Ohm.ppt
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Ohm.ppt

on

  • 746 views

 

Statistics

Views

Total Views
746
Views on SlideShare
745
Embed Views
1

Actions

Likes
0
Downloads
3
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Ohm.ppt Presentation Transcript

  • 1. Firewall Vulnerabilities Presented by Vincent J. Ohm
  • 2. Topics
    • Firewall design
      • (Stateful) Packet Filter, Application proxy, Personal Firewall
    • OSI Stack Layer
      • IP, TCP spoofing
    • Applications
      • sendmail
    • Firewall implementation
      • broad permissions, overflows, etc.
  • 3. Firewalls
    • Network gateway
      • handles incoming & outgoing traffic
    • Access manager
      • blocks/grants access to services, networks
  • 4. Firewall Design (The benefits)
    • Packet Filter
      • scans IP address, port number
      • block specific adresses, ports
      • Stateful: adds connection filtering
    • Application Proxy
      • scans packet payload
      • filter harmful data, program commands
    • Personal
      • combination of filter & proxy
  • 5. Firewall Design (The drawbacks)
    • Packet Filter
      • harmful data passes through
    • Application Proxy
      • unknown application vulnerabilities
  • 6. OSI Stack
    • Network – I.P.
      • no address authentication
      • address is spoofable
    • Transport – T.C.P.
      • sequence number enforces exclusivity
      • spoof I.P. address and guess seq. number...
      • T.C.P. spoofing
  • 7. Applications
    • Applications with vulnerabilities
      • sendmail ‘WIZ’  debugging command creates root shell access on remote server
    • Methods of exploitation
      • crafted data (overflows)
      • commands (sendmail)
    • Packet Filters can block some
    • Application Proxies can block more
  • 8. Firewall Implementation
    • Symantec Firewall/VPN Appliance
      • Password leak
    • Pyramid BenHur
      • Active FTP
    • Kerio Personal Firewall
      • Rules bypassable
    • Cisco PIX
      • SNMPv3, VPNC IPsec
    • Check Point Firewall-1 & DeleGate application proxy
      • overflows
  • 9. Symantec Firewall/VPN Appliance
    • Accessing firewall to change password from unsecured terminal using web browser
    • Firewall’s HTTP response, stored in browser cache
    • HTTP response contains the new password…
    • … in cleartext !
    • Symantec’s fix: strips password data
  • 10. Pyramid BenHur Firewall
    • Firewall access rules can be bypassed…
    • … by sending connect request with source port = 20  FTP data port
    • Can connect to any port
    • Workaround: block all outside access from port 20 OR apply patch
  • 11. Kerio Personal Firewall
    • Problem with default configuration
    • Firewall would allow any UDP packet through if source port = 53  DNS port
    • Intention: allow DNS responses
    • Fix: allow packet only if DNS request precedes the response
  • 12. Check Point Firewall-1
    • Invalid HTTP request
    • Generates error message using portion of input…
    • … included in format string used for call to sprintf()
    • Exploit for:
      • command execution on firewall
      • arbitrary code execution
  • 13. DeleGate Application Proxy
    • Uses fixed array size for username & password
    • Arrays used in calls to strcpy()
    • Input sufficiently long strings…
    • … buffer overflow!
  • 14. Conclusion
    • Firewalls are not invulnerable
    • Vulnerable by …
      • Design
      • Other O.S.I. Layers vulnerabilities
      • Implementation flawes
    flaws