 |
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
 |
|
|||||||||||
 |
 |
 |
 |
|
|||||||||
 |
 |
|
|||||||||||
|
 |
 |
|
 |
|
||||||||
 |
 |
 |
|
 |
|
||||||||
|
|
||||||||||||
|
|
|
|
|
|
||||||||
|
|
||||||||||||
|
|
|
|
|
|
||||||||
|
|
||||||||||||
|
|
|
|
|
|
||||||||
|
|
||||||||||||
|
|
|
|
|
|
||||||||
|
|
||||||||||||
|
|
|
|
|
|
||||||||
|
|
||||||||||||
 |
|
||||||||||||
 |
 |
 |
|
 |
|
||||||||
Case Study Vulnerability Assessment of a GPRS Infrastructure Industry: Telecoms Location: Mainland Europe A European mobile telecoms company had commissioned and installed a GPRS (General Packet Radio Service) system. Due to the nature of the system an independent vulnerability assessment was ordered. The challenge was to provide independent assurance of the GPRS system. Due to the size and specialised nature of the engagement the GPRS system was divided into units. As the subject of the engagement was a GPRS system we were breaking new ground. There was precious little work or research done previously which we could refer to or learn from. This lack of previous work coupled with the complexity of the GPRS system added to the challenge. The engagement was a vulnerability assessment which bordered on an audit due to the amounts of information received from the telecom in order to get the most value from the project. GPRS systems are built up of some common components such as firewalls, routers and Unix machines for specific tasks such as billing and specialised components which are GPRS related such as SGSNs and GGSNs. Partly due to this the engagement is divided into discrete parts. The routers are subjected to a configuration audit, the firewalls are subjected to rule set audits and the Unix machines are subjected to internal audits and external penetration testing. As each of the GPRS based services offered to end customers use slightly different components of the system the task is divided into service based work units. The GPRS based services provide corporate VPN access over GPRS, WAP over GPRS and Internet access over GPRS. The results showed several short comings in the security of the GPRS infrastructure, some of the security issues found were regarded as high risks due to the potential business impacts. The Cisco routers were found to have no formal standards and no uniform baseline for security. Internal Unix machines used for specific tasks in the GPRS infrastructure were found to be default installs of commercial Unix variants which lacked security patches. Multiple vulnerable services were found during external penetration tests along with default accounts and passwords. The internal audit found some monitoring and debugging binaries were installed as SUID. When the GPRS network and was tested using the Internet over GPRS service a high risk security flaw was found. An internal Unix based machine running a version of Apache which was vulnerable to a format string buffer overflow was visible using the Internet GPRS service. By first compromising the Unix machine it would be possible to work through the internal network of poorly secured Unix machines causing eventual widespread compromise of the internal GPRS network. Financial loss and image degradation are the risks arising from the high risk discovered when using the mobile phone (MS) and using the GPRS Internet service to exploit the Apache security flaw in an internal Unix machine. |
