• Breaking News

    AKCP Security Scan - 4 September 2023

     

    AKCP Security Scan


    Data Center Security

    A data center contains the enterprise’s IT equipment, applications and critical data, so it’s essential to provide proper security systems and security policy.

    The main concerns regarding a data center’s security problems are data loss (whether it’s because of human error or from external attack, or from natural disasters), data alteration, Denial of Service (DoS), identity theft, and theft of confidential information.

    Hardware-wise, it starts with the physical security of a data center to prevent any physical damage and unauthorized access to the IT equipment storing critical data, including protection from natural disasters.

    On the software side, having proper antivirus/antimalware solutions, up-to-date software products, proper backups, and conducting frequent security audits can significantly lessen the impact of a possible security breach.

    In the Cost of a Data Breach Survey where 49 U.S. companies in 14 different industry sectors participated, the following was found:

    • The average cost of a security breach could reach $5.5 million
    • 39% of the companies say that negligence was the primary cause of their data breaches
    • Malicious and other criminal attacks have accounted for 37 percent of the total breaches
    • The effects of a data breach can have severe consequences on both the company managing the data center and on the customers whose data are copied

    Security status of AKCP products

    Log4j Status

    In light of the recent Log4j vulnerability, we have specifically tested for this. We do not utilize Java in our products and this threat is not a concern for AKCP devices.

    Below we provide the latest information on malware and vulnerabilities in our product line (updated monthly): 

    • sensorProbe+ (SP+)
    • sensorProbe (SP)
    • WTG
    • securityProbe (SEC5)
    • AKCPro Server (APS)

    Every firmware release undergoes strict security vulnerability testing, using commercially available security vulnerability testing software. This ensures that our products are running up-to-date firmware which is free from known cyber security issues and zero-day software vulnerabilities.

    A typical vulnerability test runs between 30 minutes to 2 hours, depending on the network services and open ports available on a given product family. The security scan runs on a dedicated closed network. It consists of common vulnerable ports testing, penetration testing, SNMP, SSL and web application tests, compliance checks, and standard vulnerability tests.

    The antivirus scan of AKCess Pro Server’s executables is performed with well-known antivirus engines, such as:

    • Avast
    • Avira
    • AVG
    • BitDefender
    • ClamAV
    • Comodo
    • ESET-NOD32
    • F-Prot
    • Kaspersky
    • Malwarebytes
    • McAfee
    • Sophos
    • TrendMicro
    • Symantec
    • Windows Defender

    While we aim to provide correct and up-to-date information, it is possible that new vulnerabilities will be found before the status has been updated and new software released. If your security scanner detects a new vulnerability, don’t hesitate to contact us to investigate it.

    Last update: 2023-08-31

    Common false positive detections in AKCP products 

    By default, all units have the following possibly un-secure configuration. This is to provide the user with ease of access and a simplified installation. It is the end user’s responsibility to change the default settings of the following if they are considered to be security flaws:

    SNMP v1/v2 enabled with the community: public

    Remediation: change the community to a customized string, and/or disable the SNMP v1/2 protocols (disabling might affect the product’s functionality).

    Built-in default SSL certificate for HTTPS: un-trusted self-signed, using a possibly weak hash algorithm

    Remediation: the default certificate has to be replaced with a trusted SSL certificate of the user’s choice if HTTPS access is required (we provide manuals for changing the SSL certificates on our units).

    Telnet and/or SSH service: enabled by default, where supported

    Remediation: disable these services if they are not needed. This might affect the product’s functionality.

    SNMP ‘GETBULK’ Reflection DDoS

    The SNMP server running on our units is designed to be able to send large amounts of data quickly, if necessary. This is to avoid losing important sensor data and alerting functionality.

    Remediation: configure SNMP alerts and SNMP Trap messages with only the necessary information, and distribute sending the alerts to multiple hosts.

    sensorProbe+ (SP+) products

    Security status: SECURE

    Latest firmware per platform:

    F4 1.0.5606

    F7 1.0.5937

    H7 1.0.5937

    Vulnerabilities: NONE

    sensorProbe+ units are running embedded RTOS (RealTime OS).

    The lwIP network stack and a customized web server is used.

    No shell access is provided.

    As of firmware 5233, only the TLS v1.2 SSL protocol is enabled.

    Wireless Tunnel Gateway (WTG)

    WTG Wireless Tunnel Gateway

    Security status: SECURE

    Latest firmware: 1.0.419

    Vulnerabilities: NONE

    WTG units are running embedded RTOS (RealTime OS).

    The lwIP network stack and a customized web server is used.

    No shell access is provided.

    Only the TLS v1.2 SSL protocol is enabled.

    securityProbe (SEC5) products

    SEC5ESV Blue

    Security status: SECURE

    Latest firmware: 406d

    Vulnerabilities: NONE

    securityProbe units are running an embedded OS based on a customized Linux kernel.

