AWS Cloud Security Assessment and Recurring Infrastructure Pentesting for a US Insurance Company
Customer
The Customer is a large insurance company providing services across the United States.
Challenge
The Customer is dedicated to ensuring full security of their IT assets and reliable protection of their clients’ data. They worked out a solid security management strategy that includes penetration testing of their IT infrastructure at least once a year or after any major modifications.
Having no in-house skills to perform security testing, the Customer was looking for a reliable and experienced vendor to establish long-term cooperation. As they were planning cloud migration, the vendor’s expertise in cloud security was a crucial requirement.
Solution
With ample experience in cybersecurity, Certified Ethical Hackers and AWS security experts on board, ScienceSoft fully met the Customer’s criteria. In 2020, the Customer entrusted the first pentesting project to ScienceSoft’s team and, satisfied with our service quality, stayed willing to continue cooperation. As of August 2022, ScienceSoft has completed several penetration tests and AWS infrastructure security assessment for the Customer.
IT infrastructure and a website penetration testing
Having examined the Customer’s needs, ScienceSoft’s security team decided to apply the black box and gray box pentesting approaches. This allowed them to comprehensively explore the testing targets and meet the Customer’s time and budget expectations.
First, ScienceSoft tested the company’s website and public-facing IT infrastructure components (web servers, databases, etc.) according to the black box approach, with no prior knowledge of the targets. Our security team was looking for vulnerabilities that real-world attackers could exploit to break the existing cyber defenses.
Aiming to explore how a malicious actor could compromise the Customer’s IT operations and sensitive data once they broke the external security perimeter, our team applied the gray box approach to test the Customer’s internal network, including 24 IPs. ScienceSoft’s testers provided an exhaustive report on the revealed issues:
- Outdated Apache HTTP server and TLS 1.0 with multiple known vulnerabilities.
- User enumeration that could provide a potential attacker with a list of all valid user names.
- Remote SNMP server misconfigurations that could be exploited for DoS attacks and privilege escalation.
- Disabled signing on an SMB server allowing man-in-the-middle attacks against the server, and more.
To help remediate the detected security gaps, ScienceSoft provided a detailed list of required corrective measures: e.g., updating Apache server and using the latest TLS version, disallowing user enumeration, restricting and monitoring access to SNMP service or disabling it if unused, configuring the SMB to enforce message signing, and more.
After the Customer’s IT team fixed the detected vulnerabilities according to the provided recommendations, ScienceSoft’s team retested the infrastructure components. The retesting showed that the Customer’s IT infrastructure was free of vulnerabilities, and their IT assets were reliably protected against cyber threats.
The entire pentesting project from planning to retesting took 6 days.
AWS cloud security assessment
After moving a part of their infrastructure to the cloud, the Customer asked ScienceSoft to perform the security assessment of their AWS resources: Identity and Access Management, Virtual Private Cloud, CloudTrail, Elastic Block Store, Relational Database Service, Simple Storage Service, Elastic Compute Cloud, and others.
ScienceSoft’s security experts started with analyzing the Customer’s cloud assets and services and running automated scanners. The team proceeded with manual review of the findings to define the existing misconfigurations and vulnerabilities. Although no critical cloud security issues were discovered, ScienceSoft’s team recommended several measures to enhance the Customer’s cloud cyber defense. They included:
- Identifying and deleting unnecessary credentials in IAM. This would help prevent unused accounts from being hacked, thus reducing the attack surface.
- Setting up MFA Delete for S3 buckets to protect data in the buckets from accidental or unauthorized deletions.
- Enabling enhanced monitoring and automated backup for RDS Databases.
It took ScienceSoft’s AWS security experts 8 days to perform full security assessment of the Customer’s cloud resources and report the results.
Repeated penetration testing of the IT infrastructure
For the next annual penetration test of their IT infrastructure, including web servers, databases, and the significantly extended internal network, the Customer provided ScienceSoft’s team with low-privilege user credentials.
A thorough checkup did not revealed any vulnerabilities. ScienceSoft’s testers were pleased to report that, thanks to the proactive approach to cybersecurity, the Customer managed to maintain their IT infrastructure reliably protected. To prevent any potential human-based attacks in the future (e.g., phishing), ScienceSoft recommended the Customer to conduct social engineering testing to assess employee vigilance. If it reveals unsafe staff behavior, ScienceSoft is ready to conduct trainings to enhance their cybersecurity awareness.
ScienceSoft’s team completed the penetration testing project and reported on the results within 9 days.
Results
Thanks to the thorough penetration tests and remediation guidance by ScienceSoft, the Customer was able to quickly address the revealed security vulnerabilities and ensure full protection of their IT infrastructure, including the newly acquired AWS cloud resources. As a result of continuous cooperation with ScienceSoft over two years, the Customer has managed to achieve and maintain a high security level of their IT environment. Appreciating ScienceSoft’s assistance in securing their IT assets, the Customer plans to engage ScienceSoft’s team in further cybersecurity projects.
Technologies and Tools
Metasploit, Wireshark, Nessus, Burp Suite, Nmap, cURL, Nikto, Dirb, AWS.