This section describes our findings from using the VDR vulnerability capability to analyze the different types of infrastructure components used in the Computer Vision for Smart Transportation platform. For this testing, the appropriate IP ranges for our lab equipment were made available to the Auto Discovery feature accessed through the Secureworks VDR online portal. The tool then imports any active IPs in those ranges and performs an assessment including assigning a category to the devices. No device passwords are required for logging in to any of the detected servers or devices before scanning.
Virtual machine
Any virtual machine with an IP address can be autodiscovered or added manually and scanned. The VMS and CV resources used during this testing were predominantly Windows-based.
The following figure is a sample output from the scan of a Windows server in the lab:
Comments
This Windows 2019 server was fully patched prior to being discovered and scanned by VDR.
Zero new critical issues were identified. Critical issues typically need immediate attention.
Some medium-priority issues exist and should be reviewed with a security professional on your team. An example issue identified from the scan above was that Remote Desktop was enabled. This is permitted in our lab for this system since it is located in a protected environment.
Scanning Linux servers is a similar process and should look consistent with these results for systems with fully up-to-date patches.
Application
VDR scans were performed on all machines used by the VMS Systems (Genetec/Milestone) and CV Systems (Ipsotek/Briefcam). The results were similar since they all reside on fully patched Windows 2019 Server virtual machines.
The one noticeable variation that was observed resulted from the VDR capability to detect web portals that are running on a server. Many application vendors ship products with an integrated web console for system administration. A few of the servers in our testing have web portals, and therefore those were also assessed for any vulnerabilities.
The following figure is a sample from a machine with a web portal:
Comments
A full list of exposed web portal URLs was identified for the server.
Zero Critical items were raised for the system shown above.
VDR scanning is capable of identifying code libraries (such as Javascript) that are used in web portals which may also have vulnerabilities.
If anything new or unexpected is contained in the result of a scan, consult with a security professional on your team, and engage the product vendor to discuss.
Cameras
Our testing scope included a task to determine if it would be possible to use VDR to scan IP cameras. We have multiple IP cameras from various hardware vendors in the lab. This is the first time Secureworks was used to scan IP cameras, therefore, it was unclear the type of results we would get. The results we achieved were encouraging. The full IP range that covers our physical IP camera hardware was configured for autodiscovery in the VDR console. Every camera scanned had vulnerabilities reported.
The following figure is a sample from one of the cameras:
Comments
For this camera, two critical issues were identified:
There is an FTP login user configured that uses a common user/password combination that was easily detected during the scan. A configuration step was skipped during the installation which caused the issue. The password can and should be changed.
A software library used by the camera was out of date and has a known vulnerability.
After the initial scan, the camera was updated to the latest available firmware and still has one critical item relating to the "libupnp" software library.
Most of the scanned cameras have a web console available for administration. These were also scanned for vulnerabilities and can be reviewed under the "Related Assets" section.
When critical issues are found, it is important to reach out to the camera vendor to get the latest patching package.
Note: The result of this research shows that IP cameras do present a significant security risk even when fully patched. Older unpatched cameras will likely have more vulnerabilities.
Network switches
VDR will also scan any network switches that are in the IP ranges entered in the web portal. Most network switches run an operating system that VDR can identify and scan.
The following figure shows a sample of a network switch scan that identified a range of issues:
Comments
A critical issue was identified in the version of SSH that is used on the switch. This was resolved with the latest update from the vendor.
The switch operating system was identified as Open BSD.
If issues still exist after updating to the latest software then reach out to your vendor for guidance.
Hypervisor
It is important to scan all parts of the environment to assess any vulnerabilities including VMware ESXi hosts.
The following figure shows a sample output from an ESXi server scan:
Comments
Zero vulnerabilities were found on the ESXi servers in the testing lab.
The scan output above is for a server that has not been upgraded to the latest ESXi 7.0.3 version but still does not have any critical issues.
The medium-priority items above should also be investigated with your security team to ensure these are not a concern in your environment. Each item has remediation information shown in the VDR portal.