Report Styles   Administrator | Executive Summary | Unbranded Exec. Summary
Standard Security Audit (Sample)    
SAMPLE: SecuritySpace Audited Web Site
Report ID1
View Created On:Jan 1, 1970 00:00 GMT
Host Address(es):X.X.X.X
Report Contents
1. Risk Classification Summary
Vulnerabilities are classified according to the risk they present to the network/host on which they are found. The following chart summarizes how the 0 different issues we found are spread across the different risk classes. For a detailed explanation of how vulnerabilities are classified, see Appendix A: Risk Definitions
2. Baseline Comparison Control
Baselining allows you to compare the results of an audit to the results received in a previous audit. This provides for an easy way to see what is changing from one audit to the next. This section documents which audit was used as a baseline, allows you to select a different audit to use as a baseline, and allows you to mark the current audit as something that should be used when running future baseline comparisons.

Note that you have a fair bit of control over the types of baseline comparison information displayed in your report by using our Report Style Editor. The default is to display ALL test results in your current report, along with notes as to which results are different from the previous report.

According to your current report style, baseline comparisons are:Enabled
No audit could be found against which a comparison could be done according to the current baselining rules.

3. Vulnerability Category Summary
The vulnerability category summary shows how the various issues that were reported are distributed across the different test categories.

CategoryHigh  Med  Low  Other  
Fedora Local Security Checks     
SuSE Local Security Checks     
Web application abuses     
Debian Local Security Checks     
Ubuntu Local Security Checks     
Huawei EulerOS Local Security Checks     
CentOS Local Security Checks     
Red Hat Local Security Checks     
Mandrake Local Security Checks     
Windows : Microsoft Bulletins     
Product detection     
Gentoo Local Security Checks     
FreeBSD Local Security Checks     
Denial of Service     
Oracle Linux Local Security Checks     
CGI abuses     
Amazon Linux Local Security Checks     
Web Servers     
Buffer overflow     
Slackware Local Security Checks     
Conectiva Local Security Checks     
Service detection     
Mageia Linux Local Security Checks     
Turbolinux Local Security Tests     
Default Accounts     
Mac OS X Local Security Checks     
Gain a shell remotely     
Nmap NSE net     
Trustix Local Security Checks     
Nmap NSE     
JunOS Local Security Checks     
F5 Local Security Checks     
Remote file access     
Gain root remotely     
SMTP problems     
Privilege escalation     
SSL and TLS     
AIX Local Security Checks     
CGI abuses : XSS     
VMware Local Security Checks     
Palo Alto PAN-OS Local Security Checks     
FortiOS Local Security Checks     
Citrix Xenserver Local Security Checks     
Windows : User management     
Useless services     
Peer-To-Peer File Sharing     
HP-UX Local Security Checks     
Brute force attacks     
Port scanners     
Finger abuses     
Solaris Local Security Checks     
Totals:0  0  0  0  

4. Vulnerability Title Summary
5. Vulnerability Details
6. Open Ports - X.X.X.X
Port   Protocol   Probable Service  
21  TCP ftp
You appear to be running an ftp server. You should take care of the following potential problem areas:

If you are allowing people to ftp to their account, their userid and password is traveling clear text over the internet. This means anyone sniffing network traffic has easy access to userid/password.

Writable directories
If you allow document uploads via anonymous ftp, you might be used as an "exchange point" for illicit materials.

Bounce-attack scans
If you are running an older version of ftp on a network, you may be susceptible to a type of port scan known as a bounce attack, that completely bypasses any firewalls you have in place. This attack makes use of some ftp servers' ability to initiate outbound connections to any IP address. From the nmap documentation:

