Hi,
As this is my first post on the VIPER blog, let me start by introducing myself. I am Abhijeet Hatekar, one of the research engineers working in VIPER Lab for the past 20 months. I am also author of the OCS assessment tool, which I am going to talk about in this post. The OCS assessment was released on the 1st of April, 2009 at VoiceCon Orlando.
Microsoft’s Unified Communications solutions help streamline communications between people and organizations, bringing together e-mail, calendaring, voice mail, IM and presence, VoIP, audio, video, and Web conferencing: components that, when unified, do not require major changes to the network design. Looking at the cost benefits of UC and the rich features provided by OCS, the industry has started adopting and deploying OCS in their networks.
Enterprise users can start leveraging the benefits and the power of integration that Microsoft built in Office Communication Server. While enjoying this ease and integration strength, we should not overlook single points of failure, such as a single security vulnerability that can be used to attack the entire enterprise.
For example, OCS integrates Active Directory, Microsoft Exchange and the Outlook client together. In this situation, if a single user account is compromised, then the entire network could be exposed to the attacker – thanks to the power of integration. But this doesn’t mean we should not integrate things. The best way is to make sure your integration power does not fall into the wrong hands is by regularly performing Vulnerability Assessments of your network infrastructure.
Now that you have decided to assess your OCS infrastructure, you might start looking for freely available tools for OCS security. You will find that no free or commercial tools exists to help you test the security of your OCS deployment.
In VIPER Lab, we realize this need and developed a free tool using our research & discoveries, in order to help security professionals and OCS Administrators. We decided to name it the OCS Assessment Tool ( OAT).
Written in C# using the Microsoft UC SDK, OAT is released under the BSD Licence on sourceforge.net. Before installing OAT make sure you have .Net Framework 2.0 or above is nstalled on the system.
OAT has a handful of valuable assessment features that can be used with your OCS server:
- Online Dictionary Attack
- Presence Stealing
- IM Flood security test against Single/domain/contact list user(s).
- Call walking security test against domain/Contact List users.
- Reports
A detailed description of the above features and their usage can be found here.
OAT can work in two different scenarios, based on your assessment needs.
- Internal Network Attack Mode
Internal Network Mode simulates attacks from the internal IP network, where the attacker has unrestricted access to shared resources and reachability to servers.
- External Network Attack Mode
External Network Attack Mode simulates the real world attack scenario in which an attacker is outside of the corporate IP network. An attacker sourced from outside of the firewall can not directly query the DC unless they know its hostname.
The OAT GUI interface is designed to begin with the Dictionary Attack feature, followed by various tabs configured to launch attacks against legitimate users from the assessed domain.
The OAT quick started guide willl help you to quickly get acquainted with the attack modes and features.
We are working on OAT v2.0 and will soon talk about it more in the up coming blog posts.
References:
