Security Basics mailing list archives
RE: Re: Firewall question - how easy is it to get thru - Proof
From: Omar Salvador Alcalá Ruiz <oalcala () scitum com mx>
Date: Thu, 17 Feb 2011 11:38:48 -0600
Hi Well, from your answer about a specific study on how long it can take an attacker to bypass a FW, I think you can see the answer: It depends, as easy as two minutes, as long as 3 months. Many factors: 1.- HUMAN (easiest to bypass). 2.- Allowed App or OS Vulnerability that the Firewall won't see (ever). 3.- Rule set (misplaced rule, no deny-all in the end, and so on). 4.- Routing bypass (if the network architecture has a flaw) and correct networking segmentation. 5.- Evasion techniques (reassembly, encapsulation, encrypted communication, LOKI for example). 6.- "Trust" and forgery (ie: see Dan Kaminsky's DNS protocol flaw). 7.- Backdoor. 8.- Keylogger. ... So, the Firewall will help like a door, it will be just as secure as if you have the lock, plus the key, plus a magnet, plus many things... but if the guy in front of you opens it for you (so polite, but insecure), voilá, access granted :(. That's why I like to use the Defense in Depth concept (example: Layered FW + IPS + HIPS + encryption + Mail Filter). It will all depends on how valuable and cost-effective your controls need to be. HTH. Regards -----Mensaje original----- De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Rivest, Philippe Enviado el: miércoles, 16 de febrero de 2011 01:24 p.m. Para: Shane Anglin; security-basics () securityfocus com Asunto: RE: Re: Firewall question - how easy is it to get thru - Proof Thanks for the information, it is true that the easiest way to beat the firewall is to bypass it or use rules that allow the network transaction to occur, such as web browser attacks. On the Metasploit note, i have too add that Metasploit is a great tool :) In my current company i provide a hacking seminar of 3-4 hours and i show how to use Nessus & Metasploit together to perform 3 different hacks. 2 of which gives a reverse meterpreter shell. Everyone is surprised at how "easy" and "quick" it is once you identify the vulnerability. Thats one of the source of my initial question. I'm always challenged on "Well in your seminar you have no firewall"... It kinda bugs me that people put so much trust on that technology alone. Thats why i'd like to get information & papers that shows how easy it is to simply break/attack directly the firweall and (between you and i) own it. Important: Please note that my new email address is privest () transforcecompany com Please note that my new website address is http://www.transforcecompany.com SVP Veuillez noter que ma nouvelle adresse courriel est privest () transforcecompany com SVP Veuillez noter que ma nouvelle adresse web est http://www.transforcecompany.com Philippe Rivest - CISA, CISSP, CEH, Network+, Server+, A+ TransForce Inc. Internal auditor - Information security Vérificateur interne - Sécurité de l'information Linkedin: http://ca.linkedin.com/pub/philippe-rivest/20/19a/232 6600 Saint-François Saint-Laurent (Quebec) H4S 1B7 Tel.: 514-331-4417 Fax: 514-856-7541 www.transforcecompany.com -----Original Message----- From: Shane Anglin [mailto:shane.anglin () gmail com] Sent: 16 février 2011 14:19 To: security-basics () securityfocus com; Rivest, Philippe Subject: RE: Re: Firewall question - how easy is it to get thru - Proof Some detail on how such a think can occur. somehow, the 'bad guy' tricks a target LAN user to connect his web browser to the bad guy's web server/page (phishing, social engineering, etc). the requested web page maliciously loads some web browser exploit on the target LAN user's machine, and the exploit runs. The exploit could, for example, be one that simply opens up a session reversed back to bad guy's web server.. And now bad guy has a link inside the target LAN network via the target LAN machine to scan from, load more code onto target LAN machine, etc. and all happening along the HTTP(port 80) or HTTPS (port 443) that the target LAN user initiated, and occurring within the allowed firewall rules, demonstrating that firewall technology alone is not a magic pill . Metasploit is a great tool to perform such attacks. I suggest reading a bit on Metasploit's meterpreter reverse tcp basics. Regards, Shane Anglin Shane.Anglin () gmail com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Firewall question - how easy is it to get thru - Proof vedantamsekhar () gmail com (Feb 17)
- <Possible follow-ups>
- RE: Re: Firewall question - how easy is it to get thru - Proof Shane Anglin (Feb 17)
- RE: Re: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)
- RE: Re: Firewall question - how easy is it to get thru - Proof Omar Salvador Alcalá Ruiz (Feb 18)
- Re: Re: Firewall question - how easy is it to get thru - Proof John Morrison (Feb 18)
- RE: Re: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 18)
- Re: Re: Firewall question - how easy is it to get thru - Proof John Morrison (Feb 18)
- Windows Authentication Robert . Yung (Feb 22)
- RE: Re: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)