AhnLab Quick Assessment

Services
2010. 02.
AQAS > Overview
Based on the AhnLab Consulting Methodology, AhnLab will assess the security level of
customer and provide drafted master plan.

Procedures

Planning Risk Analysis Safeguards

Scope Quick Hits

Definition GAP Analysis

Master Planning
Requirement
Definition
Penetration Test

Work Planning

Risk Assessment

As-Is Analysis

2 Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.

AQAS > Security Management
Assessment
We evaluate the security management status by interviewing with security/IT department
based on best practices such as global IT security standard, ISO27001 and US FISMA(Federal
Information Security Management Act).
Security Management Assessment

Assessment Criteria Methodology Checklist

1. Security Policy

2. Risk Assessment
Review
Review
Security
Security 3. Configuration Management
Global
1 Day
 ISO27001 Policy,
Policy,
Standar Procedure
Procedure 4. Media Protection
d 5. Awareness & Education
Interview
Interview 6. Contingency Plan

7. Physical & Environmental

Protection
3 Day

8. Personnel Security
FISMA (US) Analysis
Analysis
Regiona 9. Incident Response
l KISA ISMS
10. Audit & Responsibility
(Korea)
Standar
1 Day

11. Access Control & Communication

d Security
Reporting
Reporting
12.Technical Security

3 Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.

AQAS > Penetration Test
AhnLab will have penetration test based on AhnLab’s expertise and experiences as following
steps
PT Procedures

Step 0 Pre-Meeting Define Level Define Scope Agreement Responsibility

Pre-step

Step 1 Define Check Items Check Lists

Phase
Phase11
Network Info. System Info.
Step 2 Info. Gathering Vul. Analysis Data
(DNS, IP, Config.) (OS, Services, Vul. Scan)
Collection
Step 3 Impact Analysis Analyze the impact to services

Phase
Phase22 Step 4 Attack Attack the weakest point first Detour firewall
Verification
Collect Install Acquire Attack Testing
Phase
Phase33 Step 5 Attack Spread
Evidence Backdoor Admin. RightsOther Systems

Penetration Test
Step 6 Report Generation (Attack Method. Vul. List, Evidence)
Recommendation
Phase
Phase44 Reporting
Step 7 Reporting Concepts Hacking Demo Remediation

4 Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.

AQAS > Penetration Test
AhnLab will draw the available threat scenarios based on the analysis of service structure

Drawing PT Scenario

Scenario Ethical Hacker Development

Servers
Internal
Systems
Internet
 Understanding
core processes
 Finding core
information Data Center
 Finding available Ethical Hacker
attack paths
based on an
analysis of service Si
CMZ
architecture
 Drawing threat
scenarios Attack from Outside
Penetrate through DMZ DMZ
Leak Internal Info. Customer
Center

5 Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.

AQAS > Work Schedule
The assessment will take 5 working days and one of our consultants will be on site and
penetration test will be done from remote.

Day 1 Day 2 Day 3 Day 4 Day 5 Remark

Assessment On-Site
Interview
Penetration Test Remote

Analysis Report Generation

Reporting

6 Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.

Sample Report > Domain Summary
 Average
Average score
score about
about information
information security
security of
of each
each domain
domain is
is 2.2.
2.2. Basic
Basic rules
rules are
are Make,
Make, but
but practice
practice is
is
unsatisfied.
unsatisfied.
 Average
Average target
target score
score is
is 3.9
3.9 and
and itit directs
directs to
to aa measureable
measureable level.
level. So
So the
the gap
gap between
between them
them is
is not
not
big.
big. (average
(average 1.7)
1.7)
 Especially
Especially vulnerable
vulnerable domains
domains are
are security
security policy
policy &
& organization,
organization, risk
risk assessment,
assessment, Personnel
Personnel
security,
security, and
and
technical
technical security.
security.
Summary
Summary by by domains
domains Domain
Domain Radar
Radar Chart
Chart

DOMAIN Current Target Gap Best

Score Score Security
Practic policy &
e organization
Technical Risk
Security policy & 2.0 5.0 3.0 5.0
security assessment
organization
Risk assessment 1.5 4.2 2.7 5.0 Configuratio
System n
Configuration 2.4 4.2 1.8 5.0 access managemen
management control t
Media protection 1.7 3.0 1.3 5.0
Security awareness 2.0 3.0 1.0 5.0 Audit & Media
and education responsibili protection
Emergency plan 1.9 3.3 1.4 5.0 ty
Physical & 3.0 4.5 1.5 5.0
environmental Audit & Security
protection responsibili awareness &
Personnel security 2.1 4.0 1.9 5.0 ty education
Incidents response 2.2 3.8 1.6 5.0
Emergency
Audit & responsibility 2.8 4.0 1.3 5.0 Personnel
plan
System access control 2.7 4.0 1.3 5.0 security Physical &
& communication environmental
protection
protection
Technical security 2.3 4.2 1.9 5.0

7 Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.

