Thursday, February 10, 2011
Why PT without FW/IPS Evasion is not reliable Part 1
Many attackers out there, Cyber armies, black hats, Investigators etc, who want data from your Network/Infrastructure will stop at nothing to try evade all Access Controls that cooperates have. Due to this, its the responsibility of security companies hired to demonstrate this vulnerability and try to recommend many ways of blocking the security flaws that can be used for FW/IPDS evasion.
On the picture shown is one example. Here, an attacker with a laptop sitting somewhere sends a Malware to a user inside the network. So all he will need to do is to wait for the user to open his document that was attached on mail, and he will run code on the victim and a tunneled control channel is applied via the Firewalls to his box. This is well achieved via ssl-tunneling.
I have taken sometime to test this attack on several banks in Kenya, and it was well achieved unlike try outs in Fast world countries, which needs more recon of IPDS sensors and Firewalls. I will be continuing this with Part two in the coming week.
For questions, check below.