8. Nasza perspektywa
● Test penetracyjny – „proces
polegający na przeprowadzeniu
kontrolowanego ataku na system
teleinformatyczny, mający na
celu praktyczną ocenę
bieżącego stanu bezpieczeństwa
(...)”
Wikipedia
10. Security Appliance
Zazwyczaj:
● Brak aktualizacji
● Błędna konfiguracja
● Brak hardeningu
● Ujawnianie informacji
● Zbędne pakiety i zasoby
● Podstawowe błędy WWW
● Proste i stałe hasła
● Brak mechanizmów bezpieczeństwa (SELinux, AntiBruteForce)
● Stałe klucze/certyfikaty SSL (SelfSigned cert) - podsłuchiwanie
13. E-mail
Symantec Messaging Gateway (SMG)
Appliance 10.6.x management console was
susceptible to potential unauthorized loss of
privileged information due to an inadvertent
static link of an updated component library to a
version of SSL susceptible to the Heartbleed
vulnerability
Symantec Messaging Gateway Privilege Shell
Escape
15. Firewall
NSA – Shadow Broker – (10 000$?)
Here are some code names that I
extracted from the free files offered as
a teaser on the Shadow broker blog,
the main targets from this dump
appeared to be Fortinet, TopSec,
Cisco & Juniper firewalls.
18. Load balancer
'Name' => 'F5 BIG-IP SSH Private Key
Exposure'
F5 ships a public/private key pair on BIG-IP
appliances that allows passwordless
authentication to any other BIG-IP box. Since
the key is easily retrievable, an attacker can
use it to gain unauthorized remote access as
root.
22. Kopie zapasowe
'Name' => 'Veritas Backup Exec Remote Agent Overflow'
This module exploits a stack buffer overflow in the Veritas
BackupExec Windows Agent software. Reliable execution is
obtained by abusing the stack buffer overflow to smash a SEH
pointer.
'Name' => 'Symantec BackupExec Calendar Buffer Overflow'
This module exploits a stack buffer overflow in Symantec
BackupExec Calendar Control. By sending an overly long
string to the "_DOWText0" property located in the
pvcalendar.ocx control, an attacker may be able to execute
arbitrary code.
24. Platformy bezpieczeństwa
AlienVault Unified Security Management Remote
Authentication Bypass Vulnerability
Cobalt Strike RCE. Active Exploitation Reported.
There is a remote code execution vulnerability in the
Cobalt Strike team server.
The reporter states that the attacker cleared logs from the
server, cleared the downloaded files, and cleared the
Cobalt Strike data model and log files.
25. Platformy bezpieczeństwa
Palo Alto - Attacking Next - Generation
Firewalls
Felix Wilhelm
Unauthenticated command execution against
management web interface.
Uses (shuffled) device master key as AES key
By default: p1a2l3o4a5l6t7o8
27. Tester bezpieczeństwa
'Name' => 'Wireshark LWRES Dissector
getaddrsbyname_request Buffer Overflow',
The LWRES dissector in Wireshark version 0.9.15
through 1.0.10 and 1.2.0 through 1.2.5 allows
remote attackers to execute arbitrary code due to
a stack-based buffer overflow.
28. Tester bezpieczeństwa
The following two issues combine
to constitute a pre-auth Remote
Code Execution vulnerability in
Metasploit Community, Express
and Pro.
33. Przed zakupem:
● Analiza ryzyka
● Testy urządzenia
● Ile czasu urządzenie będzie objęte
aktualizacjami?
● Częstotliwość aktualizacji oprogramowania
● Reakcje producenta na błędy
bezpieczeństwa
● Jak tworzone jest oprogramowanie
(SDLC)?
Dobre praktyki