Discover Mode SAMPLE - Cyberoam_Security_Assessment_Report RFinal
description
Transcript of Discover Mode SAMPLE - Cyberoam_Security_Assessment_Report RFinal
Cyberoam Security Assessment Report
Prepared for: ACME Corporation Delivered on: December 27, 2014 Report Duration: October 14 - October 20, 2014
■■■■■
Cyberoam Security Assessment Report Cyberoam next-generation firewall was used to conduct a quick network risk assessment at ACME Corporation. This report aims to provide visibility into potential application and web risks, risky users, intrusion risks and usage of applications within ACME Corporation network, thereby highlighting security issues that need to be addressed by ACME Corporation. This report helps organizations understand capabilities of Cyberoam NGFW to see threats and network usage that their existing Firewalls may not see. Today’s dynamic threat landscape requires organizations to re-consider security at their network perimeterevery few years. As a result, the next-generation firewall deployment has begun taking over the mantle ofnetwork protection from the last generation of firewalls and security appliances. The truth is, previousgeneration firewalls are not equipped to identify modern day security threats and do not provide adequateprotection, leaving organization networks vulnerable against the tide of new threat vectors and actors. Cyberoam Next-Generation Firewalls (NGFW) with Layer 8 Identity-based technology offer actionablesecurity intelligence and controls to enterprises that allow complete control over L2-L8 for future-readysecurity. Cyberoam NGFW integrates multiple features over a single platform, eliminating the need tomanage multiple solutions and hence reduces complexity. This report provides a high level overview of ACME Corporation network that covers:
Report Findings User Behavior Application Risks & Usage Web Risks & Usage Intrusion attacks
■-
-
-
■-
-
Report Findings: Key Observations
■ User Behaviour- Top 2 risky users contribute to 70% of overall user risk for web usage.
■ Application Risks and Usage
- ACME Corporation is facing low Application risk with an App risk score of 1.79.- 8 risk-prone applications were found traversing the network of which 2 were very high riskapplications and 6 were high risk applications. Key observations on top risky applications:
Web Risks & Usage
4 very high risk web domains were accessed that belonged to IPAddress (1 web domains),Spyware (3 web domains).Top Web categories by data transferred include NewsAndMedia, InformationTechnology,ISPWebHosting.Top 3 web domains account for 70% of data transferred by web surfing.
Intrusion attacks
Overall 5639 intrusion attacks with Moderate severity and above were found, that includes 17attacks of Major and 5622 attacks of Moderate severity level.Top attack categories include Web Services and Applications, Reconnaissance, Multimedia,Browsers.
Application Category Number of "Risk-5 & Risk-4" Applications found
File Transfer 3
General Internet 2
Infrastructure 1
Instant Messenger 1
P2P 1
User Behavior Studies have proved that users are the weakest link in the security chain and patterns of human behaviorcan be used to predict and prevent attacks. Also usage pattern can help understand how efficiently arecorporate resources utilized and if user policies need to be fine-tuned. Cyberoam Layer 8 Technology over its network security appliances treat user identity as the 8th layer orthe "human layer" in the network protocol stack. This allows administrators to uniquely identify users,control Internet activity of these users in the network, and enable policy-setting and reporting by username. Top Risky Users Cyberoam’s User Threat Quotient (UTQ) helps security administrators spot risky users within their network.The risk could be a result of unintended actions due to lack of security awareness or malware infected hostor intended actions of a rogue user. Knowing the user and the activities that caused risk can help theNetwork Security administrator take required actions to avoid these risks. Top 6 Risky Users
Relative Risk Ranking User Relative Threat Score
1 victor 41.97
2 paul 26.97
3 david 26.97
4 robert 3.27
5 thomas 0.82
6 joseph 0.00
Application Risks & Usage Visibility Today, it is crucial for an organization to be aware about the applications traversing the network andpotential risk they pose to effectively manage related business risks. Cyberoam’s Application Visibility &Control offers complete visibility on which applications are being accessed within the network irrespectiveof their ports and protocols. This stops sophisticated application-layer threats right at the network perimeter. Application Risk Score This risk calculator indicates the overall risk associated with the applications and is calculated on the basisof individual risk associated with the application and number of hits on that application.
