Security Basics mailing list archives

Firewall question - how easy is it to get thru - Proof

From: "Rivest, Philippe" <PRivest () transforcecompany com>
Date: Mon, 14 Feb 2011 14:53:47 +0000

Quick question.

When I do an audit and when I find a major flaw or deficiency, IT always tells me "its because your in the internal
LAN, we have a firewall protecting us". I know you have all heard that. So I try to explain that you could attack thru
physical security, social engineering, virus and a lot of other ways and in the end I always add "Someone more "expert"
in Firewall could bypass it".

I don't really need a "how-to" but I'm looking for proof and a time frame on how long it normally takes for a real
hacker/cracker to attack and bypass (where possible) a Firewall control (IPS/IDS also!).

I know this is not a click-click your done type of job, but I know its possible.

Thanks for any links or advice!

Important:
Please note that my new email address is privest () transforcecompany com
Please note that my new website address is http://www.transforcecompany.com

SVP Veuillez noter que ma nouvelle adresse courriel est privest () transforcecompany com
SVP Veuillez noter que ma nouvelle adresse web est http://www.transforcecompany.com

Philippe Rivest - CISA, CISSP, CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Vérificateur interne - Sécurité de l'information
Linkedin: http://ca.linkedin.com/pub/philippe-rivest/20/19a/232

6600 Saint-François
Saint-Laurent (Quebec) H4S 1B7
Tel.: 514-331-4417

Fax: 514-856-7541
www.transforcecompany.com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Vulnerability Data Maverick (Feb 11)
- Re: Vulnerability Data Richard Thomas (Feb 11)
- Re: Vulnerability Data Brad Bemis (Feb 15)
- Re: Vulnerability Data Saif El Sherei (Feb 15)
- Re: Vulnerability Data Jeffrey Walton (Feb 15)
- Re: Vulnerability Data Jeffrey Walton (Feb 15)
- <Possible follow-ups>
- Re: Vulnerability Data lonervamp (Feb 11)
  - RE: Vulnerability Data Mikhail A. Utin (Feb 15)
  - Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Francois Yang (Feb 15)
    - RE: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)
    - RE: Firewall question - how easy is it to get thru - Proof Mark Brunner (Feb 18)
    - Re: Firewall question - how easy is it to get thru - Proof Todd Haverkos (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Jan Muenther (Feb 15)
    - Re: Firewall question - how easy is it to get thru - Proof Max Chow (Feb 17)
    - Re: Firewall question - how easy is it to get thru - Proof Gichuki John Chuksjonia (Feb 18)
    - Re: Firewall question - how easy is it to get thru - Proof Robson de Oliveira Albuquerque (Feb 17)
    - Re: Firewall question - how easy is it to get thru - Proof Ansgar Wiechers (Feb 17)