下载PDF
Rapid7 > 实例探究 > Nexpose Busts Security Violations at Redflex Traffic Systems
Rapid7 Logo

Nexpose Busts Security Violations at Redflex Traffic Systems

技术
  • 网络安全和隐私 - 网络安全
  • 网络安全和隐私 - 端点安全
  • 网络安全和隐私 - 安全合规
适用行业
  • 安全与公共安全
  • 运输
适用功能
  • 商业运营
  • 质量保证
用例
  • 入侵检测系统
  • 监管合规监控
  • 远程资产管理
服务
  • 系统集成
  • 网络安全服务
  • 培训
挑战
When Eric Nooden joined Redflex as Information Security Specialist, he found many out-of-date server operating systems. Because system stability was a priority with Redflex proprietary solutions, no one wanted to risk outages. The systems administrators were nervous about patching servers, fearing they might break them. The Redflex team had multilayer security in place, with firewalls, anti-virus software, and other technologies, but no dedicated security personnel to manage them. The undermanaged security posture was more reactive than proactive, and Nooden joined Redflex to change that. Additionally, because Redflex passes financial transactions to processing institutions, its systems must pass SAS 70 audits and comply with data protection standards such as Payment Card Industry Data Security Standard (PCI DSS) to avoid fines.
关于客户
Redflex Traffic Systems, Inc. is the longest consistently operating company in the growing road-safety camera industry in the United States, with more than 20 years of experience partnering with cities to make an impact on dangerous driving behaviors. Redflex technology has proven its impact on U.S. public safety. Its road safety cameras have helped create safer communities. Rates of running stop signs, red lights, and railroad crossings—and subsequent accidents—drop significantly when people know they might get a ticket. Advanced license-plate reading technology cross checks numbers against police databases and alerts law enforcement when matches occur. Redflex video is also valid evidence for court proceedings. The heart of the Redflex solution is a high-end database that receives and processes all traffic video through secure connections. The system identifies violations and, with client approval, generates tickets and mails them to violators. Because Redflex passes financial transactions to processing institutions, its systems must pass SAS 70 audits and comply with data protection standards such as Payment Card Industry Data Security Standard (PCI DSS) to avoid fines. The data center also includes a range of standard business applications on a mix of Windows and Unix servers.
解决方案
Among the solutions Nooden inherited were vulnerability-scanning systems from three vendors. One of these systems was a Rapid7 Nexpose Enterprise Edition appliance. Nooden put it to work, performing a system-wide scan across all databases, Web servers, network components, and user computers. Nexpose scans for more than 14,000 vulnerabilities and performs about 54,500 checks to locate and identify threats and assess their risk to the environment. Integration with Metasploit provides remote scan control, exploit identification, and automated exploitation functionality. The scan report uses SANS guidelines to rank potential vulnerabilities according to severity, helping Nooden to prioritize tasks. The report also includes step-by-step procedures for effective remediation. Initial Nexpose scans found default passwords in many devices, especially in the network, identified easily exploitable vulnerabilities in unpatched server operating systems, and gave step-by-step plans to quickly address them. Nooden says the Nexpose user interface is highly intuitive and the reports are comprehensive. “It’s so straightforward, I didn’t need any formal training,” he says. But he hired a Rapid7 Professional Services consultant to teach him how to fine-tune configurations to look for specific information. Nooden uses Nexpose to scan critical systems daily and others weekly or monthly. He relies upon the information in scan reports to issue change requests with the appropriate server, network, and desktop administrators and track when vulnerabilities are fixed. Rapid7 Technical Support resolves his questions quickly, often within a few minutes.
运营影响
  • Of its three vulnerability-scanning solutions, Redflex only renewed its license for Rapid7 Nexpose. Nexpose catches vulnerabilities that other solutions miss and has shown no false-positives.
  • Rapid7 Nexpose Enterprise Edition provides detailed information that assisted the Redflex staff with a database upgrade project that increased the security posture of proprietary systems without compromising stability.
  • Nexpose helps prove compliance with financial standards and regulations, ensuring that Redflex meets necessary data protection standards.
数量效益
  • Nexpose scans for more than 14,000 vulnerabilities and performs about 54,500 checks to locate and identify threats.
  • Initial Nexpose scans found default passwords in many devices, especially in the network, and identified easily exploitable vulnerabilities in unpatched server operating systems.

相关案例.

联系我们

欢迎与我们交流!

* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

Thank you for your message!
We will contact you soon.