Top Risky Applications in use The table below lists top 17 risky applications (risk rating 5 or 4 or 3 in this order) along with risk level,application category, characteristic and technology to help understand potential application risks faced bythe network. Top 17 risky applications
Risk: 1.58
Risk Level App Name Category Technology Hits Bytes
5 Skype Services General Internet Client Server 337 150.06 KB
5 Torrent ClientsP2P P2P P2P 3 23.5 KB
4 HTTP General Internet Browser Based 15789 747.67 MB
4 Skype InstantMessenger P2P 40 1.04 MB
4 FTP Base Infrastructure Client Server 41 46.93 KB
4 Multi Thread FileTransfer File Transfer Client Server 1 39 KB
4 ZIP File Download File Transfer Browser Based 16 19.14 KB
4 RAR FileDownload File Transfer Browser Based 1 1.2 KB
3 FacebookWebsite Social Networking Browser Based 447 7.39 MB
3 Twitter Website Social Networking Browser Based 794 6.9 MB
3 HTTP ResumeFileTransfer File Transfer Browser Based 57 2.56 MB
3 Sharepoint General Business Browser Based 30 1.44 MB
3 Hotmail WebMail Web Mail Browser Based 23 195.03 KB
3 Youtube Website Streaming Media Browser Based 81 58.05 KB
Risk Level App Name Category Technology Hits Bytes
3 Yahoo Website General Internet Browser Based 6 34.18 KB
3 SWF Streaming Streaming Media Browser Based 30 25.19 KB
3 Yahoo WebMail Web Mail Browser Based 1 1.34 KB
Top Application Categories & Applications Knowing top app categories and applications help understand how efficiently are corporate resourcesutilized and also app filtering policies. These reports provide a snapshot of various application categoriesand applications accessed by users and amount of Internet traffic generated by them. Top 10 Application Categories by Data Transfer
Top 20 Applications by Data Transfer
Application Category Hits Bytes
General Internet 16302 750.6 MB
Infrastructure 42507 145.85 MB
Social Networking 1383 15.54 MB
N/A 5562 2.8 MB
File Transfer 75 2.62 MB
General Business 40 1.5 MB
Instant Messenger 40 1.04 MB
Web Mail 24 196.37 KB
Streaming Media 111 83.24 KB
P2P 3 23.5 KB
Application Application Risk ApplicationCategory Hits Bytes
HTTP 4 General Internet 15789 747.67 MBSecure Socket LayerProtocol 1 Infrastructure 20627 114.6 MB
SMTP 1 Infrastructure 17 17.35 MB
POP3 1 Infrastructure 10 9.25 MB
Facebook Website 3 Social Networking 447 7.39 MB
Twitter Website 3 Social Networking 794 6.9 MB
DNS 1 Infrastructure 21785 4.46 MBHTTP ResumeFileTransfer 3 File Transfer 57 2.56 MB
TCP:80 N/A N/A 4779 2.4 MB
Google Website 2 General Internet 117 2.34 MB
Sharepoint 3 General Business 30 1.44 MB
Skype 4 Instant Messenger 40 1.04 MB
Facebook Like Plugin 2 Social Networking 47 740.6 KB
Facebook Plugin 2 Social Networking 52 351.92 KB
Bing Search Query 2 General Internet 1 226.45 KB
TCP:443 N/A N/A 364 210.65 KB
Hotmail WebMail 3 Web Mail 23 195.03 KB
Pinterest Website 2 Social Networking 43 179.97 KB
Skype Services 5 General Internet 337 150.06 KB
NetBIOS 1 Infrastructure 11 107.63 KB
Web Risks & Usage Visibility Organizations need a strong security mechanism that blocks access to harmful websites, prevent malware,phishing, pharming attacks and undesirable content that could lead to legal liability & direct financial losses.Being able to do so also enables them to manage productivity of their users and helps achieve effectiveutilization of bandwidth. Cyberoam’s Web Filtering offers one of the most comprehensive URL databases with millions of URLsgrouped into 89+ categories providing Web Security, HTTPS Controls and comprehensive web & contentfiltering solution.
Risky Web Categories & Domains being accessed These reports help administrator monitor risky web categories and domains that can pose security andlegal risks. Top Risky Web Categories
Top 4 Risky web domains
Risky Category No Of Domains Bytes Hits
Spyware 3 349.28 KB 43
IPAddress 1 1.61 KB 6
Risky Web Domain Web Category Bytes Hitsdirectrev.blob.core.windows.net Spyware 149.75 KB 22
stats.g.doubleclick.net Spyware 185.54 KB 12
yllix.com Spyware 13.99 KB 9
10.201.4.42 IPAddress 1.61 KB 6
Top Web Categories & Domains visited These reports can give an insight into the general user browsing habits that can help understand howefficiently corporate resources get utilized and efficacy of web filtering policies.This Report displays a list of top categories along with the number of hits that generate the most traffic forvarious domains, users and contents. Top 15 Web categories by Hits
