Known methods of defeating the firewall?
I would actually try the following. 1) Apply the firewall and its rule-set in a test lab 2) Get permission to load up Metasploit, Canvas, or other pen-testing tools 3) Try to exploit the system with known attacks and see if successful. Now think: A simple social engineering attack to gain a password of a user or other information to gain local administrator rights, exact those cached passwords from last logged on folks, and then use that username/password combination to elevate privilege throughout your entire domain structure isn't that hard to do, and firewalls aren't going to prevent that type of attack which is probably easier for a pen-tester to do than try and slam through a firewall. Path of least resistance is what I would be looking for in a pen-test scenario, which means doing recon first and ascertaining where the controls are the weakest. People are always the weakest link. There is no technical controls to stop stupidity. Possible a HIDS might be a better avenue of approach, have you looked into the Cisco Security Agent, or BIT-9 Parity product? What controls do you have on the workstations now? Vulnerability tests, Patch management, Security Template lockdowns, ACL scripts for services, TCP wrappers etc etc. Also, how much administrative time and overhead is it going to take to implement and maintain and centrally manage said firewalls and how does this affect regular business communications? Does the cost of the control ( firewall) outweight the value of the assets its protecting (computers, Users, Productivity?) (Doubt it in this scenario, but you never apply a control to an asset that doesn't have a positive ROI and reduce risk, without increasing administrative burden, ( Time of the administrators, users frustration, helpdesk calls need to be factored into the cost of the control when ascertaining whether to deploy it from a financial prespective) HTH Z ________________________________ From: René de Haas [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 16, 2008 8:00 AM To: NT System Admin Issues Subject: Security: Firewall on desktops that don't leave the company? Hi All, Asking for opinions. Was informed that we are going to put firewalls on desktop pc's as well, though there is a firewall at the perimeter of the network. One motivation was that with a pentest from the inside we would be more secure. Are you doing this as well? Arguments for/against. Thanks René ________________________________ *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information. *** ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
