opexxx

KRI Rating

May 27th, 2020
200
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.07 KB | None | 0 0
  1. 1. Storage Technologies
  2.  
  3. MongoDB
  4. Redis
  5. ElasticSearch
  6. Memcached
  7. MQTT
  8. MySQL
  9. PostgreSQL
  10. MsSQL
  11. We've selected 8 storage technologies that could expose data if not properly configured. Therefore, if an IP address has one of these technologies without authentication, its level of exposure (storage_score) is automatically considered extreme.
  12.  
  13. 2. Remote Management Services
  14.  
  15. Use of telnet
  16. RDP without proper firewalling
  17. VNC without authentication
  18. X11 without authentication
  19. If an IP address is using telnet instead of SSH or has RDP, VNC and X11 without the correct configurations (proper firewalling of authentication for instance), one can consider that the level of exposure (rms_score) of that IP address is extreme.
  20.  
  21. 3. Encryption
  22.  
  23. The use of unencrypted services, use of algorithms that are not recommended by security guidelines are only a few examples of what contributes to increase the vulnerability level of an IP address when it comes to encryption.
  24.  
  25. SSH insecure configuration (ssh_score)
  26.  
  27. Presence of Debian Weak Keys
  28. Keys with key length inferior or equal to 1024 bytes
  29. Kex Algorithms sha1
  30. Mac Algorithms sha1, md5, md4, md2
  31. Encryption Algorithms 3des-cbc, 'blowfish-cbc', 'cast128-cbc'
  32. Weak SSL Configuration (ssl_score)
  33.  
  34. Expired certificates
  35. Self-signed certificates
  36. No support for OCSP Stapling
  37. Signature Algorithm md5withRSAEncryption or sha1withRSAEncryption
  38. Vulnerable to Heartbleed
  39. Vulnerable to CCS Injection
  40. Vulnerable to logjam
  41. Vulnerable to drown
  42. Vulnerable to poodle
  43. Vulnerable to crime
  44. No support for Renegotiation
  45. Weak Email Configuration (wec_score)
  46.  
  47. Use of POP3 instead of POP3S
  48. Use of IMAP instead of IMAPS
  49. Use of SMTP instead of SMTPS
  50. FTP (ftp_score)
  51.  
  52. Use of FTP instead of FTPS
  53. Lack of HTTPS across all services (http_score)
  54.  
  55. Lack of HTTPS across all services
  56. When it comes to encryption, if an IP address is using Debian Weak Keys, has any of the vulnerabilities listed for SSL, has weak email configurations, uses FTP instead of FTPS or lacks HTTPS across all services, then its level of exposure is classified as extreme. For all the other parameters analysed in this category, the level of exposure of an IP address will increase with the number of times one of those is present.
  57.  
  58. 4. CVE
  59.  
  60. Common Vulnerabilities and Exposures (CVE) is measured by adding the values of CVSS -Common Vulnerability Scoring System of the combinations of products and versions detected (cve_score).
  61.  
  62. For example, if an IP address has multiple combinations of products and versions with low CVSS values or a few combinations but high CVSS values, then the vulnerability scoring for this parameter is going to be high.
  63.  
  64. 5. Web
  65.  
  66. Lack of security headers in web services: Referrer-Policy, X-XSS-Protection, Content-Security-Policy, Public-Key-Pins, X-Content-Type-Options, X-Frame-Options and Strict-Transport-Security
  67. The lack of at least one security header represents an extreme level of exposure (web_score).
  68.  
  69. 6. Attack Surface
  70.  
  71. The attack surface is measured by the number of open ports of an IP address. The higher number of open ports, the higher the vulnerability level (ports_score).
  72.  
  73. 7. Torrent Downloads
  74.  
  75. If an IP address is downloading torrents, the risk level (torrents_score) is considered extreme.
  76.  
  77.  
  78.  
  79. ################
  80.  
  81.  
  82.  
  83.  
  84. Cookies and Security Headers are incredibly important parameters when configuring a domain. They ensure that the information is only transmitted via secure connections and that session IDs can't be stolen via XSS or Man-in-the-Middle attacks, for example.
  85.  
  86. As for SSL, we check if the domain allows for SSL connections and if so, if it is correctly configured (the information transmitted would be encrypted).
  87.  
  88. 1. Cookies
  89.  
  90. Secure
  91. HTTP only
  92. SameSite
  93. Domain/ Path Attributes
  94. Expire/ Max-age Attributes
  95.  
  96.  
  97. 2. SSL
  98.  
  99. Expired certificates
  100. Self-signed certificates
  101. No support for OCSP Stapling
  102. Signature Algorithm md5withRSAEncryption or sha1withRSAEncryption
  103. Vulnerable to Heartbleed
  104. Vulnerable to CCS Injection
  105. Vulnerable to logjam
  106. Vulnerable to drown
  107. Vulnerable to poodle
  108. Vulnerable to crime
  109. No support for Renegotiation
Add Comment
Please, Sign In to add comment