Security aspects to be considered during NMS Development

During the course of NMS- ‘Network Management System’ application development, we always focus on meeting Functional requirements such as FCAPS in general. Based on customer’s requirement (in few cases) we try to implement few critical NFRs such as Availability, Backup, Response Time, Usability etc.., And sometimes focus on Security requirement will be overlooked.  Of course, it depends on the Product/Customer requirement on Security aspects to be considered.

Importance to Security requirements is gaining strength now-a-days, many organizations are moving towards ISO 27001 certifications to certify the applications that they develop.

I have captured few aspects to be considered in general when we develop a web based NMS solution.

Please note that I haven’t focused here in detail about the “General Design Guidelines for Secure Web application”

I have taken an example of Web-centric NMS application developed using Flex & Java. SNMP is the communication protocol between NMS and NE - "Network Element". 

Security in this case, is fundamentally protecting your NMS application which is monitoring and controlling all your network elements.

As per Wiki, In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.

Now, you need to know what are the vulnerabilities your NMS application might posses in general and take necessary steps in order to prevent the Threat. A Threat is any bad thing that can happen to your application.

General vulnerabilities in NMS

•       UserName Enumeration
•       SQL Injection
•       NMS to NE communication
•       Remote code execution

 

General NMS Application architecture

 Security Vulnerabilities

1. Client - Web Pages

Web pages in general will be built using HTML/JSP/PHP/ASP etc..

NMS client side code is built in Flex embedded inside HTML.

                HTML : Cross scripting attack (injecting  client side scripting code to the remote server)

                Flex:   Decompile, modify and re-compile the SWF file that gets loaded in the client. This is a cross scripting attack. Tools like  SOTHINK SWF De-compiler adapts this method of attack.

Security attack Prevention methods:

               

•       Remove sensitive information from SWF file such as SQL statements , User name & password

•       Remove debug code and unused code

•       Use code obfuscation software such as SECURESWF which helps you to protect your action script  from Flash De-compilers 

2. HTTP Interface

•       Web based NMS solution use HTTP protocol between NMS Client and NMS server

•       From Flex client, the data to the NMS server will be sent via AMF (Action Message Format) Protocol in Binary format to NMS Server

•       Test on the link can be done using FIREBUG which can spoof the data which includes sensitive information such as Login credentials/business logic invocation  (This tools tries to decode the AMF data)

Security attack Prevention method:

HTTPS shall be used

3. RDBMS

•       SQL injection is a common technique used in this case

•       Access to RDBMS like Oracle can be tested using METASPOILT (This tool brute forces User name, password, Privilege Escalation via SQL Injection and manipulates data)

Security attack Prevention method:

In order to prevent access to Oracle DB easily, default Oracle user details need to be modified.

4.NMS Server

•       Dictionary attack on NMS server’s login credentials

•       Attacking Web server running in NMS Server

•       Identifying vulnerable ports running in the NMS server using METASPOILT, NESSUS (These tools identify & attack through the vulnerable ports running which are not disabled)

Security attack Prevention method:

       Block default vulnerable ports such as 80(HTTP), 443(HTTPS), 21(FTP), 22(SSH), 23(Telnet), 161,162(SNMP) in the NMS server

5.SNMP

•       SNMP is commonly used protocol for communicating between NMS Server and Network Elements

•       Using packet analyzer tools like WIRESHARK, SNMPV1/V2C Community String can be found out

Security attack Prevention method:

Communication shall be always chosen as SNMPv3

By considering the aspects mentioned above, NMS application’s major security threats can be avoided. Of course, there are many tools available in the market today to exploit NMS server, NMS Server’s RDBMS etc..