Regis University ePublications at Regis University All Regis University Theses Summer 2011 Uncovering Network Perimeter Vulnerabilities in Cisco Routers According to Requirements Defined in Pci Dss 2.0 David E. Naples Regis University Follow this and additional works at: https://epublications.regis.edu/theses Part of the Computer Sciences Commons Recommended Citation Naples, David E., "Uncovering Network Perimeter Vulnerabilities in Cisco Routers According to Requirements Defined in Pci Dss 2.0" (2011). All Regis University Theses. 472. https://epublications.regis.edu/theses/472 This Thesis - Open Access is brought to you for free and open access by ePublications at Regis University. It has been accepted for inclusion in All Regis University Theses by an authorized administrator of ePublications at Regis University. For more information, please contact [email protected]. Regis University College for Professional Studies Graduate Programs Final Project/Thesis Disclaimer Use of the materials available in the Regis University Thesis Collection (“Collection”) is limited and restricted to those users who agree to comply with the following terms of use. Regis University reserves the right to deny access to the Collection to any person who violates these terms of use or who seeks to or does alter, avoid or supersede the functional conditions, restrictions and limitations of the Collection. The site may be used only for lawful purposes. The user is solely responsible for knowing and adhering to any and all applicable laws, rules, and regulations relating or pertaining to use of the Collection. All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials. It is available only for research purposes and may not be used in violation of copyright laws or for unlawful purposes. The materials may not be downloaded in whole or in part without permission of the copyright holder or as otherwise authorized in the “fair use” standards of the U.S. copyright laws and regulations. UNCOVERING NETWORK PERIMETER VULNERABILITIES IN CISCO ROUTERS ACCORDING TO REQUIREMENTS DEFINED IN PCI DSS 2.0 A THESIS SUBMITTED ON 7 OF JUNE, 2011 TO THE DEPARTMENT OF INFORMATION TECHNOLOGY OF THE SCHOOL OF COMPUTER & INFORMATION SCIENCES OF REGIS UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS OF MASTER OF SCIENCE IN INFORMATION ASSURANCE BY David E. Naples APPROVALS Dan Likarish, Thesis Advisor Stephen D. Barnes Nancy Birkenheuer Running head: NETWORK PERIMETER VULNERABILITIES 2 Abstract According to the Payment Card Industry (PCI), over 500 million records containing sensitive cardholder data have been breached since January 2005. Merchants accepting credit and debit cards are at the center of payment card transactions, making it crucial that standard security procedures and technologies are employed to thwart cardholder data theft. Numerous organizations have experienced embarrassing breaches, which lead to losses of credit card data, including Starbucks, California Pizza Kitchen, and TJX Companies. This paper examined an action research methodology to test the security of a network router and remediate all the vulnerabilities that caused it to fail the requirements of the Payment Card Industry Data Security Standards (PCI DSS). The basic functions of a router include packet forwarding, sharing routing information with adjacent routers, packet filtering, network address translation (NAT), and encrypting or decrypting packets. Since a router is traditionally installed at the perimeter of a network, it plays an important role in network security. By following the approach of this study, administrators should understand how employing a network vulnerability scanner to test a host can illuminate hidden security risks. This study also demonstrated how to use the results of the vulnerability scan to harden a host to ensure it complied with the Payment Card Industry’s (PCI DSS) requirements. Running head: NETWORK PERIMETER VULNERABILITIES 3 Table of Contents Chapter 1 – Introduction ................................................................................................................. 5 Chapter 2 – Review of Literature .................................................................................................... 9 What is PCI DSS? ....................................................................................................................... 9 The Importance of Compliance ................................................................................................ 10 The Importance of Routers in Security Architecture ................................................................ 12 PCI Requirements and Testing ................................................................................................. 15 The Importance of PCI.............................................................................................................. 16 The Action Research Approach ................................................................................................ 17 Chapter 3 – Methodology ............................................................................................................. 19 Action Research ........................................................................................................................ 19 Place .......................................................................................................................................... 19 Participants ................................................................................................................................ 20 Materials ................................................................................................................................... 20 Procedure .................................................................................................................................. 23 Chapter 4 – Background, Analysis, and Results ........................................................................... 25 Background ............................................................................................................................... 25 PCI DSS Requirements ......................................................................................................... 25 Discussion on Routers........................................................................................................... 26 Methods of Hardening Routers. ............................................................................................ 31 Analysis..................................................................................................................................... 36 Initial Results from the QualysGuard PCI Report. ............................................................... 36 Remediating the vulnerabilities. ........................................................................................... 37 Results ....................................................................................................................................... 42 Second Scan .......................................................................................................................... 42 Third Scan .............................................................................. Error! Bookmark not defined. Additional Steps .................................................................................................................... 44 Chapter 5 - Conclusion ................................................................................................................. 46 References ..................................................................................................................................... 51 Running head: NETWORK PERIMETER VULNERABILITIES 4 List of Figures Figure 1. QualysGuard PCI report indicating the security risk rating and the number of vulnerabilities confirmed on the device after the first scan (QualysGuard PCI Report, 2011). ................................................................................................................................ 36 Figure 2: QualysGuard PCI report graphically displaying how the severity levels compare with each other (QualysGuard PCI Report, 2011). ................................................................... 37 Figure 3: Detail of vulnerabilities from second QualysGuard PCI scan (QualysGuard PCI Report, 2011). ................................................................................................................................ 42 Figure 4: Summary of vulnerabilities from third QualysGuard PCI scan (QualysGuard PCI Report, 2011). ................................................................................................................... 43 Figure 5: Detail of vulnerabilities from third QualysGuard PCI scan (QualysGuard PCI Report, 2011). ................................................................................................................................ 44 Running head: NETWORK PERIMETER VULNERABILITIES 5 Chapter 1 – Introduction Protecting cardholder data is definitely a serious concern for many merchants. Over 510 million records containing sensitive cardholder data have been compromised in the past six years (PCI Security Standards Council, 2010). This problem can be greatly attributed to insufficient security measures employed by a number of merchants. One only needs to consider the large amount of data stored by businesses
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages57 Page
-
File Size-