Penetration Testing mailing list archives
RE: IPSO/Secure Platform audit
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Fri, 19 Aug 2005 09:29:03 -0700
The firewall ruleset analysis should be easy to do in ruling out holes in your existing rules. However, another thing to consider is an System Integrity Verification (SIV) tool like fcheck or similar This is assuming the Nokia is running SunOS and not the appliance version which an SIV wouldn't apply. SIV's check, and track moving forward, the MD5 hashes of whatever you want to monitor (usually rootkit targets like modified ls, ps, top, etc). Any modifications to those binaries will be flagged or blocked depending on the tool you use. -Erin Carroll
-----Original Message----- From: Olasupo Lawal [mailto:lawal () shaw ca] Sent: Thursday, August 18, 2005 2:14 PM To: Dan Rogers Cc: pen-test () securityfocus com Subject: Re: IPSO/Secure Platform audit You can lock down all access to the Nokia Appliance to specific source IP addresses (https, SSH). Fpr SSH, you can actually specific which interfaces you want the Nokia applicnace to accept connections on. You can further restrict access using the Check Point Policy. In addition to this lock down, you can then create a new administrator ID, removing all other administrator accounts.. That way, any adminbistrators who are unable to log on will get a hold of you to find out what may be happening. Any other person who has no busienss logging into teh Nokia appliance, and who have no business case for continued access wil simply let go! Hope this helps! Ola ----- Original Message ----- From: Dan Rogers <pentestguy () gmail com> Date: Thursday, August 18, 2005 6:00 am Subject: IPSO/Secure Platform auditHi list, I'm currently reviewing a Check point/Nokia box and aSecure Platformmanager. The settings in Voyager are all good, and likewise the Web GUI of the SPLAT manager is fine, they're both patched andthe policyis also clean - but I want to ensure the o/s themselves areok. I'vechecked that there aren't any users there shouldn't be in/etc/passwd,checked there aren't any unknown processes (at least any visible ones), any unusual open ports or any strange scriptsscheduled to runin crontab. The firewall logs themselves aren't showing anything unusual. I am concerned that a previous administrator may have left himself access by the back-door somehow - but am not in a positionto rebuildthem to be sure. What else would you lot check for? Ta Dan ------------------------------------------------------------------- ----------- FREE WHITE PAPER - Wireless LAN Security: What Hackers KnowThat YouDon't Learn the hacker's secrets that compromise wireless LANs.Secure yourWLAN by understanding these threats, available hacking tools and provencountermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogueaccess points,identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ------------------------------------------------------------------- -------------------------------------------------------------------------- ---------------- FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------- ----------------- -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.13/78 - Release Date: 8/19/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.13/78 - Release Date: 8/19/2005 ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- IPSO/Secure Platform audit Dan Rogers (Aug 18)
- Re: IPSO/Secure Platform audit Volker Tanger (Aug 18)
- <Possible follow-ups>
- Re: IPSO/Secure Platform audit Olasupo Lawal (Aug 18)
- RE: IPSO/Secure Platform audit Erin Carroll (Aug 19)
- RE: IPSO/Secure Platform audit Matthew MacAulay (Aug 19)