solidstep v2 - ssrinc.co.krssrinc.co.kr/upload/solidstep.pdf · 정부출연연구기관의
TRANSCRIPT
-
SolidStep v2.5 ( )
-
... ..
-
1. ?
(, Vulnerability) H/W, S/W ()
(DoS)
(Interruption)
//
: ,
3
-
Compliance
Infrastructure
Application
Web
IT Infra Configuration
(OS, Network, DBMS, WEB/WAS )
(Microsoft, Adobe, Open SSL, Java )
(HTML, ASP, JSP, PHP )
: :
: ( )
:
: :
Compliance
2.
CCE CVE
4
-
3.
+
/ [ 9]
Unix, Windows, Network , DBMS, WEB/WAS, , , PC
313
,
CEO
,
,
IT
, CISO
CEO
5
-
4.
11.2.8
11.2.10
7.3.12
9.2.2
A.12.6.1
,
(ISMS) (ISO/IEC27001)
(PIMS)
6
-
- , , , ,
- , , ,
- , - , ,
2
1 1
.
2 1
1 .
- - (, ) - (, , ) - () - ( ) - - (, )
47,
.
- ISP, IDC, VIDC - 100
- 3 100
- 1,500 - 1
5.
17 210
354 (2015. 11 )
500
480 (2016. 6 )
7
-
5.
8
&
2015 12
2016
,
/
2016 9
, ,
2016 7
,
, ,
!
!
-
How Often? 1~2 / 1
How Much? Man/Months (50EA:Max.)
What Method? Script
What Target? Sampling
IT
1M/M : 10,000,000 : 100,000,000
.. 500EA
6.
9
-
How Often? 1~2 / 1 or
How Much? Man/Months (50EA:Max.) ->
What Method? Script
What Target? Sampling
, !!!
7.
10
-
NIST, ITIL, Cobit
( GAP )
( )
( )
ROI
FFIEC, HIPPA
PCI-DSS
Zero-Day, CVE
ISO17799,27001
, I.S.M.S.
ISO/IEC 27001:2013
, P.I.M.S.
1.
Q. ?
: Non-Compliance Item : Compliance Item : Non-Compliance Item : Compliance Item
12
-
1. -
Q. ?
()
:
, 8 ?
, , 9 .
5 , 60 .
.
.
, 8 .
, .
, . ex) abc1234!@# -> ex) abc12345 ->
13
-
2.
Q. ?
1 2 3 4 5
!! .
: ()
:
25 D
92 A+
87 A
83 A
96 A+
25
14
-
OK OK
OK OK
OK
OK
OK OK
OK
OK
OK
OK
OK
OK OK OK
OK OK
OK
OK
OK
OK
OK
OK
OK OK OK
OK
OK OK
OK
OK OK
OK
OK
OK OK OK
OK
OK OK
2. -
1
2
15
-
3.
Q. () ?
365,
?
?
or
.
.
.
16
-
4.
Q. ?
()
SID
.
.
.
3
DB 100
17
-
All or Nothing.
100 1 = 0
18
!
.
-
()
.
20
-
100%
, , ()
1,000
()
1 Click
1/3 ~ 1/10
28,800
,
30
1,000 , 100 /1MM
21
1. SolidStep
-
100%
()
5 , .
90.
22
2.
5
90
-
23
3. (2017.10)
SolidStep Template
Web/Was DBMS Network Server Total
S.S.R Standard Tpl
Critical ISSUE
ISMS
522
*
8
164
284
866
379
125 167 157 73
8 N/A N/A N/A
61 39 22 42
150 72 24 38
87 119 135 38
434 167 55 210
Server Windows / UNIX / LINUX
DBMS Oracle / MSSQL / MYSQL / Sybase / Tibero / DB2 / PostgreSQL / Altibase / MariaDB/Postgresql/Infomix
Web/WAS Apache / IIS / WebtoB / OHS / Tomcat / WebLogic / Jeus / WebSphere / Jboss / IPlanet/Nginx/Resin/Oracle Http Server
NetWork Cisco / Alcatel / Alteon / Juniper / Extreme / 3COM / AVAYA / Borcade / ubiQuoss / PIOLINK / Ffive
* - , , , PC, SolidPC,
-
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
O K
To - Be
: ,
:
24
4.
-
Offline
with Agent
Agentless
Online
Install-Free
Portable ( )
OS Free
Windows, Linux, AIX, HP-UX Solaris 5
Resource Free
CPU 1%
ACL Free
Agent Port Listening HTTPS Protocol
SSH, Winexec
Agent Zero, Agent , ACL ( ) ,
4-free
Internet
PC
Network
25
Windows Unix DBMS WEB WAS
SolidStep
Password Crack
(3-Ways)
FireWall
N/W
5.
-
.
6.
26
-
SolidStep .
3 * / * -) , , -) // -)
//
//
27
6. UI like Gmail
-
192.10.10.1_Unix
3 DB ERP ? DB ??
IT
ERP
+
192.10.10.1_Unix
192.10.10.1_ERP 192.10.10.1_ 192.10.10.1_
192.10.10.1_Unix
192.10.10.1_DBMS
192.10.10.1_DBMS 192.10.10.1_DBMS
192.10.10.1_DBMS
ERP DB
IT
192.10.10.1_Unix
192.10.10.1_ERP
192.10.10.1_ 192.10.10.1_
or IP , Solid
Step WEB/WAS/DBMS () / .
