Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

writing an application that will perform client authentication (to a ch

from [Erez Shtang (NEW)] Network Security [Permanent Link]
Subject: writing an application that will perform client authentication (to a check point firewall-1) automatically
Date: Sun, 24 Oct 2004 18:49:32 +0200 
Dear World.. 

 
I have wrote a short draft design description for an application that I need
for one of my customers.
I was wandering if anyone has seen anything like it around that I can use

I'd appreciate any feedback directly – (put me in BCC if u also want to
distribute this to the list)



Here it starts: 


Title: *** Client authentication – automation agent for windows servers
******** 


Abstract:
===================================================
one of the options to perform authentication to a firewall-1 is client
authentication.
In cases where this is required for server to server communication but only
after authentication  while passing through a firewall, User intervention is
needed to access the firewall over (telnet firewall 259) or
(http://firewall:900 <http://firewall:900/> ) , a 3rd alternative is to
perform the last operation over SSL – which requires additional firewall
configuration.

The requested client should support traversing and authenticating over 2
firewalls where each needs a different set of parameters for client
authentication.

When Server A will want to open a tcp/udp connection to server B it  will
need to pass via a firewall rule such as this one in each firewall:

Firewall Example rule:  SRC=SRV_A , DST=SRV_B action=client_authentication

what do we ask for:
===================================================
The need is for an autonomous application which will perform those tasks
automatically upon its execution.
 

Requirements from the application:
===================================================
1.   The application will use an encrypted input file which will 
     Store passwords and usernames


2.   The application will use a CLI 
           (or a gui.. whatever is easier to do) parameters to 
     add / delete / modify parameters regarding each 
     firewall and its authentication in the .ini parameters file,


3. The application will support minimum of  2 firewall records


4  . The parameters that the application will need to handle are:

   4.1 the firewall's IP

  4.2  the port on which client authentication 
       listens (http on 900) (or for example: https on 9090) 
   4.3  the authentication method – http or https 

  4.4  priority number – which record should be performed first

 4.5  work mode: loop every x minutes. 
      Or: one time (the application will
      re-authenticate every x minuts .. in a loop)

4.6   The application will have ability to run as a 
     system service or as a standard executable.

 4.7  The application will have a detailed cyclic 
      log file – limited to 5 MB.

4.8   all parameters entered via the CLI will be stored 
      in the .ini file in an encrypted way – 
      so that notepad or any hex editor will not be able to 
      read the info.

4.9   Each record will have an abort-timeout parameter

4.10   Each record will have a – numbers of retries parameter 
       for authentication 

   4.11The application will modify environment
      variables and registry to    reflect the status: 
      authenticated , not authenticated ,
      error####_date_&_time) entry for external
      applications to read. When "error#### will be 
      detailed in the application log"

  
=================================================================

Erez Shtang
Consulting & Information Security Projects Professional Services –
Sub-Contractor for Check Point resellers
* Email / MSN Messenger: erezsht@netvision.net.il

* My Skype <http://www.skype.com/>  Internet Phone:   CALLTO://erez_shtang 
=================================================================



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.778 / Virus Database: 525 - Release Date: 15/10/04
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • writing an application that will perform client authentication (to a check point firewall-1) automatically, Erez Shtang (NEW) <=
Previous by Date:  Re: SSL-VPN Opinion - Slightly OT, xyberpix
Next by Date:  Re: Checkpoint VPN1-Edge connectivity problem, Brett King
Previous by Thread:  Cisco CBAC, Dan Tesch
Next by Thread:  Iptables rules comparation, J.R. Barreras
Indexes:  [Date] [Thread] [Top] [All Lists]