The first tip is about timing, if you are like me you want to put all of the user environment settings such as policies, registry and application settings as much as possible in RES Workspace Manager. Part 3 consisted of tests on the XenApp environment while logged in with a normal user account, the following tips are derrived from findings in this part of the scan. What should be taken into account is webmail\active-sync traffic (which often doesn’t have 2-factor authentication) in combination with password lockout policies, a hacker can perform a denial of service by trying lots of different usernames and wrong password to intentional block users in AD (especially admin accounts). This customer uses Netscaler in DMZ in combination with SMS Passcode authentication, so they didn’t come far on that part. Part 2 consisted of a DNS lookup to gather information about external accessible elements of the infrastructure, after they are identified they try to logon using default user names and passwords and scan for other weaknesses. When they got access to the password hashes its amazing (and scary) how fast the hash can be decrypted into a plain text password. They use different tools and methods to decrypt hashes, one of them is John the Ripper and pre calculated rainbow tables. And of course use strong passwords so when they have access to the hashes the decryption is very time consuming. ![]() Part 1 consisted of multiple scans for weaknesses like missing patches and gathering NTLM hashes to decrypt passwords etc, keypoint here is to consider disabling cached credentials for internal pc’s which doesn’t leave the building or limit the amount of cached credentials (the default is 10 cached credentials on Windows). The scan was performed by a company specialized in IT related security audits, you can also say the scan was performed by a group of legal hackers □ġ: Scan from an unauthorized internal perspective (plug in the UTP cable and see how far you can get without any account)Ģ: Scan from an unauthorized external perspective (try to gain access from outside the corporate network trough external components)ģ: Scan from an authorized user perspective (logged in with standard user credentials and see what kind of damage can be done) Lets begin with a short description about the security scan : ![]() Lately I was involved in a security and penetration scan at a customer servicing in Healthcare, because they store privacy sensitive information they need to apply to certain security regulations which are audited on a regular basis. Based on the results of this scan I will provide some findings and tips that you can use to further enhance the security of your XenApp environment. This tips are primarily focused on XenApp in combination with RES Workspace manager, but elements can also apply to other environments containing other UEM products. ** This post was updated on 13-5-2013 and contains, besides additional information, also statements from RES Software. They responded very quick on the outcome of the security audit and would like to thank them for the nice collaboration **
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |