Scribd Logo
Upload

Welcome to Scribd!

  • Lock User Accounts After Inactivity with Linux Commands

    Uploaded by

    Smith Surendran
    41 views3 pages
    The document discusses recommendations for a client based on findings from a penetration test. It recommends locking inactive Linux user accounts automatically after a period of time using the "passwd -l" or "usermod -L" commands. It also discusses findings and countermeasures from an external penetration test of HCL's network, including footprinting, information leaks, port scanning and password strength. Recommended countermeasures include firewalls, least privilege data access, and cybersecurity awareness training. For gaining access to the server room by masquerading as an IT vendor, it recommends using the "enable secret" command on the Cisco router and enforcing identity checks for visitors.

    Original Description:

    Original Title

    11717995CA3.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses recommendations for a client based on findings from a penetration test. It recommends locking inactive Linux user accounts automatically after a period of time using the "passwd -l" or "usermod -L" commands. It also discusses findings and countermeasures from an external penetration test of HCL's network, including footprinting, information leaks, port scanning and password strength. Recommended countermeasures include firewalls, least privilege data access, and cybersecurity awareness training. For gaining access to the server room by masquerading as an IT vendor, it recommends using the "enable secret" command on the Cisco router and enforcing identity checks for visitors.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    41 views3 pages

    Lock User Accounts After Inactivity with Linux Commands

    Uploaded by

    Smith Surendran
    The document discusses recommendations for a client based on findings from a penetration test. It recommends locking inactive Linux user accounts automatically after a period of time using the "passwd -l" or "usermod -L" commands. It also discusses findings and countermeasures from an external penetration test of HCL's network, including footprinting, information leaks, port scanning and password strength. Recommended countermeasures include firewalls, least privilege data access, and cybersecurity awareness training. For gaining access to the server room by masquerading as an IT vendor, it recommends using the "enable secret" command on the Cisco router and enforcing identity checks for visitors.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Smith L Surendran 11717995 AfKbvWFDij

    Question 1 You have just concluded a penetration test for a client that uses a large number of
    temporary workers and contractors. In your findings, you report that temporary and contract user
    accounts are frequently not deactivated or removed when their works is complete. Given that the
    client user Linux desktops and servers, which Linux commands should you recommend they use
    to automatically lock user accounts after a certain time?
    Answer 1 To congeal the server system, I will make sure that all the staled user accounts are
    used over a period of time or the user accounts that disabled or deleted. But there are temporary
    employees or contract workers who may return in the near future, so we don’t want to delete
    their user account, therefore we manually lock their account using Linux command.
    passwd –l (followed by name of user) OR usermod –L (followed by name of user)
    To verify whether the user account is locked
    passwd –status root
    Check for the flag *LK* which confirm the user account is locked.

    Question 2 You are performing external penetration testing on HCL organization’s network.
    Specify your findings and suggest possible countermeasures for the vulnerabilities found.
    Answer 2 Penetration testing is a fragment of ethical hacking operation with the consensus of
    the proprietor. Not only security audits and vulnerability scans are included, but penetration
    testing also describes the attack and their possible elucidation.
    The various steps of penetrations tests are:
     Reconnaissance and footprintng
     Vulnerability assessment and scanning
     Enumeration
     Hacks or attacks
     Security countermoves
     Report
    External Penetration Testing
    External penetration testing is a preview that examines the externally visible assets of an
    organization.
    During the external penetration testing I will try to gain access into the internal network of HCL
    by leveraging the vulnerabilities found on the external assets, I may also attempt to gain
    privileged access to such as email, websites and file shares.
    Smith L Surendran 11717995 AfKbvWFDij

    Among the plethora of details that can be found, some key items are:
     Subdomains
     Portals of logins
     Technologies used
     Emails and Usernames
     Any firewall misconfiguration
    Methodologies for testing include:
     Footprinting
     Checking for any public information leaks
     Port Scanning
     IDS/IPS Testing
     Password Strength Testing

    Countermeasures for Footprinting


     Employees of the HCL organization should be prohibited from using social networking
    sites from organizations network.
     Devices and servers should be well configured for to prevent data leak.
     Instructions should be provide on revealing information in annual reports.

    Countermeasures for Information leak


     Enabling policy of least privilege to data Access.
     Regulatory restrictions on domain employees to send email attachments to organization
    systems.
     Enforcing employees with cyber security awareness practice.
    Countermeasures for Port Scanning
     Installing firewall to prevent unauthorized access.
     Enforcing of TCP Wrappers
     Uncovering holes in the network by conducting internal port scan.
    IDS/IPS Testing
     Intrusion Prevention System(IPS) helps to address the issues like fragmentation and
    identify payload that is injected.
     Intrusion Detection System(IDS) monitor and analyze for any suspicious traffic packets
    or network invasion.
    Smith L Surendran 11717995 AfKbvWFDij

    Question 3 You have just concluded a penetration test for a client. During the test, you were able
    to gain access to the server room by masquerading as a technician from an IT vendor. You were
    able to plug your laptop into the serial connector on the organization’s Cisco router and access its
    configuration. In your final report, what should you recommend the client do to remediate this
    issue?
    Answer 3 I would advocate the client to run the enable secret command on the router to harden
    the router by creating encrypted password using md5 hashing algorithm.
    It provides additional layer of security over the enable password by storing the enable secret
    password using an irrecoverable cryptographic function.
    Syntax
    enable secret [level level/] {[0] unencrypted password}
    In addition a certain identity check of procedures should enforced for careful examination of the
    visitors who claim to be representative of IT vendors.

    You might also like