28
6.
-
UI , /
.
3 Steps, OK !
1. 2. 3.
ID
1
3
2
4 , UI ,
29
6.
-
( )
,
WISWIG
AS-IS TO-BE
() , .
30
6.
-
.
, ,
31
6.
-
(1) 100% , (2) .
1 /
32
6.
-
SolidStep 2.5 / , .
Cycle SolidStep
P
A D
C
, ,
+
33
6.
-
OS
WEB/WAS
Network
DBMS
Agentless
SolidStep Agentless Agent Zero
Agent
Manager
SolidStep
Network
Agentless
Installing...
2hr...
, ACL, ( )
- Cisco, JUNIPER, HP 3com, Alteon L4
- OS
-MYSQL, DB2, Sysbase, PostgreSQL
- IIS, Apache, WebtoB, Http Server, Tomcat
SSH
Winexec
34
6. Agentless
-
,
,
,
(), ZERO
35
7.
-
1.
SolidStep IT , ,
.
/ , SK Telecom, KT, LG U+, S&C, LG, , , IDT, , LG,
, CJ W, , SK, , , , &, ,
KTDS, , , SK, ,,
60,000 , 500,000 . ( : )
, , , , , ,
, , , LH, , ,
, , , ,
, , , , ,
, , , , , ,
, , , , , 20
, , , , , ,
, , , , , , /
, , IBK, KB, , , , , ,
KB, KB, , , , NH DGB, , ,
ING, , , , , BC, KG, NH,
KB, , , , KG, , ,
37
-
9,000 1
SolidStep .
PC AD - MAP
9,000 ,
200
300 ( 2)
Windows Server
Unix Server
PC
100% 100% 100%
100%
38
2.
-
LG U+ 10
SolidStep .
3
12 10,000 ,
300
300 ( 1)
Windows Server
Unix Server
Legacy System
100% 100% 100%
100%
39
2.
-
SolidStep .
1,600 ,
150
300 ( 1)
Windows Server
Unix Server
Legacy System
100% 100% 100%
100%
40
2.
-
.
,
1,300 ,
,
300 ( 2)
Windows Server
Unix Server
Legacy System
100% 100% 100%
41
2.
()
-
: ,
A.P.T
Cloud
Big Data C.V.E.
Mobile
Zero-Day
. , .
42
-
Appendix
-
1. ()
44
-
1. ()
45
-
1. ()
46
-
2. : 1/5 (OS : UNIX)
root UID/GID
UID
(C2 Level)
root
root umask
PATH
STICKY BIT
UMASK
SU
syslog
sulog, last
Update
inetd.conf DoS, rpc
inetd.conf tftp, talk
inetd.conf finger, rusersd, rstatd
inetd.conf r
r
r
NFS
NFS
NFS
SMTP
SMTP
SNMP
SNMP
SNMP Community Name
FTP Anonymous
X-service
(SSH)
sendmail WIZARD
debug sendmail
(scheduling)
cron
root cron
root cron
47
-
2. : 2/5 (OS : Windows)
Administrator
Guest
ID
,
SAM
FTP Anonymous
SNMP Community Name
RDS(Remote Data Services)
SNMP
SNMP Access Control
HTTP/FTP/SMTP
Autologon
Null Session
HOT FIX
Telnet
DNS
DNS Zone Transfer
Everyone
( )
Autologon
Null Session
SID/
NetBIOS
48
-
2. : 3/5 (DBMS)
Oracle
OS
DBA
Default
Public
SYS.LINK$
SYSDBA
With grant option
OS
PL/SQL Package
External Call
UTL_FILE_DIR
Listener
Initialization
Oracle Password
Alert Log
Trace Log
,
$TNS_ADMIN
IP
DBLINK
MS-SQL
DBA Fixed server role SA null Guest Public update With grant option xp_cmdshell procedure Startup stored procedure Registry extended stored procedure
DB SQL Mail HOT FIX
My-SQL
root null root mysql.user grant_priv Initialization (my.cnf) mysql.server $datadir Update
49
-
2. : 4/5 (WEB/WAS)
IIS
FTP SMTP NNTP ISAPI DLL Sample WebDAV DB (.asa ) Update
Jeus
JEUS
JEUS /
DB
Apache
Apache root / FollowSymLinks MultiViews Manual HTTP Method CGI Apache Apache Apache Apache
Tomcat
Tomcat
Tomcat /
Examples
50
-
2. : 5/5 (Network)
51
Alteon
-
VTY (ACL)
Session Timeout
SNMP
SNMP community string
Spoofing
shutdown
Cisco
VTY (ACL)
SESSION TIMEOUT
SNMP
SNMP COMMUNITY STRING
SNMP ACL
SNMP
TFTP
SPOOFING
DDOS
SHUTDOWN
Juniper
-
VTY (ACL)
Session Timeout
SNMP
SNMP community string
SNMP ACL
SNMP
Spoofing
shutdown
HP(3Com)
VTY (ACL)
SESSION TIMEOUT
SNMP
SNMP COMMUNITY STRING
SNMP ACL
SNMP
SPOOFING
SHUTDOWN
-
CONTACT US
26 111 JnK 1606
Tel. 02) 6959-0126~7
E-mail : [email protected]