Security Basics mailing list archives

RE: Firewall question - how easy is it to get thru - Proof

From: "Rivest, Philippe" <PRivest () transforcecompany com>
Date: Tue, 15 Feb 2011 20:52:45 +0000

Hi,

I'D like to thank everyone for your very good answers. I'm however looking for a proof of concept on how easy/quick it 
would be for a hacker/cracker to bypass a firewall. Lets take a generic Checkpoint or what ever you want. I know of a 
few ways to bypass layer 3 controls, such as web browsers and applications issues. The outbound solution provided 
earlier is really true! 

But lets say they do all that. They have a single PC and a Firewall and an Internet connexion.
How hard (proof) would it be to just attack the FW and get thru it? Without any circumvention. Just plain "brute force" 
:P

I dont care too much about detection. I'm looking for the level of difficulty & the time frame.

Any documents would be more than appreciated!

Thanks :P


 
Important: 
Please note that my new email address is privest () transforcecompany com
Please note that my new website address is http://www.transforcecompany.com

SVP Veuillez noter que ma nouvelle adresse courriel est privest () transforcecompany com
SVP Veuillez noter que ma nouvelle adresse web est http://www.transforcecompany.com
 
 

Philippe Rivest - CISA, CISSP, CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Vérificateur interne - Sécurité de l'information
Linkedin: http://ca.linkedin.com/pub/philippe-rivest/20/19a/232
   
6600 Saint-François
Saint-Laurent (Quebec) H4S 1B7
Tel.: 514-331-4417
Fax: 514-856-7541
www.transforcecompany.com
 
 
 
 
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Francois Yang
Sent: 15 février 2011 11:13
To: drmarkabaiter () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Firewall question - how easy is it to get thru - Proof

Read up on browser exploit and how it can bypasses firewalls.
once an internal computer is compromised it can be used as a launching pad to attack internal servers.
Do you have any web filtering systems? or ips/ids monitoring web access?
Is your network a flat lan where your users are on the same lan as your critical servers?
how often are your servers and workstation updated?
etc.....there's more, but the browser exploit is a good example how a firewall is not good enough now days.
Also what kind of FW do you have? a standard FW won't look at the application layer so someone can send anything thru 
an open port.
hope this helps a little.

Frank

On Mon, Feb 14, 2011 at 8:53 AM, Rivest, Philippe <PRivest () transforcecompany com> wrote:

Quick question.

When I do an audit and when I find a major flaw or deficiency, IT always tells me "its because your in the internal
LAN, we have a firewall protecting us". I know you have all heard that. So I try to explain that you could attack
thru physical security, social engineering, virus and a lot of other ways and in the end I always add "Someone more
"expert" in Firewall could bypass it".

I don't really need a "how-to" but I'm looking for proof and a time frame on how long it normally takes for a real
hacker/cracker to attack and bypass (where possible) a Firewall control (IPS/IDS also!).

I know this is not a click-click your done type of job, but I know its possible.

Thanks for any links or advice!

Important:
Please note that my new email address is privest () transforcecompany com
Please note that my new website address is
http://www.transforcecompany.com

SVP Veuillez noter que ma nouvelle adresse courriel est
privest () transforcecompany com SVP Veuillez noter que ma nouvelle
adresse web est http://www.transforcecompany.com

Philippe Rivest - CISA, CISSP, CEH, Network+, Server+, A+ TransForce
Inc.
Internal auditor - Information security Vérificateur interne -
Sécurité de l'information
Linkedin: http://ca.linkedin.com/pub/philippe-rivest/20/19a/232

6600 Saint-François
Saint-Laurent (Quebec) H4S 1B7
Tel.: 514-331-4417

Fax: 514-856-7541
www.transforcecompany.com

----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this
guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it
benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and
who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Vulnerability Data Maverick (Feb 11)
- Re: Vulnerability Data Richard Thomas (Feb 11)
- Re: Vulnerability Data Brad Bemis (Feb 15)
- Re: Vulnerability Data Saif El Sherei (Feb 15)
- Re: Vulnerability Data Jeffrey Walton (Feb 15)
- Re: Vulnerability Data Jeffrey Walton (Feb 15)
- <Possible follow-ups>
- Re: Vulnerability Data lonervamp (Feb 11)
  - RE: Vulnerability Data Mikhail A. Utin (Feb 15)
  - Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Francois Yang (Feb 15)
    - RE: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)
    - RE: Firewall question - how easy is it to get thru - Proof Mark Brunner (Feb 18)
    - Re: Firewall question - how easy is it to get thru - Proof Todd Haverkos (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Jan Muenther (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Max Chow (Feb 17)
    - Re: Firewall question - how easy is it to get thru - Proof Gichuki John Chuksjonia (Feb 18)
    - Re: Firewall question - how easy is it to get thru - Proof Robson de Oliveira Albuquerque (Feb 17)
    - Re: Firewall question - how easy is it to get thru - Proof Ansgar Wiechers (Feb 17)