB 903

i10.dainikbhaskar.com NewsAndMedia 10.55 MB 850

*.upe.p.hmr.sophos.com InformationTechnology 3.02 MB 826

www.webhostingpeople.net InformationTechnology 16.2 MB 811

www.suninfy.com InformationTechnology 9.87 MB 766pagead2.googlesyndication.com Advertisements 11.64 MB 741

www.sandesh.com NewsAndMedia 73.81 MB 661

www.elitecore.com InformationTechnology 13.36 MB 642

Web Domain Web Category Hits Bytes

www.sandesh.com NewsAndMedia 661 73.81 MB

www.cyberoam.com InformationTechnology 903 47.97 MB

i.dailymail.co.uk NewsAndMedia 2918 41.92 MB

www.manashosting.com ISPWebHosting 1288 37.37 MB

www.webhostingpeople.net InformationTechnology 811 16.2 MB

www.divyabhaskar.co.in NewsAndMedia 194 15.85 MB

media2.intoday.in NewsAndMedia 1479 15.58 MB

www.palacesonwheels.com TravelFoodAndImmigration 273 13.99 MB

www.elitecore.com InformationTechnology 642 13.36 MB

mail.google.com WebBasedEmail 34 12.03 MBpagead2.googlesyndication.com Advertisements 741 11.64 MB

*.google.com SearchEngines 451 11.03 MBr7---sn-gxap5ojx-5hqe.c.pack.google.com

DownloadFreewareAndShareware 198 10.59 MB

i10.dainikbhaskar.com NewsAndMedia 850 10.55 MB

*.cyberoam.com InformationTechnology 220 10.35 MB

Intrusion Attacks Detecting and protecting against network and application level attacks like intrusion attacks, malicious codetransmission, backdoor activity is critical to protect network from hackers. Cyberoam’s Intrusion PreventionSystem strengthens defenses against network-level and application-level attacks. Top Intrusion Attacks This Report fetches details for the top attacks that have hit the system with information of their severitylevel, category, platform, target and attack count. Top 9 Intrusion attacks by Severity

Top attack categories

Severity-level Attack Category Platform Target Attack Count

Major

Microsoft InternetExplorer VirtualFunction TableMemoryCorruption

Browsers Windows Client 8

MajorMicrosoft InternetExplorer LayoutUse After Free

Browsers Windows Client 6

MajorHTTPS/SSLRenegotiationDoS

Web Services andApplications

BSD,Linux,Mac,Other,Solaris,Unix,Windows

Server 3

Moderate

ICMP DestinationUnreachableCommunicationAdministrativelyProhibited

ReconnaissanceBSD,Linux,Mac,Other,Solaris,Unix,Windows

Server 102

Moderate

(snort_decoder)WARNING: ICMPDestinationUnreachableCommunicationAdministrativelyProhibited

Reconnaissance Solaris,Windows Server 1675

ModerateICMP DestinationUnreachable HostUnreachable

ReconnaissanceBSD,Linux,Mac,Other,Solaris,Unix,Windows

Server 3845

N/A Flash JIT InternetExplorer 9 Exploit Browsers Windows Client 1

N/A SSLv3.0Connection N/A N/A N/A 5

N/A

Adobe FlashPlayer and AIRCVE-2014-0499InformationDisclosureVulnerability

Multimedia Linux,Mac,Windows Client 3

Attack Category Variety of attacks Attack Count

Reconnaissance 3 5622

Browsers 3 15

N/A 1 5

Attack Category Variety of attacks Attack Count

Multimedia 1 3

Web Services and Applications 1 3