Security Basics mailing list archives
RE: Checkpoint smart defance as IPS
From: "Craig S. Wright" <craig.wright () Information-Defense com>
Date: Mon, 7 Jun 2010 18:21:41 +1000
I do not memorise software costs. I stated I would obtain them. I suggest that you check the Wireshark page. And yes, with the key, Wireshark does this. With an RA, you have the key. Too simple for you? I would strongly recommend that you do some reading on some of the topics you are attempting to argue. Regards, ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd -----Original Message----- From: Shreyas Zare [mailto:shreyas () secfence com] Sent: Monday, 7 June 2010 6:13 PM To: craig.wright () information-defense com Cc: security-basics () securityfocus com Subject: Re: Checkpoint smart defance as IPS Hi Craig, Just stop running around the bush. First you do lot of arguments and when it comes to prove it practically you try to divert the topic to things which don't relate to what you were talking in previous post (like for example, I remember you claimed in a post that SSL can be decrypted even with wireshark) For this challenge, there are only two possible outcomes; either *you* can do MITM and hence prove your point or *you* cant do MITM and you lose your point, its as simple as that. Regards, Shreyas Zare Sr. Information Security Researcher Secfence Technologies www.secfence.com On Mon, Jun 7, 2010 at 1:35 PM, Craig S. Wright <craig.wright () information-defense com> wrote:
We are talking an enterprise solution, not an attack. Setting an RA up is not an attack. I do not think you are getting this point. You keep
crossing
the attack path with an enterprise software solution. An attacker would
not
use an RA that they have been legitimately issued. There is a trail. All certs have to be signed by the RA which is chained to a trusted CA. This means that there is no error in the browsers, but a forensically sound evidence trail is created. Costs vary. The CP license is the start. An acceptable CA solution (such
as
RSA's) is a software cost based on users and deployment. Policy and
process
I already have. Hardware I have. I will need quotes for this and this will take a few days. An attacker would have little or no real cost. Compromising hosts is a
time
factor. As for that, the costs here for an attacker is to gain a signed cert. One signed root cert means that they can intercept anything. It is not a cert per site. I also think you missed this. Here there are 2 options - create one or buy one. Mozilla has already removed false certs. So they exist. Regards, ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd -----Original Message----- From: Shreyas Zare [mailto:shreyas () secfence com] Sent: Monday, 7 June 2010 5:44 PM To: craig.wright () information-defense com;
security-basics () securityfocus com
Subject: Re: Checkpoint smart defance as IPS Hi Craig, Can you give some rough estimations for this in USD just for the argument sake? And I would still reiterate that the costs involved for interception are part of the system designed to protect. Regards, Shreyas Zare Sr. Information Security Researcher Secfence Technologies www.secfence.com On Mon, Jun 7, 2010 at 12:03 PM, Craig S. Wright <craig.wright () information-defense com> wrote:An attacker does it for economic gain. Your idea is that I pay for the benefit of demoing how foolish you are being with a dogmatic belief in a falsity. You made the challenge, you bear the costs. ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd -----Original Message----- From: Shreyas Zare [mailto:shreyas () secfence com] Sent: Monday, 7 June 2010 3:54 PM To: craig.wright () information-defense com Cc: security-basics () securityfocus com Subject: Re: Checkpoint smart defance as IPS Hi Craig, On Mon, Jun 7, 2010 at 3:25 AM, Craig S Wright <craig.wright () information-defense com> wrote:An RA is an internal CA, it is trusted by chaining. Please read up onthisbefore making arbitrary comments. Yes, there is a cost to this and I
have
not commented on this as this will vary, but then a Checkpoint license
is
also a cost.You talking about costs involved in the interception is exactly what my point is. To do the kind of attack, attacker needs quite a lot resources. You can do whatever necessary to prove a MITM attack for the challenge. Its not my concern, as far as I am concern, I am just a victim in this experiment. On Sun, May 30, 2010 at 2:40 AM, Craig S. WrightThis is blatantly false. IDS, IPS, Wireshark even all have SSL decryption capabilities. There is no requirement for a separate proxy.You can use wireshark, no problem!Again, SSL is perceived by many as secure. So what? Security is not perception. This is a point that you continue to miss. Again, SSL is about privacy, not security. Privacy can be a part of a security solution, but it is not security in itself.SSL was designed to prevent eavesdropping and it works as designed. While there are many type of attack scenario possible, its still secure for use in e-commerce. It surely cant prevent users from social engineering or vulnerabilities in their browser implementation. Whatever point you put every time, I too know those technicalities. So instead of discussing it further, I would like you to prove your point with the practical experiment I had suggested. If there is something that I really didn't know or understand then it would be great thing for me and many people on the list reading this. As far as costs are concerned, you don't ask your victim to pay up for the attack. Regards, Shreyas Zare Sr. Information Security Researcher Secfence Technologies www.secfence.com
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Checkpoint smart defance as IPS, (continued)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S Wright (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 09)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 03)
- Certificate Authority Question Craig S. Wright (Jun 03)
- Message not available
- Re: Certificate Authority Question Shreyas Zare (Jun 07)