Penetration Testing mailing list archives

Re: IPSO/Secure Platform audit

From: Volker Tanger <vtlists () wyae de>
Date: Thu, 18 Aug 2005 23:55:47 +0200

Greetings!

On Thu, 18 Aug 2005 13:00:50 +0100
Dan Rogers <pentestguy () gmail com> wrote:

I'm currently reviewing a Check point/Nokia box and a Secure Platform
manager. The settings in Voyager are all good, and likewise the Web
GUI of the SPLAT manager is fine, they're both patched and the policy
is also clean - but I want to ensure the o/s themselves are ok.


I assume you already checked the rulebase e.g. for SSH-Allow from
outside and VPN- or SecureClient rules, did you?

Unless you have the possibility to check that all binaries (esp. SSH and
other listening servers) are 100% genuine there is no way to ensure
that. IPSO and SPLAT are just plain BSD and Linux after all, so creating
custom binaries is not that much of a problem.

I am concerned that a previous administrator may have left himself
access by the back-door somehow - but am not in a position to rebuild
them to be sure. What else would you lot check for?


Are you *concerned* or do you have no reason to worry and just do "a
proper handover". If you have reason to torry, you really should do a
reinstall and do a thorough audit of the ruleset. 

If management does not allow that, let them give you that order in
writing ("We have received your warning of DATE about a possible
compromise of the firewall system(s) by the former administrator NAME,
but decided against your proposal...") to cover your butt.

Bye

Volker


-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Current thread:

IPSO/Secure Platform audit Dan Rogers (Aug 18)
- Re: IPSO/Secure Platform audit Volker Tanger (Aug 18)
- <Possible follow-ups>
- Re: IPSO/Secure Platform audit Olasupo Lawal (Aug 18)
  - RE: IPSO/Secure Platform audit Erin Carroll (Aug 19)
- RE: IPSO/Secure Platform audit Matthew MacAulay (Aug 19)