Security Basics mailing list archives

Re: Firewall question - how easy is it to get thru - Proof

From: Gichuki John Chuksjonia <chuksjonia () gmail com>
Date: Thu, 17 Feb 2011 20:01:35 +0300

Google, FW Evasion, you will find much more information.






On 2/16/11, Max Chow <maxchowhk () gmail com> wrote:

Philippe

very simple, you will not be the only one so if I can found any one
like you, send you a mail, give you a usb with program or get to a web
page somewhere, then I can remote control your computer from inside.

So now you can calculate how long we need to do it..... Anytime.
because the vulnerability will be from anyone of any reason because of
any reason. ... Like a bad mouth IT guy get someone in the company
angry?

Max


On 14 February 2011 22:53, Rivest, Philippe
<PRivest () transforcecompany com> wrote:

Quick question.



When I do an audit and when I find a major flaw or deficiency, IT always
tells me "its because your in the internal LAN, we have a firewall
protecting us". I know you have all heard that. So I try to explain that
you could attack thru physical security, social engineering, virus and a
lot of other ways and in the end I always add "Someone more "expert" in
Firewall could bypass it".



I don't really need a "how-to" but I'm looking for proof and a time frame
on how long it normally takes for a real hacker/cracker to attack and
bypass (where possible) a Firewall control (IPS/IDS also!).



I know this is not a click-click your done type of job, but I know its
possible.



Thanks for any links or advice!





Important:
Please note that my new email address is privest () transforcecompany com
Please note that my new website address is
http://www.transforcecompany.com

SVP Veuillez noter que ma nouvelle adresse courriel est
privest () transforcecompany com
SVP Veuillez noter que ma nouvelle adresse web est
http://www.transforcecompany.com



Philippe Rivest - CISA, CISSP, CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Vérificateur interne - Sécurité de l'information
Linkedin: http://ca.linkedin.com/pub/philippe-rivest/20/19a/232

6600 Saint-François
Saint-Laurent (Quebec) H4S 1B7
Tel.: 514-331-4417

Fax: 514-856-7541
www.transforcecompany.com




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and
how your customers can tell if a site is secure. You will find out how to
test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted
to help you ensure efficient ongoing management of your encryption keys
and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



-- 
-- 
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosigmer () inbox com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: Vulnerability Data, (continued)
- Re: Vulnerability Data Jeffrey Walton (Feb 15)
- Re: Vulnerability Data lonervamp (Feb 11)
  - RE: Vulnerability Data Mikhail A. Utin (Feb 15)
  - Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Francois Yang (Feb 15)
    - RE: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)
    - RE: Firewall question - how easy is it to get thru - Proof Mark Brunner (Feb 18)
    - Re: Firewall question - how easy is it to get thru - Proof Todd Haverkos (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Jan Muenther (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Max Chow (Feb 17)
    - Re: Firewall question - how easy is it to get thru - Proof Gichuki John Chuksjonia (Feb 18)
    - Re: Firewall question - how easy is it to get thru - Proof Robson de Oliveira Albuquerque (Feb 17)
    - Re: Firewall question - how easy is it to get thru - Proof Ansgar Wiechers (Feb 17)