Security Audit Report
Prepared for: Training Team
Delivered on: July 05, 2015
Report Duration: July 05 - July 05, 2015
Security Audit Report
Sophos Firewall was used to conduct a quick network security risk assessment at Training Team. This
report aims to provide visibility into potential application and web risks, risky users, intrusion risks and
usage of applications within Training Team network, thereby highlighting security issues that can be
addressed by Training Team. This report helps organizations understand capabilities of Sophos Firewall to
see threats and network usage that their existing firewalls may not see.
Today’s dynamic threat landscape requires organizations to re-consider security at their network perimeter
every few years. As a result, the Sophos Firewall deployment has begun taking over the mantle of network
protection from the last generation of firewalls and security appliances. The truth is, previous generation
firewalls are not equipped to identify modern day security threats and do not provide adequate protection,
leaving organization networks vulnerable against the tide of new threat vectors and actors.
Sophos Firewall with Layer 8 Identity-based technology offer actionable security intelligence and controls to
enterprises that allow complete control over L2-L8 for future-ready security. Sophos Firewall integrates
multiple features over a single platform, eliminating the need to manage multiple solutions and hence
reduces complexity.
This report provides a high level overview of Training Team’s network that covers: ■
Report Findings
■ User Behavior
■ User-Application Risks & Usage
■ Web Risks & Usage
■ Intrusion attacks
■ Advanced Threat Protection (ATP)
Report Findings:
Key Observations
■ Web Risks & Usage
- 22 objectionable web domains were accessed that belonged to Download Freeware &
Shareware (13 web domains), Jobs Search (2 web domains), Peer-to-peer & Torrents (2 web
domains), Spyware & Malware (5 web domains).
- Top Web categories by data transfer include Information Technology, Content Delivery, Travel.
■ Intrusion attacks
- Overall 739887 intrusion attacks with Moderate severity and above were found, including 43
attacks with critical severity , 7754 attacks with Major severity and 732090 attacks with Moderate
severity.
- Top attack categories include Web Services and Applications, Reconnaissance, Operating
System and Services, Multimedia, Misc.
User Behavior
Studies have proved that users are the weakest link in the security chain and patterns of human behavior
can be used to predict and prevent attacks. Also usage pattern can help understand how efficiently are
corporate resources utilized and if user policies need to be fine-tuned.
The Layer 8 Technology over Sophos Firewalls treat user identity as the 8th layer or the "human layer" in
the network protocol stack. This allows administrators to uniquely identify users, control Internet activity of
these users in the network, and enable policy-setting and reporting by username.
Users with risk-prone behavior
User Threat Quotient (UTQ) helps security administrators spot users posing risk, based on suspicious web
behavior and advanced attacks triggered from their hosts. The risk could be a result of unintended actions
due to lack of security awareness or malware infected host or intended actions of a rogue user. Knowing
the user and the activities that caused risk can help the Network Security administrator take required
actions to avoid such risks.
Users with risk-prone behavior
Relative Risk Ranking
User
Relative Threat Score
No Record Found.
User Application Risks & Usage
Today, it is crucial for an organization to be aware about the applications traversing the network and
potential risks they pose in order to effectively manage related business risks. Sophos Firewall Application
Visibility & Control offers complete visibility on which applications are being accessed within the network
irrespective of their ports and protocols. This stops sophisticated application-layer threats right at the
network perimeter.
Application Risk Score
This risk calculator indicates the overall risk associated with various applications and is calculated on the
basis of individual risk associated with a specific the application and number of hits on that application.
Risk: N/A
High Risk Applications in use
The table below lists top high risk applications (risk rating 5 or 4 in this order) along with risk level,
application category, characteristic and technology to help understand potential application high risks faced
by the network.
High risk applications
Risk Level
No
App Name
Category
Technology
Hits
Bytes
Record
Found.
Application Categories & Applications
Knowing top app categories and applications help understand how efficiently are corporate resources
utilized and also app filtering policies. These reports provide a snapshot of various application categories
and applications accessed by users and amount of Internet traffic generated by them.
Application Categories by Data Transfer
Application Category
Hits
Bytes
No Record Found.
Applications by Data Transfer
Application
Application Risk
Application
Category
No Record Found.
Hits
Bytes
Web Risks & Usage Visibility
Organizations need a strong security mechanism, which is capable to block access to harmful websites,
prevent malware, phishing, pharming attacks and undesirable content that could lead to legal liability &
direct financial losses. Being able to do so also enables them to manage productivity of their users and
helps achieve effective utilization of bandwidth.
Sophos Firewall Web Filtering offers one of the most comprehensive URL databases with millions of URLs
providing Web Security, HTTPS Controls and comprehensive Web & Content filtering solution.
Objectionable Web Categories & Domains being accessed
These reports help administrator monitor objectionable web categories and domains.