    The Linux network stack and a customized web server are used.

    SSH and Telnet shell access are provided.

    As of firmware 405u, only the TLS v1.2 SSL protocol is enabled.

    sensorProbe (SP) products

    Security status: ATTENTION

    Latest firmware: 480

    Vulnerabilities: SOME (see below)

    sensorProbe units are running an embedded custom OS.

    A customized embedded web server is used.

    No shell access is provided.

    Important: the sensorProbe family doesn’t provide support for any secure protocols such as SSL or HTTPS. Therefore, it doesn’t support secure email or web access, and only SNMP v1/2 is supported. This might make the product unsecured in some environments unless it’s running in an isolated network. 

    Security scan results:

    Web Server Transmits Cleartext Credentials

    The sensorProbe family doesn’t provide support for any secure protocols such as SSL or HTTPS. This might make the product unsecured in some environments unless it’s running in an isolated network.

    AKCPro Server (APS)

    AKCPro Server

    VirusTotal scan results:

    We regularly scan AKCPro Server binaries with VirusTotal. This is a free service that analyzes files and URLs for viruses, worms, trojans, and other kinds of malicious content.

    VirusTotal inspects items with over 70 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal.

    Below is the scan result summary of each executable file used in APS. If there are some false-positive detections, we list them along with the functions of these binaries.

     

    APS Installer file “AKCProServer-16.2.84.exe”

    https://www.virustotal.com/gui/file/380a2df9fa745fae4566c9c07069e965cd49d09c212818a7d79d6629d960fd0f?nocache=1

    This file is the installer for the current version of APS.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\uninst.exe”

    https://www.virustotal.com/gui/file/36d684971aa0e29bafa1b3a311dd7c75ec3b385e8aff91778112eb94bae4d288?nocache=1

    The uninst.exe is the uninstaller EXE of APS, it performs file and registry removal functions when APS is uninstalled from a system.

    VirusTotal lists 2 engines detected this file:

    SecureAge: Malicious

    CrowdStrike Falcon: Win/grayware_confidence_60% (D)

    This is a false positive result, since only 2 of all antivirus engines have detected the file as malicious.

    There are some patterns within this application that could resemble behavior of a virus, such as automatic service stopping and Registry modification.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\AKCProServer.exe”

    https://www.virustotal.com/gui/file/dc6f2399d1e0c3d5143cad4c71b3adcf88d45169c641c1c1da7d44c89e7c727a?nocache=1

    AKCProServer.exe is the main process (Control) of APS.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\CustomNotification.exe”

    https://www.virustotal.com/gui/file/3b10dfa54c79c47b4a5a76524af08574f97f4503172e1a53fda99e162bc9510b?nocache=1

    CustomNotification.exe is a notification sub-module of APS.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\DbRecovery.exe”

    https://www.virustotal.com/gui/file/e1f0d12103d313ef3a362144cdea897d82df7d9ea4a038c3f47b70e7abb5d5f4?nocache=1

    The DbRecovery.exe is a standalone process of APS, it only runs when necessary. It is used for checking and fixing the internal database (SQLite) when needed.

    VirusTotal lists 1 engined detected this file:

    Bkav Pro: W32.AIDetectMalware

    This is a false positive result, since only 1 of all antivirus engines have detected the file as malicious.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\DialNotification.exe”

    https://www.virustotal.com/gui/file/18c9f3ec4cc21ae8047fd52129a3a82f0a1ca8eb6f47e2fa33c9eeb6c4e92cb6?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\DoorLockNotification.exe”

    https://www.virustotal.com/gui/file/4fe2d9edbbdcc11f01e3e59e11577726bcf3b5236b3f08d2d5f48e27aacd307a?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\DryContactNotification.exe”

    https://www.virustotal.com/gui/file/d80f41b78a6f4aa05891548a74577d6313d951682e588bbebd1a512cfebdf752?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\EmailNotification.exe”

    https://www.virustotal.com/gui/file/495748bae7ff7bef9c7725f0a22ab0216198fd91b134165cd55d28ed067fb1e9?nocache=1

    The EmailNotification.exe is a notification sub-process of APS and is used for sending emails.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\FaxNotification.exe”

    https://www.virustotal.com/gui/file/c43e2a2da6bf022b19fc5304a742dd013b70972fd3bdff6d6fe4308726990b23?nocache=1

    The FaxNotification.exe is a notification sub-process of APS and is used for sending faxes.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\FirmwareSerialUpgrade.exe”

    https://www.virustotal.com/gui/file/a913259906271f37b74fbd11d7b895772810b28970ccbbfd613b3e78b27eb149?nocache=1

    The FirmwareSerialUpgrade.exe is a command-line utility, which can be used for upgrading the firmware of wireless sensors (BOS/WTS/SP-WT).

