Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Pentesting Old unsupported Firewall Appliances

from [Security Guy] Network Security [Permanent Link]
Subject: Re: Pentesting Old unsupported Firewall Appliances
Date: Wed, 13 Jun 2007 09:38:44 -0400
On 6/11/07, Harold Castro <b0ydaem0n@yahoo.com> wrote: 
Hi,

I'm new in pen testing.
Recently, I came across this firewall appliance
running Apache/1.3.26
(Unix) mod_dtcl mod_ssl/2.8.10 OpenSSL/0.9.7 during an
external pentest.


Eeew.


1. First, find out what is the firmware version of
that machine.


See below

2. Then find out if the apache version on that
particular firmware really had a security issues
confirmed by the manufacturer and if there
were any patches provided to address such issues. For
this, I have to obtain the CHANGES logs, patches
documentations etc. But the problem is
this is not like an open source thing where you have
access to everything.


Even with open source, how many people actually LOOK at the code, much
less try to fix it.


This creates a problem. How do you go about it??
Should I just mention in the report that, "this
particular host contains several high risk
vulnerabilities and poses a significant risk. However,
if you have applied the patches or did a firmware
upgrade then you don't have to worry anymore."


Haha, if that were the case I would close-up shop and never work
again! Even with supported products, just "applying the patches ...
and don't have to worry anymore" is not a good strategy.


And one more thing, if their appliance is no longer
supported by the manufacturer, do you give a
replacement suggestion in your report?


Yes. Recommend a supported product


If all else fails, do you tell the customer that it is
safe to ignore those warnings and vulnerabilities
because you, on a hacker's perspective, was not able
to penetrate the network by making use of those
vulnerabilities found, that the hacker might have a
hard time as well and eventually opt for another
target?


Good lord, no. Remember that a PenTest does not prove the negative!
Just because YOU can't get in to their network does not mean that a
skilled hacker could not write a 0day to get through the firewall.

My suggestion: mention that you don't really have enough information
to make a good recommendation on the box, get access to it, evaluate
the configuration and get some hard info on the box itself, maybe even
who the manufacturer really is.

-Karl

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Pentesting Old unsupported Firewall Appliances, Tiago Batista
Next by Date:  Re: Pen Testing Tippingpoint, Joey Peloquin
Previous by Thread:  Re: Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances, Michael Painter
Next by Thread:  Re: Pentesting Old unsupported Firewall Appliances, vtlists
Indexes:  [Date] [Thread] [Top] [All Lists]