Re: Firewall question - how easy is it to get thru - Proof

[Francois Yang <francois.y () gmail com>]

Read up on browser exploit and how it can bypasses firewalls.
once an internal computer is compromised it can be used as a launching
pad to attack internal servers.
Do you have any web filtering systems? or ips/ids monitoring web access?
Is your network a flat lan where your users are on the same lan as
your critical servers?
how often are your servers and workstation updated?
etc.....there's more, but the browser exploit is a good example how a
firewall is not good enough now days.
Also what kind of FW do you have? a standard FW won't look at the
application layer so someone can send anything thru an open port.
hope this helps a little.

Frank

On Mon, Feb 14, 2011 at 8:53 AM, Rivest, Philippe
<PRivest () transforcecompany com> wrote:
> Quick question.
>
>
>
> When I do an audit and when I find a major flaw or deficiency, IT always tells me "its because your in the internal 
> LAN, we have a firewall protecting us". I know you have all heard that. So I try to explain that you could attack 
> thru physical security, social engineering, virus and a lot of other ways and in the end I always add "Someone more 
> "expert" in Firewall could bypass it".
>
>
>
> I don't really need a "how-to" but I'm looking for proof and a time frame on how long it normally takes for a real 
> hacker/cracker to attack and bypass (where possible) a Firewall control (IPS/IDS also!).
>
>
>
> I know this is not a click-click your done type of job, but I know its possible.
>
>
>
> Thanks for any links or advice!
>
>
>
>
>
> Important:
> Please note that my new email address is privest () transforcecompany com
> Please note that my new website address is http://www.transforcecompany.com
>
> SVP Veuillez noter que ma nouvelle adresse courriel est privest () transforcecompany com
> SVP Veuillez noter que ma nouvelle adresse web est http://www.transforcecompany.com
>
>
>
> Philippe Rivest - CISA, CISSP, CEH, Network+, Server+, A+
> TransForce Inc.
> Internal auditor - Information security
> Vérificateur interne - Sécurité de l'information
> Linkedin: http://ca.linkedin.com/pub/philippe-rivest/20/19a/232
>
> 6600 Saint-François
> Saint-Laurent (Quebec) H4S 1B7
> Tel.: 514-331-4417
>
> Fax: 514-856-7541
> www.transforcecompany.com
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------