FTP bounce attack : An interesting "feature" of the ftp protocol (RFC 959) is support for "proxy" ftp connections. In other words, I should be able to connect from to the FTP server-PI (protocol interpreter) of to establish the control communication connection. Then I should be able to request that the server-PI initiate an active server-DTP (data transfer process) to send a file ANYWHERE on the internet! Presumably to a User-DTP, although the RFC specifically states that asking one server to send a file to another is OK. Now this may have worked well in 1985 when the RFC was just written. But nowadays, we can't have people hijacking ftp servers and requesting that data be spit out to arbitrary points on the internet. As *Hobbit* wrote back in 1995, this protocol flaw "can be used to post virtually untraceable mail and news, hammer on servers at various sites, fill up disks, try to hop firewalls, and generally be annoying and hard to track down at the same time." What we will exploit this for is to (surprise, surprise) scan TCP ports from a "proxy" ftp server. Thus you could connect to an ftp server behind a firewall, and then scan ports that are more likely to be blocked (139 is a good one). If the ftp server allows reading from and writing to a directory (such as /incoming), you can send arbitrary data to ports that you do find open.

For port scanning, our technique is to use the PORT command to declare that our passive "User-DTP" is listening on the target box at a certain port number. Then we try to LIST the current directory, and the result is sent over the Server-DTP channel. If our target host is listening on the specified port, the transfer will be successful (generating a 150 and a 226 response). Otherwise we will get "425 Can't build data connection: Connection refused." Then we issue another PORT command to try the next port on the target host. The advantages to this approach are obvious (harder to trace, potential to bypass firewalls). The main disadvantages are that it is slow, and that some FTP servers have finally got a clue and disabled the proxy "feature".

22  TCP ssh
You appear to be running SSH. That's good. A couple of things to note with it, however. Like any other software package, SSH is also subject to bugs that are fixed over time. These bugs, despite the fact that SSH provides a secure communication channel, may allow an attacker to compromise your system. You should ensure that you are running the latest SSH/patched versions.
25  TCP smtp
You appear to be to be running a mail gateway. You should make sure that your mail system cannot be used as a mail relay. Internet SPAM, also known as UBE (unsolicited bulk email) is a problem on the internet, and spammers (those that send this type of mail) will often use poorly configured mail systems to deliver mail on their behalf. This deflects the wrath of many system administrators to YOU, the owner/operator of the misconfigured service. It can also result in you being placed in one of several on-line databases that list you as allowing mail-relay, the end-result being that some mail systems will reject any mail you try to send.
80  TCP http
It appears that you are running a web server. If you have not done so, we recommend that you run the latest version of a popular web server. Many "fringe market" web servers have known bugs that are slow to be fixed because few people care about the problems. These problems can often leave you open to someone accessing/modifying files on your system that they shouldn't. By running a popular web server, you lower the risk of this type of problem, and when problems are found, it is likely that a patch will be made available rapidly to fix the problem. Check our survey to see what the most popular web servers are.
5432  TCP postgres
No description available for this port at this time.
Number of open ports found by port scan:5
Appendix A: Risk Definitions
Users should note that test classifications are subjective, although we do our best to make appropriate classifications. If you spot an inconsistency, please let us know so that we can make the appropriate corrections.

AppendixB: CVE Versioning
CVE identifiers, an industry standard way of identifying tests, are maintained by Mitre. The current mapping of CVE/CAN identifiers to Test IDs is based on CVE Version Number 20211016, and CAN Version Number 20211016. These were verified on October 16, 2021 as being the latest available.
Appendix C: List of Tests Executed
This supplement details the list of all tests that were available as part of this audit request. THIS IS A LARGE REPORT! It does not provide any information on vulnerabilities found during the audit. Instead, it is a complete list of all tests that were part of this audit, along with descriptions. If you intend to print this report, please choose the printer friendly link below. The size of the report will vary depending on the type of audit you ran, but can easily be 200 pages long when printed, and more than 600K in size.

Finally, please note that this list is dependent on the audit you ran. If you come back in a month and run the same audit again, it is likely that this supplement will change, since additional tests will have probably been added to the test suite. Each audit report we produce has its own copy of this supplement that reflects the test suite available at the time this audit was run.

Because of the large size of this report, it may take several minutes for it to be displayed properly on some browsers once the complete report is downloaded (e.g. Netscape). Be patient, it will come up eventually.

View Test List     Printer Friendly Test List      PDF Download

© 1998-2024 E-Soft Inc. All rights reserved.