Your SlideShare is downloading. ×
  • Like
Ohm.ppt
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply
Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
427
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Firewall Vulnerabilities Presented by Vincent J. Ohm
  • 2. Topics
    • Firewall design
      • (Stateful) Packet Filter, Application proxy, Personal Firewall
    • OSI Stack Layer
      • IP, TCP spoofing
    • Applications
      • sendmail
    • Firewall implementation
      • broad permissions, overflows, etc.
  • 3. Firewalls
    • Network gateway
      • handles incoming & outgoing traffic
    • Access manager
      • blocks/grants access to services, networks
  • 4. Firewall Design (The benefits)
    • Packet Filter
      • scans IP address, port number
      • block specific adresses, ports
      • Stateful: adds connection filtering
    • Application Proxy
      • scans packet payload
      • filter harmful data, program commands
    • Personal
      • combination of filter & proxy
  • 5. Firewall Design (The drawbacks)
    • Packet Filter
      • harmful data passes through
    • Application Proxy
      • unknown application vulnerabilities
  • 6. OSI Stack
    • Network – I.P.
      • no address authentication
      • address is spoofable
    • Transport – T.C.P.
      • sequence number enforces exclusivity
      • spoof I.P. address and guess seq. number...
      • T.C.P. spoofing
  • 7. Applications
    • Applications with vulnerabilities
      • sendmail ‘WIZ’  debugging command creates root shell access on remote server
    • Methods of exploitation
      • crafted data (overflows)
      • commands (sendmail)
    • Packet Filters can block some
    • Application Proxies can block more
  • 8. Firewall Implementation
    • Symantec Firewall/VPN Appliance
      • Password leak
    • Pyramid BenHur
      • Active FTP
    • Kerio Personal Firewall
      • Rules bypassable
    • Cisco PIX
      • SNMPv3, VPNC IPsec
    • Check Point Firewall-1 & DeleGate application proxy
      • overflows
  • 9. Symantec Firewall/VPN Appliance
    • Accessing firewall to change password from unsecured terminal using web browser
    • Firewall’s HTTP response, stored in browser cache
    • HTTP response contains the new password…
    • … in cleartext !
    • Symantec’s fix: strips password data
  • 10. Pyramid BenHur Firewall
    • Firewall access rules can be bypassed…
    • … by sending connect request with source port = 20  FTP data port
    • Can connect to any port
    • Workaround: block all outside access from port 20 OR apply patch
  • 11. Kerio Personal Firewall
    • Problem with default configuration
    • Firewall would allow any UDP packet through if source port = 53  DNS port
    • Intention: allow DNS responses
    • Fix: allow packet only if DNS request precedes the response
  • 12. Check Point Firewall-1
    • Invalid HTTP request
    • Generates error message using portion of input…
    • … included in format string used for call to sprintf()
    • Exploit for:
      • command execution on firewall
      • arbitrary code execution
  • 13. DeleGate Application Proxy
    • Uses fixed array size for username & password
    • Arrays used in calls to strcpy()
    • Input sufficiently long strings…
    • … buffer overflow!
  • 14. Conclusion
    • Firewalls are not invulnerable
    • Vulnerable by …
      • Design
      • Other O.S.I. Layers vulnerabilities
      • Implementation flawes
    flaws