KRI Rating

1. 1. Storage Technologies
2.  
3. MongoDB
4. Redis
5. ElasticSearch
6. Memcached
7. MQTT
8. MySQL
9. PostgreSQL
10. MsSQL
11. We've selected 8 storage technologies that could expose data if not properly configured. Therefore, if an IP address has one of these technologies without authentication, its level of exposure (storage_score) is automatically considered extreme.
12.  
13. 2. Remote Management Services
14.  
15. Use of telnet
16. RDP without proper firewalling
17. VNC without authentication
18. X11 without authentication
19. If an IP address is using telnet instead of SSH or has RDP, VNC and X11 without the correct configurations (proper firewalling of authentication for instance), one can consider that the level of exposure (rms_score) of that IP address is extreme.
20.  
21. 3. Encryption
22.  
23. The use of unencrypted services, use of algorithms that are not recommended by security guidelines are only a few examples of what contributes to increase the vulnerability level of an IP address when it comes to encryption.
24.  
25. SSH insecure configuration (ssh_score)
26.  
27. Presence of Debian Weak Keys
28. Keys with key length inferior or equal to 1024 bytes
29. Kex Algorithms sha1
30. Mac Algorithms sha1, md5, md4, md2
31. Encryption Algorithms 3des-cbc, 'blowfish-cbc', 'cast128-cbc'
32. Weak SSL Configuration (ssl_score)
33.  
34. Expired certificates
35. Self-signed certificates
36. No support for OCSP Stapling
37. Signature Algorithm md5withRSAEncryption or sha1withRSAEncryption
38. Vulnerable to Heartbleed
39. Vulnerable to CCS Injection
40. Vulnerable to logjam
41. Vulnerable to drown
42. Vulnerable to poodle
43. Vulnerable to crime
44. No support for Renegotiation
45. Weak Email Configuration (wec_score)
46.  
47. Use of POP3 instead of POP3S
48. Use of IMAP instead of IMAPS
49. Use of SMTP instead of SMTPS
50. FTP (ftp_score)
51.  
52. Use of FTP instead of FTPS
53. Lack of HTTPS across all services (http_score)
54.  
55. Lack of HTTPS across all services
56. When it comes to encryption, if an IP address is using Debian Weak Keys, has any of the vulnerabilities listed for SSL, has weak email configurations, uses FTP instead of FTPS or lacks HTTPS across all services, then its level of exposure is classified as extreme. For all the other parameters analysed in this category, the level of exposure of an IP address will increase with the number of times one of those is present.
57.  
58. 4. CVE
59.  
60. Common Vulnerabilities and Exposures (CVE) is measured by adding the values of CVSS -Common Vulnerability Scoring System of the combinations of products and versions detected (cve_score).
61.  
62. For example, if an IP address has multiple combinations of products and versions with low CVSS values or a few combinations but high CVSS values, then the vulnerability scoring for this parameter is going to be high.
63.  
64. 5. Web
65.  
66. Lack of security headers in web services: Referrer-Policy, X-XSS-Protection, Content-Security-Policy, Public-Key-Pins, X-Content-Type-Options, X-Frame-Options and Strict-Transport-Security
67. The lack of at least one security header represents an extreme level of exposure (web_score).
68.  
69. 6. Attack Surface
70.  
71. The attack surface is measured by the number of open ports of an IP address. The higher number of open ports, the higher the vulnerability level (ports_score).
72.  
73. 7. Torrent Downloads
74.  
75. If an IP address is downloading torrents, the risk level (torrents_score) is considered extreme.
76.  
77.  
78.  
79. ################
80.  
81.  
82.  
83.  
84. Cookies and Security Headers are incredibly important parameters when configuring a domain. They ensure that the information is only transmitted via secure connections and that session IDs can't be stolen via XSS or Man-in-the-Middle attacks, for example.
85.  
86. As for SSL, we check if the domain allows for SSL connections and if so, if it is correctly configured (the information transmitted would be encrypted).
87.  
88. 1. Cookies
89.  
90. Secure
91. HTTP only
92. SameSite
93. Domain/ Path Attributes
94. Expire/ Max-age Attributes
95.  
96.  
97. 2. SSL
98.  
99. Expired certificates
100. Self-signed certificates
101. No support for OCSP Stapling
102. Signature Algorithm md5withRSAEncryption or sha1withRSAEncryption
103. Vulnerable to Heartbleed
104. Vulnerable to CCS Injection
105. Vulnerable to logjam
106. Vulnerable to drown
107. Vulnerable to poodle
108. Vulnerable to crime
109. No support for Renegotiation