An organization has hired a penetration tester to test the security of its ten web servers. The
penetration tester is able to gain root/administrative access in several servers by exploiting
vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP.
Which of the following recommendations should the penetration tester provide to the organization
to better protect their web servers in the future?
A.
Use a honeypot
B.
Disable unnecessary services
C.
Implement transport layer security
D.
Increase application event logging
Explanation:
How Pen Tester Know All these application are unnecessary ? question explain that they were implemented and were not installed by default if the answer is B then why the organization even implement unnecessary service on their system ?
2
1
The correct answer is arrived by various means.
First, a process of elimination.
We can eliminate A and D from the onset.
Now:
“B-Disable unnecessary services” ‘talks about protocols linked to certain services
“Implement transport layer security” talks about protocols for the transport layer
The transport layer is the fourth layer of the OSI reference model. It provides transparent transfer of data between end systems using the services of the network layer (e.g. IP) below to move PDUs of data between the two communicating systems.
Amongst the best know protocols for this layer we have TCP and UDP, which can be made secure by implementing TLS/SSL.
TLS/SSL can be used to create a secure environment for web browsing, emailing, or other client-server applications. For example, TLS can be used to create a secure connection between your organization’s donation web page and a donor’s web browser. The donor’s financial or other personal information is encrypted in such a way that only you and the donor can access and use it.
TLS/SSL encryption requires the use of a digital certificate, which contains identity information about the certificate owner as well as a public key, used for encrypting communications. These certificates are installed on a server — typically a web server if the intention is to create a secure web environment, although they can also be installed on mail or other servers for encrypting other client-server communications.
Also, from the list of protocols provided in the question (SMTP, POP, DNS, FTP, Telnet, and IMAP), I think that we all agreed that SMTP and DNS are a must for any organization to function. Se we cannot really block these protocols and their counterpart ports. We do so at our peril.
In addition to that, POP and IMAP may be required by an organization that cannot afford and exchange server. Disable them, and the organization might be without an email service.
FTP and Telnet on the other hand can be replaced by stronger protocols such as SFTP (instead of FTP) and SSH (instead of Telnet)
So ,in a very long winded way, I agree with Ali. The best answer is to use stronger protocols. So the best answer to my mind is to change standard protocols with stronger protocols Thus:
• FTP with SFTP
• Telnet with SSH
• IMAP with IMAPS
• POP with POP3S (which is the POP3 protocol encrypted via SSL)
• DNS with DNSSEC
This way, the business can continue to do what it is doing, but now on a more secure fashion.
So to my mind, “C. Implement transport layer security” is by far the best answer.
Now, how are we to figure all of that in 1 minute, it beats me.
3
1
why do we even need SMTP, POP, DNS, FTP, Telnet, and IMAP services open on webservers in the first place? SO not sure how did you eliminated B to its fullest capacity.
2
1