Penetration Testing mailing list archives

Re: IPSO/Secure Platform audit

From: Olasupo Lawal <lawal () shaw ca>
Date: Thu, 18 Aug 2005 15:14:26 -0600

You can lock down all access to the Nokia Appliance to specific source IP addresses (https, SSH). Fpr SSH, you can 
actually specific which interfaces you want the Nokia applicnace to accept connections on. You can further restrict 
access using the Check Point Policy.

In addition to this lock down, you can then create a new administrator ID, removing all other administrator accounts.. 
That way, any adminbistrators who are unable to log on will get a hold of you to find out what may be happening. Any 
other person who has no busienss logging into teh Nokia appliance, and who have no business case for continued access 
wil simply let go!

Hope this helps!

Ola

----- Original Message -----
From: Dan Rogers <pentestguy () gmail com>
Date: Thursday, August 18, 2005 6:00 am
Subject: IPSO/Secure Platform audit

Hi list,

I'm currently reviewing a Check point/Nokia box and a Secure Platform
manager. The settings in Voyager are all good, and likewise the Web
GUI of the SPLAT manager is fine, they're both patched and the policy
is also clean - but I want to ensure the o/s themselves are ok. I've
checked that there aren't any users there shouldn't be in /etc/passwd,
checked there aren't any unknown processes (at least any visible
ones), any unusual open ports or any strange scripts scheduled to run
in crontab. The firewall logs themselves aren't showing anything
unusual.

I am concerned that a previous administrator may have left himself
access by the back-door somehow - but am not in a position to rebuild
them to be sure. What else would you lot check for?

Ta

Dan

-------------------------------------------------------------------
-----------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That 
You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and 
provencountermeasures. Defend your WLAN against man-in-the-Middle 
attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------
------------



------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Current thread:

IPSO/Secure Platform audit Dan Rogers (Aug 18)
- Re: IPSO/Secure Platform audit Volker Tanger (Aug 18)
- <Possible follow-ups>
- Re: IPSO/Secure Platform audit Olasupo Lawal (Aug 18)
  - RE: IPSO/Secure Platform audit Erin Carroll (Aug 19)
- RE: IPSO/Secure Platform audit Matthew MacAulay (Aug 19)