Testing

• 

Details

Written by SAGE First Inc.

SUCCESSFUL TESTING BY SANDIA NATIONAL LABORATORY

Objective and Purpose

The BRICKServer™ Web Appliance was designed to assist small business in achieving a secure web presence as well as simple email and ftp functions. The user interface is designed to be understood by a basic user and allows remote administration of a web site that can be supported by a contractor. Based on that design purpose, this analysis sought to understand whether a hacker more sophisticated than a script-kiddie could manipulate the system to accomplish the following adversary goals through attacks on the server:

• Deleting or changing a file or its contents
• Change the contents of a website
• Unmount the drive
• Stop the swap process
• Shut down the INIT or Admin program
• Shut down the server

The only metric applied to this analysis is a binary metric of success – if any of the flags could be achieved, then a successful attack was counted. Attacks that did not achieve the flag were counted as unsuccessful attacks.

 

Critical Success Factors

Like all security systems, there is a dependence on proper implementation of the system. The BRICKServer™ relies on the following to ensure secure operations:

• Each process is constrained with a set of rules that determine what system resources the process is allowed to use. The Process-Based Security ™ system relies on checking the ACL of a process before a program is executed or a file is accessed.
• Strong passwords are used for the Remote Administration Program.
• Administration and Configuration passwords are kept independently unique.
• Local connection to the LAN for Configuration Program Operation.

 

Results of Analysis

Within the constraints of this analysis we found the BRICKServer™ Web Appliance to be very robust for attacks against the server. In particular, the removal of the shell to prevent execution of unauthorized services will address the threat from the novice hacker who primarily uses existing scripts that require a shell to work. This meant that we were driven to play a more sophisticated hacker and to delve more deeply into the source code.

The services with the most privileges are of the greatest interest to an attacker. In the BRICKServer™, these are the ADMIN and THTTP services. The three services comprising mail (POP3, TURN, and SMTP), and the FTP service, have very little privilege, so that if an attacker manages to take them over, the server will still be protected by the PBS security mechanisms.

Described below are the types of attacks attempted against the server and the associated results. It is important to note that an adversary could obtain legitimate access (social engineering) to update web pages and consequently obtain access to other web pages on the server and that attacks on the client are more likely.

 

Attack Results

• View Testing Guidelines for BRICKServer 2