All Categories Cosmog Configuration Security testing web applications in your internal network using Beagle Security Cosmog

Security testing web applications in your internal network using Beagle Security Cosmog

By Neda Ali
August 3, 2023

 1.png 

What is Beagle Security Cosmog? 

 Beagle Security Cosmog is a module for testing the security of applications residing inside your internal networks. Many organizations might have internal applications like management portals, HR applications or test/pre-release environments that are accessible only within their corporate network. 

 The Cosmog setup enables you to run security tests on these web applications and APIs in your internal networks without having to expose them to the internet. 

 It is in essence a private and secure tunnel between the Beagle Security platform and your internal network. It involves three components: the Cosmog server, the Cosmog client and Cosmog profiles.  

  • Cosmog server – The Cosmog server is a centralized piece of computer software that provides functionality and computations from the Beagle Security platform for the Cosmog client. Its purpose is to receive requests from the Cosmog client, perform the desired action and send a response back to the client, typically with a result or acknowledgment. 

  • Cosmog client – The Cosmog client is a system that materializes itself through a Docker using remote services from the Cosmog server and initiates communication sessions with it awaiting an incoming request.  

  • Cosmog profile – Cosmog profile allows you to allocate an IP address to the Cosmog client and mention the IP range of the applications in your internal network.  

 

Why do you need to run security tests for applications in your internal network? 

Big companies tend to have a lot of internal web applications residing in their private network for a wide range of internal tasks. These applications are typically used by only the company employees and have very little to no security in place to fend off any cyber-attack. 

Attackers could reach these internal systems without much trouble. This could be through an email with a malicious attachment sent to one of your employees, for example. If the internal applications do not have any sort of hardening in place, it makes it easy for an attacker to initiate chain attacks after gaining an initial foothold. 

Organizations often forget the threat insiders pose as well. Authenticated tests against privileged user roles can give you a complete picture of how dangerous a regular insider can be with the sort of information available for them. 

Finding out the known and unknown vulnerabilities of internal apps through a penetration test can help you to significantly reduce risks and improve the security posture of these applications. Moreover, certain compliance standards require you to submit audit reports for internal application scans. 

 

How does Beagle Security Cosmog work? 

In terms of setup, all you have to do is install an on-prem Cosmog client in a host machine inside your internal network. The client will connect with the Cosmog server to create a secure tunnel between the Beagle Security platform and your organization’s network. 

A single installation is necessary to run penetration tests for all the applications in your private network. If required, you have the option to set up different profiles, each responsible for a separate internal network or location. 

Once you start a penetration test, the Cosmog server will be ready to accept the connection from the Cosmog client. Now, starting the Cosmog client will establish a secure channel between Beagle Security and your network. This ensures that all traffic for the penetration test is end-to-end encrypted. 

 

Beagle Security Cosmog installation 

Currently, the Cosmog client has to be installed as a Docker container. You’ll have to configure a Cosmog profile to get started. 

 

Adding a Cosmog profile 

  1. Click on your profile dropdown and select Settings  

  1. Select Organization --> Cosmog configuration  

  1. Click on Add New Profile button  

  1. Give it a Profile name, select Bridge IP address, Test IP range, and click Save 

 2.png 

Bridge IP address – A distinct IP address that must be assigned to the Cosmog client. Please make sure that the IP address is not already assigned to any internal device or system.   

Test IP range – The IP address/IP range of the application(s) that need to be security tested. It should be specified as a CIDR range.  

Read more: https://www.geeksforgeeks.org/classless-inter-domain-routing-cidr/ 

 

Cosmog client installation process 

For installing the Cosmog client in your network, follow the below procedure:  

  1. Click on your profile dropdown and select Settings  

  1. Select Cosmog configuration under Organization  

  1. Select a Profile and click on the Install button  

  1. From the resulting pop-up modal, select the platform and the installation type (Note: If your host machine runs on Mint, Ubuntu, etc., you can select the Platform as Debian and if it's Fedora, Red Hat, etc., you can select as CentOS.) 

  1. Copy the command and run it on your host machine 

  1. You’ll see 3 command options when running Cosmog 

 Cosmog Start: To start tunnel 

Cosmog Stop: To stop tunnel 

Cosmog Status: To check the tunnel status 

 3.png

 4.png

 

How to add an internal application and start a test? 

  1. While adding a new application, you can opt for a Public or Internal application   

  1. After selecting Internal, you can then select whether it’s a web application or API and provide the Project Name and Application name  

  1. Next, select the relevant Cosmog client profile, and enter the URL and port number. By default, the port will be selected as 80. 

 5.png 

  1.  Click on the Test button to check the connection  

  1.  Add user input (if required) and click on the Start test button  

  1. On starting the test, the Cosmog server will start. After this the client connection is checked.  

  1. Use the Cosmog Start command in your host machine to start the tunnel and establish the Cosmog server-client connection. The target application will be checked and proper tunneling is ensured. Through this tunnel, Beagle Security's test engine will start the automated penetration test. 

Note: Since these are applications in your internal network, the IP address can remain the same for different instances or assets at any point. It is the responsibility of the user to ensure that different applications are being tested correctly.  

6.png

Understanding the errors that may occur when you start a test 

 Certain errors may occur when you initiate a test if your Cosmog profile or client is not set up correctly. Understanding the following conditions can help you fix the issues when starting a test. 

 Condition 1 

 Cosmog Server Status: Down 

Cosmog Client Status: Down 

Web Application Status: Down 

 7.png

This condition can occur due to any of the following reasons: 

  1. User did not click the Start Test button 

  1. User did not create a Cosmog profile which allocates an IP address to the Cosmog client 

  1. User must have deleted the created Cosmog profile 

     

Condition 2  

Cosmog Server Status: Up 

Cosmog Client Status: Down 

Web Application Status: Down 

 8.png

This condition can occur due to any of the following reasons: 

  1. User did not install the Cosmog client 

  1. Cosmog client may not be running properly. In such a case, please get in touch with our support team 

 

Condition 3  

Cosmog Server Status: Up 

Cosmog Client Status: Up 

Web Application Status: Down 

 9.png

This condition can occur when Beagle Security is not able to access the user’s application.  

 

Was this article helpful?

Thanks for your feedback!