Security Basics mailing list archives
RE: Firewall question - how easy is it to get thru - Proof
From: "Mark Brunner" <kohi10 () rogers com>
Date: Thu, 17 Feb 2011 11:22:26 -0500
Phillipe, Your question assumes that we understand the firewall's ruleset. Firewalls can only reject malicious or improperly formed packets, addresses, or session states. It does this based on configurable rules. Whatever the rules are determines what gets in and what gets dropped. New firewalls integrate with Active Directory, web content filters, DLP and other appliances to add greater controls. In the real world, many attacks are making their way into businesses via SQL injections. Drive-by web attacks and Fake A-V are other examples of firewall bypass. These work because they appear to the firewall to be real, normal traffic. Firewalls need to be augmented, with things like Web-application firewalls, enforced hardening, IPS/IDS/DLP, content filtering, extensive patch and vulnerability management practices, access/privilege standards and user education. Example of SQL Injection: Anonymous recently attacked HBGary and HBGary Federal, using SQL Injection to get at a server. Once inside, they compromised an email server. They took over key email identities, and used Social Engineering to get passwords. They got root, and did all kinds of mischief and mayhem. Examples of DIRECT firewall attacks: In 2010, a security researcher demonstrated a novel attack at the CanSecWest security conference. He calls his technique the "Jedi Packet Trick". It installs a VPN inside a firewall by hacking the firmware of the firewall's networking interface cards. Two researchers from the French Network and Information Security Agency developed an attack that exploits a bug in a remote-management feature in Broadcom's NetXtreme cards. Their attack installs a back door on a Linux computer, though they claim that it could easily be modified to target any operating system. There have been more recent vulnerabilities announced in many wired and wireless firewalls and routers. Check the CVE database at NIST or Mitre for those. If you want more proof of attacks, I suggest that YOU do your own research, and start by Googling some of the terms above. Just my 2¢. Mark B. Information Security Manager & Consultant Greater Toronto Area, Ontario Canada -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Rivest, Philippe Sent: Tuesday, February 15, 2011 3:53 PM Cc: security-basics () securityfocus com Subject: RE: Firewall question - how easy is it to get thru - Proof Hi, I'D like to thank everyone for your very good answers. I'm however looking for a proof of concept on how easy/quick it would be for a hacker/cracker to bypass a firewall. Lets take a generic Checkpoint or what ever you want. I know of a few ways to bypass layer 3 controls, such as web browsers and applications issues. The outbound solution provided earlier is really true! But lets say they do all that. They have a single PC and a Firewall and an Internet connexion. How hard (proof) would it be to just attack the FW and get thru it? Without any circumvention. Just plain "brute force" :P I dont care too much about detection. I'm looking for the level of difficulty & the time frame. Any documents would be more than appreciated! Thanks :P Important: Please note that my new email address is privest () transforcecompany com Please note that my new website address is http://www.transforcecompany.com SVP Veuillez noter que ma nouvelle adresse courriel est privest () transforcecompany com SVP Veuillez noter que ma nouvelle adresse web est http://www.transforcecompany.com Philippe Rivest - CISA, CISSP, CEH, Network+, Server+, A+ TransForce Inc. Internal auditor - Information security Vérificateur interne - Sécurité de l'information Linkedin: http://ca.linkedin.com/pub/philippe-rivest/20/19a/232 6600 Saint-François Saint-Laurent (Quebec) H4S 1B7 Tel.: 514-331-4417 Fax: 514-856-7541 www.transforcecompany.com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Francois Yang Sent: 15 février 2011 11:13 To: drmarkabaiter () gmail com Cc: security-basics () securityfocus com Subject: Re: Firewall question - how easy is it to get thru - Proof Read up on browser exploit and how it can bypasses firewalls. once an internal computer is compromised it can be used as a launching pad to attack internal servers. Do you have any web filtering systems? or ips/ids monitoring web access? Is your network a flat lan where your users are on the same lan as your critical servers? how often are your servers and workstation updated? etc.....there's more, but the browser exploit is a good example how a firewall is not good enough now days. Also what kind of FW do you have? a standard FW won't look at the application layer so someone can send anything thru an open port. hope this helps a little. Frank On Mon, Feb 14, 2011 at 8:53 AM, Rivest, Philippe <PRivest () transforcecompany com> wrote:
Quick question. When I do an audit and when I find a major flaw or deficiency, IT always
tells me "its because your in the internal LAN, we have a firewall protecting us". I know you have all heard that. So I try to explain that you could attack thru physical security, social engineering, virus and a lot of other ways and in the end I always add "Someone more "expert" in Firewall could bypass it".
I don't really need a "how-to" but I'm looking for proof and a time frame
on how long it normally takes for a real hacker/cracker to attack and bypass (where possible) a Firewall control (IPS/IDS also!).
I know this is not a click-click your done type of job, but I know its
possible.
Thanks for any links or advice! Important: Please note that my new email address is privest () transforcecompany com Please note that my new website address is http://www.transforcecompany.com SVP Veuillez noter que ma nouvelle adresse courriel est privest () transforcecompany com SVP Veuillez noter que ma nouvelle adresse web est http://www.transforcecompany.com Philippe Rivest - CISA, CISSP, CEH, Network+, Server+, A+ TransForce Inc. Internal auditor - Information security Vérificateur interne - Sécurité de l'information Linkedin: http://ca.linkedin.com/pub/philippe-rivest/20/19a/232 6600 Saint-François Saint-Laurent (Quebec) H4S 1B7 Tel.: 514-331-4417 Fax: 514-856-7541 www.transforcecompany.com ---------------------------------------------------------------------- -- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4 42f727d1 ---------------------------------------------------------------------- --
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Vulnerability Data, (continued)
- Re: Vulnerability Data Richard Thomas (Feb 11)
- Re: Vulnerability Data Brad Bemis (Feb 15)
- Re: Vulnerability Data Saif El Sherei (Feb 15)
- Re: Vulnerability Data Jeffrey Walton (Feb 15)
- Re: Vulnerability Data Jeffrey Walton (Feb 15)
- Re: Vulnerability Data lonervamp (Feb 11)
- RE: Vulnerability Data Mikhail A. Utin (Feb 15)
- Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 15)
- Re: Firewall question - how easy is it to get thru - Proof Francois Yang (Feb 15)
- RE: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)
- RE: Firewall question - how easy is it to get thru - Proof Mark Brunner (Feb 18)
- Re: Firewall question - how easy is it to get thru - Proof Todd Haverkos (Feb 15)
- Re: Firewall question - how easy is it to get thru - Proof Jan Muenther (Feb 15)
- Re: Firewall question - how easy is it to get thru - Proof Max Chow (Feb 17)
- Re: Firewall question - how easy is it to get thru - Proof Gichuki John Chuksjonia (Feb 18)
- Re: Firewall question - how easy is it to get thru - Proof Robson de Oliveira Albuquerque (Feb 17)
- Re: Firewall question - how easy is it to get thru - Proof Ansgar Wiechers (Feb 17)