Audits

Auditing companies aim to verify as completely as possible the level of security cleared by CASD infrastructure within the constraints defined by data depositors.

The auditor must be specialized in IT security, PASSI (IT audit label) and labelled by the ANSSI (national agency for IT security), as well as competent in client OS, server, VPN attack methods, authentification mode attack methods, etc.

Audits follow 4 gradual scenarios which aim to successfully intrude, usurp identity, or retrieve a data file.

Scenario 1 : INTERNET ENCRYPTED TUNNEL ATTACK WITH NO DECLARED IP PUBLIC ADDRESS

The auditing company knows the CASD network address, but the IP address is not among the list of addresses authorized to connect to CASD.

The company must study if an attack is possible on the VPN-SSL tunnel outlet, or if it is possible to extract information from this tunnel.

Scenario 2 : INTERNET ENCRYPTED TUNNEL ATTACK WITH A DECLARED IP PUBLIC ADDRESS

The company knows the CASD network address, the IP address is within the list of addresses authorized to connect to CASD.

The company must study if an attack is possible on the VPN-SSL tunnel outlet, or if it is possible to extract information from this tunnel.

Scenario 3 : INTERNET ENCRYPTED TUNNEL ATTACK WITH A DECLARED IP PUBLIC ADDRESS AND IN POSSESSION OF AN SD-BOX

The company knows the CASD network address, the IP address is within the list of addresses authorized to connect to CASD, and they are in possession of an SD-Box.

The company must study if an attack is possible on the VPN-SSL tunnel outlet, or if it is possible to extract information from this tunnel.

The auditor will test if they can take control of the box:

– Take control of the OS (modification of the boot),
– Access the Shell one way or another,
– Access the RDP to open a session remotely,
– Access the box through the network,
– Usurp the central infrastructure (attack of the “man in the middle” type),
– Access USB ports, boot on a USB port,
– Modify the Bios,
– Read the hard-drive content (and if so try to connect),
etc.
This list is non-exhaustive and the company must attempt a maximum number of attacks (known or unknown to GENES) in that configuration.

Scenario 4 : VPN-SSL INTERNET ATTACK PAR INTERNET WITH A DECLARED IP PUBLIC ADDRESS, A smartCARD AND IN POSSESSION OF AN SD-BOX

The company knows the CASD network address, the IP address is within the list of addresses authorized to connect to CASD, and they are in possession of an SD-box and a smartcard.

This attack configuration mimics an internal intrusion attempt. The company can connect as an internal user would. An account will be created specifically for this testing purpose.

The aim is to launch hijacking maneuvers to address at least one of the following issues:

– Is it possible to retrieve a file?
– Is it possible to access files to which the user has theoretically no access to (files or other projects)?
– Is it possible to usurp a user’s identity with or without his card?

Resilience tests to authentification modes will also be done (card tests, driver tests, etc).

ADDITIONAL VERIFICATION : CASD NETWORK ISOLATION

GENES provides access to its building so it can test whether CASD is indeed isolated from the GENES IT system (separate switch network, firewall parameters, etc).

Audit report

It must be complete and specific regarding the testing modalities, protocols used, source codes for the programs used in the attacks…

4 AUDITS WERE CARRIED OUT SUCCESSFULLY BY COMPANIES CERTIFIED BY THE ANSSI with THE MOST RECENT Taking PLACE IN JANUARY 2017.