During the course of NMS- ‘Network Management System’
application development, we always focus on meeting Functional requirements such
as FCAPS in general. Based on customer’s requirement (in few cases) we try to implement
few critical NFRs such as Availability, Backup, Response Time, Usability etc.., And sometimes focus on Security requirement will be
overlooked. Of course, it depends on the
Product/Customer requirement on Security aspects to be considered.
Importance to Security requirements is gaining strength
now-a-days, many organizations are moving towards ISO 27001 certifications to
certify the applications that they develop.
I have captured few aspects to be considered in general when
we develop a web based NMS solution.
Please note that I haven’t focused here in detail about the “General
Design Guidelines for Secure Web application”
I have taken an example of Web-centric NMS application developed using Flex & Java. SNMP is the communication protocol between NMS and NE - "Network Element".
Security in this case, is fundamentally protecting your NMS application
which is monitoring and controlling all your network elements.
As per Wiki, In computer
security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability
is the intersection of three elements: a system
susceptibility or flaw, attacker access to the flaw, and attacker capability to
exploit the flaw.
Now, you need to know what are the vulnerabilities your NMS
application might posses in general and take necessary steps in order to
prevent the Threat. A Threat is any bad thing that can happen to your application.
General vulnerabilities in NMS
- UserName Enumeration
- SQL Injection
- NMS to NE communication
- Remote code execution
General NMS Application architecture
Security Vulnerabilities
1. Client - Web Pages
Web pages in general
will be built using HTML/JSP/PHP/ASP etc..
NMS client side
code is built in Flex embedded inside HTML.
HTML : Cross scripting attack
(injecting client side scripting code to
the remote server)
Flex: Decompile, modify and re-compile the SWF
file that gets loaded in the client. This is a cross scripting attack. Tools
like SOTHINK SWF De-compiler adapts this
method of attack.
Security attack
Prevention methods:
• Remove sensitive information from SWF file
such as SQL statements , User name & password
• Remove debug code and unused code
• Use code obfuscation software such as
SECURESWF which helps you to protect your action script from Flash De-compilers
2. HTTP Interface
• Web based NMS solution use HTTP protocol
between NMS Client and NMS server
• From Flex client, the data to the NMS server
will be sent via AMF (Action Message Format) Protocol in Binary format to NMS
Server
• Test on the link can be done using FIREBUG which
can spoof the data which includes sensitive information such as Login
credentials/business logic invocation
(This tools tries to decode the AMF data)
Security attack
Prevention method:
HTTPS shall be used
3. RDBMS
• SQL injection is a common technique used in
this case
• Access to RDBMS like Oracle can be tested
using METASPOILT (This tool brute forces User name, password, Privilege
Escalation via SQL Injection and manipulates data)
Security attack
Prevention method:
In order to prevent access to Oracle DB easily, default Oracle user details
need to be modified.
4.NMS Server
• Dictionary attack on NMS server’s login
credentials
• Attacking Web server running in NMS Server
• Identifying vulnerable ports running in the
NMS server using METASPOILT, NESSUS (These tools identify & attack through
the vulnerable ports running which are not disabled)
Security attack
Prevention method:
Block default vulnerable ports such as
80(HTTP), 443(HTTPS), 21(FTP), 22(SSH), 23(Telnet), 161,162(SNMP) in the NMS
server
5.SNMP
• SNMP is commonly used protocol for
communicating between NMS Server and Network Elements
• Using packet analyzer tools like WIRESHARK, SNMPV1/V2C
Community String can be found out
Security attack
Prevention method:
Communication shall
be always chosen as SNMPv3
By considering the
aspects mentioned above, NMS application’s major security threats can be
avoided. Of course, there are
many tools available in the market today to exploit NMS server, NMS Server’s
RDBMS etc..
No comments:
Post a Comment