Top 15 Web categories by Data Transfer
Category Bytes Hits
InformationTechnology 197.9 MB 17221
Chat 1.79 MB 10097
NewsAndMedia 213.67 MB 9217
Advertisements 26.64 MB 4447
SearchEngines 22.44 MB 1641
ISPWebHosting 44.38 MB 1570
SocialNetworking 15.3 MB 1050
JobsSearch 4.86 MB 869
BusinessAndEconomy 9.87 MB 837
Cricket 1.38 MB 589
Music 8.18 MB 487
TravelFoodAndImmigration 18.49 MB 479
Portals 2.95 MB 355
PoliticalOrganization 8.69 MB 317
SharesAndStockMarket 1.4 MB 299
Category Hits Bytes
NewsAndMedia 9217 213.67 MB
InformationTechnology 17221 197.9 MB
ISPWebHosting 1570 44.38 MB
Advertisements 4447 26.64 MB
SearchEngines 1641 22.44 MB
TravelFoodAndImmigration 479 18.49 MB
SocialNetworking 1050 15.3 MB
WebBasedEmail 44 12.11 MB
DownloadFreewareAndShareware 216 10.65 MB
BusinessAndEconomy 837 9.87 MB
PoliticalOrganization 317 8.69 MB
Music 487 8.18 MB
JobsSearch 869 4.86 MB
Entertainment 78 3.74 MB
Top 15 Web Domains by Hits
Top 15 Web Domains by Data Transfer
Category Hits Bytes
Portals 355 2.95 MB
Web Domain Web Category Bytes Hits
secure.livechatinc.com Chat 492.44 KB 10024
http.00.s.sophosxl.net InformationTechnology 38.41 KB 4642
i.dailymail.co.uk NewsAndMedia 41.92 MB 2918
media2.intoday.in NewsAndMedia 15.58 MB 1479
www.manashosting.com ISPWebHosting 37.37 MB 1288
www.google-analytics.com InformationTechnology 1.05 MB 927
www.ewebstream.com InformationTechnology 6.8 MB 913
www.cyberoam.com InformationTechnology 47.97 MB 903
i10.dainikbhaskar.com NewsAndMedia 10.55 MB 850
*.upe.p.hmr.sophos.com InformationTechnology 3.02 MB 826
www.webhostingpeople.net InformationTechnology 16.2 MB 811
www.suninfy.com InformationTechnology 9.87 MB 766pagead2.googlesyndication.com Advertisements 11.64 MB 741
www.sandesh.com NewsAndMedia 73.81 MB 661
www.elitecore.com InformationTechnology 13.36 MB 642
Web Domain Web Category Hits Bytes
www.sandesh.com NewsAndMedia 661 73.81 MB
www.cyberoam.com InformationTechnology 903 47.97 MB
i.dailymail.co.uk NewsAndMedia 2918 41.92 MB
www.manashosting.com ISPWebHosting 1288 37.37 MB
www.webhostingpeople.net InformationTechnology 811 16.2 MB
www.divyabhaskar.co.in NewsAndMedia 194 15.85 MB
media2.intoday.in NewsAndMedia 1479 15.58 MB
www.palacesonwheels.com TravelFoodAndImmigration 273 13.99 MB
www.elitecore.com InformationTechnology 642 13.36 MB
mail.google.com WebBasedEmail 34 12.03 MBpagead2.googlesyndication.com Advertisements 741 11.64 MB
*.google.com SearchEngines 451 11.03 MBr7---sn-gxap5ojx-5hqe.c.pack.google.com
DownloadFreewareAndShareware 198 10.59 MB
i10.dainikbhaskar.com NewsAndMedia 850 10.55 MB
*.cyberoam.com InformationTechnology 220 10.35 MB
Intrusion Attacks Detecting and protecting against network and application level attacks like intrusion attacks, malicious codetransmission, backdoor activity is critical to protect network from hackers. Cyberoam’s Intrusion PreventionSystem strengthens defenses against network-level and application-level attacks. Top Intrusion Attacks This Report fetches details for the top attacks that have hit the system with information of their severitylevel, category, platform, target and attack count. Top 9 Intrusion attacks by Severity
Top attack categories
Severity-level Attack Category Platform Target Attack Count
Major
Microsoft InternetExplorer VirtualFunction TableMemoryCorruption
Browsers Windows Client 8
MajorMicrosoft InternetExplorer LayoutUse After Free
Browsers Windows Client 6
MajorHTTPS/SSLRenegotiationDoS
Web Services andApplications
BSD,Linux,Mac,Other,Solaris,Unix,Windows
Server 3
Moderate
ICMP DestinationUnreachableCommunicationAdministrativelyProhibited
ReconnaissanceBSD,Linux,Mac,Other,Solaris,Unix,Windows
Server 102
Moderate
(snort_decoder)WARNING: ICMPDestinationUnreachableCommunicationAdministrativelyProhibited
Reconnaissance Solaris,Windows Server 1675
ModerateICMP DestinationUnreachable HostUnreachable
ReconnaissanceBSD,Linux,Mac,Other,Solaris,Unix,Windows
Server 3845
N/A Flash JIT InternetExplorer 9 Exploit Browsers Windows Client 1
N/A SSLv3.0Connection N/A N/A N/A 5
N/A
Adobe FlashPlayer and AIRCVE-2014-0499InformationDisclosureVulnerability
Multimedia Linux,Mac,Windows Client 3
Attack Category Variety of attacks Attack Count
Reconnaissance 3 5622
Browsers 3 15
N/A 1 5
Attack Category Variety of attacks Attack Count
Multimedia 1 3
Web Services and Applications 1 3