Your corporate endpoints, regardless of owner, present a major threat to the integrity of your data. Server and network infrastructure has received the majority of information security attention in recent years, leading attackers to widen their focus to the myriad of common browsers, plugins and third-party applications that are ubiquitous among enterprises globally.
From an attacker’s perspective, endpoints hold a number of attractive characteristics:
- Most endpoints within an organisation have an externally accessible email address capable of receiving a wide range of attachments, offering a convenient and effective delivery mechanism for malware
- Most endpoints are connected directly to the core corporate network, and not isolated by any demilitarized network (DMZ) or other network that may reduce the impact of a successful breach
- Endpoints are often built and configured to a variety of different standards for different staff needs, widening the potential attack surface
- Many of the third-party applications installed on endpoints do not undergo patching as frequently as core operating systems, due to the lack of a readily available centralised update mechanism.
Endpoint security testing can help your organisation identify the weaknesses within your endpoint security, weaknesses that have been exploited time and again in some of the biggest hacks in history. Sec-Tec can also combine endpoint assessments with social engineering to measure your staff awareness to phishing and other wetware attacks.
Common test scenarios include:
Lost mobile device assessments
Lost devices can often be exploited to obtain valuable data that can facilitate considerable further access to corporate resources. During past assessments, Sec-Tec has successfully exploited devices to obtain:
- Corporate WiFi network keys
- Cached credentials which were subsequently used to facilitate VPN access
- Locally stored files and folders.
Many organisations are under the impression that disk encryption is a panacea to endpoint security requirements. While correctly implemented encryption can be an important safeguard, many implementations – for example those that do not utilise boot authentication – can be open to attack using tools such as inception which facilitate forensic memory dumping using the DMA (Direct Memory Access) capabilities of FireWire, ExpressCard and other hardware interfaces. Furthermore, file based, as opposed to full disk, encryption may provide protection to particular files but will often not prevent access to core OS files.
Example:
During a recent assessment Sec-Tec was able to obtain access to a corporate network by letting a “lost” device connect to a spoofed, pre-configured public WiFi network. Once connected, it began automatically to check for new email, sending user credentials which were captured and found to provide remote network connectivity via the Windows domain integrated VPN. This type of privilege escalation initiated from an initial lost device is rarely considered in many risk assessments.
Desktop Security Assessments
Increasingly, common applications and middleware such as Java, Adobe Reader and Flash have been exploited via both the sending of malicious attachments and the creation of websites containing malware designed to exploit common vulnerabilities. While typical gateway antivirus can stop the simplest of attacks, many custom, blended attacks can evade even the most up-to-date gateway scanners. Sec-Tec can provide both passive and exploitative assessments of your current desktop systems, and make recommendations on reducing the risks associated with client systems and end-users. Desktop penetration testing is an important component in the security assessment “mix” but is too often ignored for more common infrastructure and server-based testing. However, the benefits of penetration testing can only be fully realised with effective scoping to consider all key risk areas.
Mobile app Security Assessments
It’s a surprising fact that many of today’s mobile applications fail to implement even basic security functions. This can open up many apps to common attack vectors such as man-in-the-middle attacks, in which normally encrypted data is readily accessible and modifiable by an attacker. Sec-Tec has a wealth of experience in testing mobile apps, and can advise on the best course of corrective action for issues identified.
Summary
Many attackers will use enterprise endpoints as the primary method to access corporate data residing within servers and applications. As a result, your endpoints need to be assessed as part of your wider penetration testing effort. Similarly, mobile devices will go missing, and even partial access to a device can lead to the retrieval of WiFi keys and other critical data. Lastly, the quality of mobile app security varies massively, and mobile app penetration testing will often demonstrate vulnerabilities that have long been understood and prevented in more traditional web-based environments.
For more information :