System Audit
We perform the system audit to make sure we understand the system as implemented, but also understand what the business needs from the system. The tangible outputs of this phase are comprehensive documentation of the system.
To keep customer costs down while using the highest quality software tools available, Watchdog makes extensive use of freely-available open source tools for security tests, ongoing monitoring, and routine regression testing.
Once the audit is complete, we will often move into a remediation phase to address any issues before they cause system downtime.
Tools:
- Nessus - general purpose vulnerability scanner
- Nmap - port scanner
- Jmeter - load and regression testing
- BigBrother - Agent-based monitoring system
- Nagios - Network availability monitoring system
- Snort - Network intrusion detection system
- Knoppix STD - Bootable CDROM linux distribution with security tools
- John The Ripper - dictionary-based password cracker
- Cfg2Html - generates extensive system configuration documentation
- chkrootkit - scans systems for known rootkits
Activities:
- Stakeholder Interviews / Requirements Workshop - we derive the system's performance requirements, required load handling, and uptime needs through interviews with the business team, or through existing design documentation.
- Security scan - check system for
well-known vulnerabilities and potential existing problems
- Password file decrypt - attempt to crack passwords in password file
- network traffic analysis - sniff network traffic, look for vulnerable / unknown services, unusual packets
- Blur testing - attempt to crash web application by providing unexpected input
- Code Audit - review the system's codebase and identify risks and opportunities for improvement
- Load Testing - if desired, we can generate very high synthetic load on a web or database to predict it's ability to scale during peak timeframes.
- Configuration Analysis - review the current configuration of the web, application, and database servers, and look for opportunities for improvement
Documentation Produced:
- Physical Layout - a list of systems, their hardware configuration, and their precise physical location within the datacenter.
- Network Topology
- LAN Layout - the mapping of each server (and virtual IP) to the LAN's it appears on
- WAN Layout - any wide-area networking required to tie this system together.
- Firewall rules - description of the system's policies and system-specific overriding rules.
- System Vulnerability Assessment - This document details any vulnerabilities discovered by the vulnerability scanner, the code audit, the network traffic analysis, and other activities.
- Remediation Plan - how we recommend addressing any vulnerabilities, as well as recommended additional systems or configuration changes.