Objectionable Web Categories
Category
Download Freeware &
No of domains
Bytes
Hits
13
9.25 MB
519
Spyware & Malware
5
44 B
29
Jobs Search
2
9.03 KB
7
Peer-to-peer & Torrents
2
0B
2
Shareware
Top 20 Objectionable web domains
Web Domains
tools.google.com
Web Category
Download Freeware &
Bytes
Hits
0B
441
19.17 KB
33
Spyware & Malware
44 B
19
Download Freeware &
7.59 MB
16
1.45 MB
10
Shareware
cache.pack.google.com
Download Freeware &
Shareware
secureus.imrworldwide.com
r2---sn-
ci5gupcvhe.c.pack.google.com Shareware
r7---sn-
Download Freeware &
ci5gupcvhe.c.pack.google.com Shareware
crl.verisign.com
Spyware & Malware
0B
7
reportage.wp-theme.pro
Jobs Search
4.47 KB
6
dl.maxthon.com
Download Freeware &
0B
6
4.67 KB
3
0B
2
Shareware
sr.symcd.com
Download Freeware &
Shareware
mp3fiber.com
Download Freeware &
Shareware
sv.symcd.com
Download Freeware &
0B
2
0B
2
Shareware
lp.ilividnewtab.com
Download Freeware &
Shareware
crl.usertrust.com
Spyware & Malware
0B
1
static.columbia.timesinterne
Jobs Search
4.56 KB
1
Download Freeware &
183.97
1
t.in
r5---sn-
ci5gupcvhl.c.pack.google.com Shareware
KB
torrentz.eu
Peer-to-peer & Torrents
0B
1
gm.symcd.com
Download Freeware &
1.39 KB
1
0B
1
Shareware
server.voga360.com
Download Freeware &
Shareware
stats.g.doubleclick.net
Spyware & Malware
0B
1
filehippo.com
Download Freeware &
0B
1
Shareware
Web Categories & Domains
These reports offer insights into the user's browsing habits that can help understand how efficiently
corporate resources get utilized and efficacy of web filtering policies.
This Report displays a list of top web categories along with the number of hits.
Top 15 Web categories by Hits
Category
Bytes
Hits
Information Technology
4.32 GB
60667
IPAddress
18.69 MB
18246
Advertisements
6.94 MB
2341
Online Chat
91.75 KB
1872
General Business
8.86 MB
1302
Content Delivery
61.28 MB
906
Travel
41.64 MB
752
Entertainment
10.78 MB
676
News
13 MB
657
Sports
9.85 MB
542
Download Freeware & Shareware
9.25 MB
519
Online Shopping
4.43 MB
475
Search Engines
1.98 MB
445
Blogs & Forums
2.85 MB
361
Reference
964.43 KB
291
Top 15 Web categories by Data Transfer
Category
Hits
Bytes
Information Technology
60667
4.32 GB
Content Delivery
906
61.28 MB
Travel
752
41.64 MB
IPAddress
18246
18.69 MB
Video Hosting
107
14.6 MB
News
657
13 MB
Entertainment
676
10.78 MB
Sports
542
9.85 MB
None
217
9.65 MB
Download Freeware & Shareware
519
9.25 MB
General Business
1302
8.86 MB
Advertisements
2341
6.94 MB
Online Shopping
475
4.43 MB
Blogs & Forums
361
2.85 MB
Search Engines
445
1.98 MB
Top 15 Web Domains by Hits
Web Domain
Web Category
Bytes
Hits
http.00.a.sophosxl.net
Information Technology
180.63 KB
12605
image.providesupport.com
Information Technology
0B
8778
10.108.79.12
IPAddress
0B
4407
push-s.maxthon.com
Information Technology
0B
3680
resolver1.elitec.ctmail.com
Information Technology
25.47 MB
3650
217.146.12.43
IPAddress
1.02 MB
3390
103.250.31.224:60000
IPAddress
15.09 MB
3245
10.201.4.42
IPAddress
243.31 KB
2947
resolver5.elitec.ctmail.com
Information Technology
0B
2825
iprep5.elitec.ctmail.com
Information Technology
0B
2596
rt.cyberoam.com
Information Technology
157.27 KB
2538
resolver1.ast.ctmail.com
Information Technology
2.7 MB
2387
iprep1.elitec.ctmail.com
Information Technology
59.42 KB
1991
10.206.1.10:80
IPAddress
0B
1983
iprep5.t.ctmail.com
Information Technology
0B
1550
Top 15 Web Domains by Data Transfer
Web Domain
Web Category
Hits
Bytes
downloads.sophos.com
Information Technology
83
3.8 GB
oem.avdl.ctmail.com
Information Technology
57
359.8 MB
sdlc-esd.oracle.com
Information Technology
9
89.75 MB
wimbledonprogressivedl.ed
Content Delivery
513
55.78 MB
static2.tripoto.com
Travel
503
38.29 MB
resolver1.elitec.ctmail.com
Information Technology
3650
25.47 MB
103.250.31.224:60000
IPAddress
3245
15.09 MB
proxy-87.dailymotion.com
Video Hosting
24
14.51 MB
www.cyberoam.com
Information Technology
402
8.4 MB
gesuite.net
www.wimbledon.com
Sports
379
7.75 MB
r2---sn-
Download Freeware &
16
7.59 MB
ci5gupcvhe.c.pack.google.com Shareware
timesofindia.indiatimes.com
News
374
6.24 MB
proxy-
Entertainment
27
5.72 MB
download.ctmail.com
Information Technology
212
4.73 MB
f1infoservices.com
None
83
4.62 MB
39 .sv6.dailymotion.com
Intrusion Attacks
Detection and protection against network and application level attacks like intrusion attacks, malicious code
transmission, backdoor activity is critical to protect network from hackers. Sophos Firewall’s Intrusion
Prevention System helps strengthen defenses against network-level and application-level attacks.