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\FTPNotification.exe”

    https://www.virustotal.com/gui/file/47777180db5427e2d60b3f525244f14932e78a0ea02874395a0a3630850eda8a?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\MMSNotification.exe”

    https://www.virustotal.com/gui/file/89fcd74315fff5de7b43f0556193027fecbb953138674a61f30e2e1212cff21a?nocache=1

    The MMSNotification.exe is a notification sub-process of APS and is used for sending MMSes.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\ModbusNotification.exe”

    https://www.virustotal.com/gui/file/9ce2623e275ddc20869fb7bb64fca19fab5797dfdb88bcc11f1e6158b5d34c64?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\notificationServer.exe”

    https://www.virustotal.com/gui/file/f6d0ae2664a4c4d85c0646c227a8e90ea502e04cfc96740800435e4a2ead6a2b?nocache=1

    The notificationServer.exe is the notification handler sub-process of APS and is used for controlling each notification.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\RecorderNotification.exe”

    https://www.virustotal.com/gui/file/a2f6ae3a2008ce62427fbc1a9fc72e53ca87ba11b1bf2de35c284236dc63795f?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\RelayNotification.exe”

    https://www.virustotal.com/gui/file/f0ff82875fb2215f5c39741407c1726186dda9da712ba1b85f84a27141242946?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\serverManagerService.exe”

    https://www.virustotal.com/gui/file/acb8bd21b50432815b8687bb15d4bc604e161ca1a7c7b51cc6cb1c4a779c4dbd?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\serverManagerUI.exe”

    https://www.virustotal.com/gui/file/11de0c1f827a11f031639050b6cd0720d92d2f76b3656a8c11d75599df9943e5?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\ShutdownNotification.exe”

    https://www.virustotal.com/gui/file/0da4bb3036e8dc8646e2643aeb51caabc7a9a33c8baca9bb460061f5a0feb796?nocache=1

    The ShutdownNotification.exe is a notification sub-process of APS and is used for sending a shutdown command to a prepared Unix or Windows system (for example when power failure is detected).

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\SirenNotification.exe”

    https://www.virustotal.com/gui/file/c0f313cf6d672693e66045f7f95cc53dad3b0e7e2e0e0ade19ad2141144bc45e?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\SkypeNotification.exe”

    https://www.virustotal.com/gui/file/56f52846ec8fc72f3362248312d9e62571ef8842b26ae4ed1bb0a18d04b9fb23?nocache=1

    The SkypeNotification.exe is a notification sub-process of APS and is used for sending Skype messages.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\SMSNotification.exe”

    https://www.virustotal.com/gui/file/26b87863454cb108437db389f846ac79e18e6878f545e95b874497ee9dd408ab?nocache=1

    The SMSNotification.exe is a notification sub-process of APS and is used for sending SMS notification messages to mobile phones using supported modems.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\SnmpSetNotification.exe”

    https://www.virustotal.com/gui/file/688cd5a1b4d5383109f855508910791a9ec4ff1e056d0f689749592ceedb1e27?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\SoundNotification.exe”

    https://www.virustotal.com/gui/file/0974425400289c9d0c39920e9540bb37461753c4613d659b95baac123c275d68?nocache=1

    The SoundNotification.exe is a notification sub-process of APS and is used for generating sound notification messages on the local PC.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\SpeechNotification.exe”

    https://www.virustotal.com/gui/file/f5c3a0d2f927432676e035f01948f94eb0a15a96c3a61a21d435885ddefb7589?nocache=1

    The SpeechNotification.exe is a notification sub-process of APS and is used for sending telephone call (voice) notification messages to mobile phones using supported modems.

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\StopRecorderNotification.exe”

    https://www.virustotal.com/gui/file/feb27655b5349c01c3ef3e25a7aa07cedb9d28bbf6f58230bcd7bd01c5d100a2?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\TrapNotification.exe”

    https://www.virustotal.com/gui/file/82a0808ef0e41e45ccc8a85afe6ee4c12c308ab22d944f643ecc0b58f53dc5fb?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\VPNAuthen.exe”

    https://www.virustotal.com/gui/file/44545a24546ae4c7c5584a9daeb5793020d5f8f93eef7b174810a8bb1a0732f7?nocache=1

     

    “C:\Program Files (x86)\AKCP\AKCPro Server\bin\WindowsNotification.exe”

    https://www.virustotal.com/gui/file/9afb533f909750e24e500909c7806e734210b0feebaa985abb878a4a411a2c9c?nocache=1

    The WindowsNotification.exe is a notification sub-process of APS and is used for sending Windows alerts (requires the Windows Alert installed on the target machine).

     

    No comments

    Post Top Ad

    Post Bottom Ad