Sample Report > Technical Security
Summary
 Scores
Scores of
of technical
technical security
security by
by domains
domains is
is averaged
averaged 3.0.
3.0. ItIt is
is in
in operation,
operation, but
but repeated
repeated survey
survey and
and
improvement
improvement are
are necessary.
necessary.
 The
The biggest
biggest gap-difference
gap-difference domain
domain between
between current
current and
and target
target score
score is
is ‘Integrated
‘Integrated management’.
management’.
Security
Security operation
operation is
is not
not conducted
conducted holistically,
holistically, but
but is
is conducted
conducted individually
individually byby each
each business.
business.
 To
To improve
improve the
the level
level of
of technical
technical security,
security, the
the fast
fast and
and reachable
reachable areas
areas are
are Access
Access control,
control, Patch
Patch
management,
management, and
and Host
Host intrusion
intrusion prevention.
prevention.
Summary
Summary of
of technical
technical security
security
DOMAIN Current Target Gap Best
Score Score Practice

Network security 3.6 4.6 1.0 5.0 Access

System security 2.8 4.3 1.5 5.0 control Intrusion
Integrated detection /
Application security 2.1 4.0 1.9 5.0 management Prevention
Integrated management 1.0 4.0 3.0 5.0 DB
access DDoS
DOMAIN Curren Target Gap Best Priorit attack
t Score Practic y control
Score e
Mail UTM
Access control 3 5 2 5 16.7 security
Intrusion 5 5 0 5 0.0 Networ
detection/prevention URL k
DDoS attack 2 4 2 5 6.0 filterin access
UTM 3 4 1 5 6.0 g control
Network access 5 5 0 5 0.0 Web
Anti-
control applicatio
Malware
n Host
Anti-Malware 5 5 0 5 0.0
Patch management 3 4 1 5 15.0 intrusion Patch
Media control 2 4 2 5 6.0 preventio Media management
n control
Host intrusion 1 4 3 5 15.0
prevention
Web application 3 4 1 5 5.0
access control
URL filtering 3 4 1 5 3.0
Mail security 3 4 1 5 3.0
DB access control 2 4 2 5 6.0
Integrated 1 4 3 5 9.0
8 management Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.
Sample Report >
Recommendation Media protection Shor Mid Lon
Period
Status • Systems are operating in the separate location and in-and-out is controlled
tHigh by figure-
g
Priority Mid Low
print recognition.
• Backup media is kept in the safe of separate floor besides a server room
• There is a security regulation about document, but there is no assessment about
practice.
• Documents about system introduction & development are managed individually by
operators.
• There is a regulation including a condition about destruction of information asset.
However, there is no
instruction about a method or history about destruction.
Recommendatio • It is essential to Inspect a history of in-and-out periodically
n
• It is essential that documents about system introduction & development should be
managed for
integrating due to possibilities of leakage or loss.
• It is essential that destruction process by media should be Make and destruction result
should be
managed for confirming
Plan • Make & perform a assessment process about in-and-out control history
• Make & perform a assessment process about backup media management history and
storage condition
• Make & perform a destruction process about system and stored media
(Attach a proof for confirmation when important asset is destructed)

9 Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.

Sample Report > Roadmap
Short-Term Mid-Term Long-Term

Administrat
ive security Prepare a checklist for security review / Make & perform security process and operation
review system setup, security rule, and etc.

Risk assessment
Make and perform a plan for security
training

Audit security periodically

Make and perform a process for external
personnel

Update filtered website periodically

Make a process to respond intrusion /
perform training about response

Make a process for destructing

Information asset

Improve a guide about authorization

management
Store and transmit DB information (password, etc) in encrypted
Technical
security Make & perform a assessment plan for
Server/Network vulnerability
Review about introducing a DB security solution and control access
Make & perform a guide about OS patch
update
Review about introducing a media control solution

Make ‘Host access control’ solution

10 Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.

 AhnLab
The Joy of Care-Free Your Internet World

Copyright (C) AhnLab, Inc. 1988-2010. All rights reserved.

AhnLab, the AhnLab logo, and V3 are trademarks or registered trademarks of AhnLab, Inc.,
in Korea and certain other countries. All other trademarks mentioned in this document are the property of their respective owners.

고객사 CI 11 Copyright (C) AhnLab, Inc. 1988-2009. All rights reserved.