Number of attacks by Severity-level
Critical
Total attacks
43
Major
7754
Minor
2509
Moderate
732090
Warning
105664
Intrusion Attacks
This Report fetches details for the top attacks that have hit the system with information of their severity
level, category, platform, target and attack count.
Top 20 Intrusion attacks by Severity
Severity-level
Attack
Category
Platform
Target
Attack Count
Malware
Backdoor.Linux.H
Critical
onkcub.A
Runtime
Detection
N/A
N/A
N/A
39
PHP Group PHP
Critical
ZIP Integer
N/A
N/A
N/A
2
Windows
Server
1
N/A
N/A
1
Linux,Windows
Server
6912
N/A
N/A
820
N/A
N/A
11
Overflow
RSA
Critical
Authentication
Application and
Agent for Web
Software
Buffer Overflow
Apache Tomcat
Critical
ChunkedInputFilte
r
Denial
of
N/A
Service
HP Intelligent
Management
Major
Center
Application and
imcsyslogdm Use Software
After Free
GNU Bash
Environment
Major
Variable Handling N/A
Command
Execution
Apache HTTP
Major
Server
mod_log_config
N/A
Denial of Service
LOIC DoS Tool
Major
(UDP Traffic)
threshold
Web Services and BSD,Linux,Mac,O
ther,Solaris,Unix,
Applications
Server
Windows
3
N/A
Kerberos CrossRealm Referrals
Major
KDC NULL
Pointer
N/A
N/A
3
Windows
Server
3
Dereference
Denial of Service
Microsoft
Major
Windows TCP-IP
Operating System
Stack Denial of
and Services
Service
Severity-level
Attack
Category
Platform
Target
Attack Count
Encrypted
Major
Heartbeat
N/A
N/A
N/A
2
Server
2479
Message
BSD,Linux,Mac,O
SCAN UPnP
Minor
service discover
attempt
Reconnaissance
ther,Solaris,Unix,
Windows
Microsoft ASP
.NET Error
Message
Minor
Information
N/A
N/A
N/A
24
Disclosure
Vulnerability
BSD,Linux,Mac,O
DNS SPOOF
query response
Minor
with TTL of 1 min.
ther,Solaris,Unix,
DNS
Windows
Server
6
N/A
N/A
N/A
713573
Server
16257
N/A
1849
and no authority
SSL Request
Export
Moderate
Ciphersuite
Detection
Apache HTTP
Server
Moderate
mod_rewrite
Apache HTTP
RewriteLog
Server
Command
BSD,Linux,Mac,O
ther,Solaris,Unix,
Windows
Execution
( snort_decoder )
Moderate
WARNING: MISC N/A
N/A
IP option set
HTTPS/SSL
Moderate
Renegotiation
DoS
Web Services and BSD,Linux,Mac,O
ther,Solaris,Unix, Server
Applications
Windows
249
N/A
N/A
N/A
46
N/A
N/A
N/A
30
( snort_decoder )
WARNING: IPV4
packet to
Moderate
broadcast dest
address
SSLv3.0
ClientHello from
Moderate
vulnerable client CVE-2014-3566
Attack categories
Attack Category
Variety of attacks
Attack Count
N/A
20
716479
Reconnaissance
5
108143
Apache HTTP Server
1
16257
Application and Software
2
6913
Web Services and Applications
3
253
DNS
1
6
Misc
2
4
Operating System and Services
1
3
Multimedia
1
2
Advanced Threat Protection (ATP)
Made simple to use, Sophos Advanced Threat Protection protects enterprise networks from falling prey to
botnet risks and helps identify infected endpoints, so the administrator can take immediate action.
Summary
Threat Count
0
Host Count
Attacks
0
N/A
Advanced Threats
Threat
Host Count
Origin
Attempts
No Record Found.
Hosts - ATP
Host (Source IP)
Threat count
Attempts
No Record Found.
Detailed View - ATP
Host (Source
IP)
No Record Found.
User
Threat
Destination
Origin
Attempts
Action