[secure]

[secure]

Summary Tab

The summary tab is the most important view within the [secure] portal. It comprises of 3 sections, Overall Risk, 7 Key Areas of Cyber Security and finally Compliance.

Overall Risk

This is your overall risk rating. This risk rating is calculated by analysing the normalized scored to the seven industry accepted areas of exposure (which are conveniently in the section below).

The rating is graded A through C and every business should aim for an overall risk rating of A. While this does not mean you have total security, it does mean you have reached an overall acceptable level of cyber security for your publicly connected systems.

7 Key Areas of Cyber Security

The seven key areas are:

  1. Vulnerability Risk
  2. Attack Surface
  3. Encrypted Services
  4. Remote Management
  5. Storage
  6. Web
  7. Torrents

Vulnerability Management

Vulnerability Management is all about the number of vulnerabilities and their associated CVE scores. Common Vulnerabilities and Exposures (CVE) is measured by adding the values of CVSS -Common Vulnerability Scoring System of the combinations of products and versions detected (cve_score).

For example, if an IP address has multiple combinations of products and versions with low CVSS values or a few combinations but high CVSS values, then the vulnerability scoring for this parameter is going to be high.

The more vulnerabilities and the higher the CVSS score, the further in the Red the score will be.

Attack Surface

The attack surface looks at the number of exposed services you have across your entire environment. The more exposed services you have, the further in the Red the score will be.

Encrypted Services

This is where we look at the types of services that are exposed and whether they are encrypted by design. The use of unencrypted services, use of algorithms that are not recommended by security guidelines are only a few examples of what contributes to increase the vulnerability level of an IP address when it comes to encryption.

  • SSH insecure configuration (ssh_score)
    • Presence of Debian Weak Keys
    • Keys with key length inferior or equal to 1024 bytes
    • Kex Algorithms sha1
    • Mac Algorithms sha1, md5, md4, md2
    • Encryption Algorithms 3des-cbc, ‘blowfish-cbc’, ‘cast128-cbc’
  • Weak SSL Configuration (ssl_score)
    • Expired certificates
    • Self-signed certificates
    • No support for OCSP Stapling
    • Signature Algorithm md5withRSAEncryption or sha1withRSAEncryption
    • Vulnerable to Heartbleed
    • Vulnerable to CCS Injection
    • Vulnerable to logjam
    • Vulnerable to drown
    • Vulnerable to poodle
    • Vulnerable to crime
    • No support for Renegotiation
  • Weak Email Configuration (wec_score)
    • Use of POP3 instead of POP3S
    • Use of IMAP instead of IMAPS
    • Use of SMTP instead of SMTPS
  • FTP (ftp_score)
    • Use of FTP instead of FTPS
  • Lack of HTTPS across all services (http_score)
    • Lack of HTTPS across all services

When it comes to encryption, if an IP address is using Debian Weak Keys, has any of the vulnerabilities listed for SSL, has weak email configurations, uses FTP instead of FTPS or lacks HTTPS across all services, then its level of exposure is classified as extreme. For all the other parameters analysed in this category, the level of exposure of an IP address will increase with the number of times one of those is present.

The more clear text, unencrypted, services that are present, the further in the Red the score will be.

Remote Management

This is very simply the number of exposed remote managed services. Specifically, we are looking for:

  • Use of telnet
  • Use of web management services without proper controls
  • RDP without proper controls
  • VNC without authentication
  • X11 without authentication

If an IP address is using telnet instead of SSH or has RDP, VNC and X11 without the correct configurations (proper firewalling of authentication for instance), one can consider that the level of exposure (rms_score) of that IP address is extreme.

Storage

With storage we are looking for exposed storage technologies. Service such as:

  • MongoDB
  • Redis
  • ElasticSearch
  • Memcached
  • MQTT
  • MySQL
  • PostgreSQL
  • MsSQL
  • AWS storage buckets
  • Digital Ocean spaces

We’ve selected 10 storage technologies that could expose data if not properly configured. Therefore, if an IP address has one of these technologies without authentication, its level of exposure (storage_score) is automatically considered extreme.

Web

Web looks at how well the exposed web services are secured. In particular, we look for the lack of security headers in web services:

  • Referrer-Policy
  • X-XSS-Protection
  • Content-Security-Policy
  • Public-Key-Pins
  • X-Content-Type-Options
  • X-Frame-Options
  • Strict-Transport-Security

The lack of at least one security header represents an extreme level of exposure (web_score).

Torrents

And finally torrents. If an IP address is downloading torrents, the risk level (torrents_score) is considered extreme.