2 Firewall Piercing (Inside-Out Attacks) Disclaimer We hereby disclaim all responsibility for the following hacks. If it backfires on you in any way whatsoever, that s the breaks. Not our fault. If you don t understand the risks inherent in doing this, don t do it. If you use the hacks and it allow vicious vandals to break into your company s computers and costs you your job and your company millions of dollars. Don t come crying to us.
3 Firewall Piercing (Inside-Out Attacks) Moral A firewall cannot protect a network against its own internal users, and should not even try to.
4 Firewall Piercing (Inside-Out Attacks) Inside-Out attacks try to initiate network connections from the trusted (corporate) to the un-trusted (Internet) network. Synonym Inside-Out Network subversion Inside-Out Attack Covert Channel Attack
5 Firewall Piercing (Inside-Out Attacks) A Covert Channel is a communication channel that allows a process to transfer information in a manner that violates the system s security policy; without alerting any firewalls and IDS s on the network. The technique derives its stealthy nature by virtue of the fact that it sends traffic through ports that most firewalls will permit through.
8 Firewall Piercing (Inside-Out Attacks) Ethernet Bridging over TCP/UDP (Advance and Bloody) Layer 3 data (eg. IP, IPX, AppleTalk) can be encapsulated, encrypted and tunneled through Layer 4 protocol (TCP/UDP) Can run arbitrary any kind of TCP/IP applications behind a restrictive firewall Original IP address could be changed making it more stealthy Open VPN; Implementation:
9 Example of Covert Channel Attacks Netcat very good for building reverse tunnel (i.e. Information flow through the other ways)
10 Example of Covert Channel Attacks DNS Tunnel domain name lookup is allowed by any internal client
11 Example of Covert Channel Attacks SSH Tunnel (Simple) TCP/IP Gender Changer Requires SSH port allowed by firewall
12 Example of Covert Channel Attacks SSH Tunnel (Advanced) TCP/IP Gender Changer SSH over SSL Connect HTTPS Proxy Connect-Method Requires HTTPS allowed for any destinations Comment content-filter does not help (SSL)
13 Example of Covert Channel Attacks HTTP/S Tunnel Using POST requests Implementing own service POST requests POST data are in binary form Implementations
14 Example of Covert Channel Attacks ICMP Tunnel Reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets. Implementations
15 Example of Covert Channel Attacks Ethernet Bridging over TCP/UDP Reliably tunnel any network protocol (e.g. IP, IPX, AppleTalk) connections to a remote gateway using any TCP/UDP packets. This demonstration concentrates on IP only. A new identity (IP address) will be assigned. A new default gateway, DNS entry will be acquired. Your corporate LANs and the remote LANs are now unify.
16 Example of Covert Channel Attacks Ethernet Bridging over TCP/UDP (con t) Implications More stealthy Hard to trace Location-tracking Hide BT Traffic (seed) Privacy and freedom online Anonymous Surfing Identity Protection
17 Firewall Piercing (Inside-Out Attacks) Mitigation Un-plug your network cables Firewall: deny any to any rules Content-Filter http traffic: deny unwanted content-type Firewall: restrict http/s locations Firewall: restrict ipsec locations Content-filter: deny anonymizer websites
18 Firewall Piercing (Inside-Out Attacks) White-listing vs. Black-listing Listing of the allowed resources = white-listing Listing of the denied resources = black-listing White-listing is more secure Black-listing is easier to handle (convenience)
Inside-Out Attacks firstname.lastname@example.org Covert Channel Attacks Inside-out Attacks Seite 1 Goals of this presentation! Responses to the following questions! What are inside-out attacks! Who will use this
ii Copyright 2006 Comcast Communications, Inc. All Rights Reserved. Comcast is a registered trademark of Comcast Corporation. Comcast Business IP Gateway is a trademark of Comcast Corporation. The Comcast
CHAPTER 9 Firewalls and Virtual Private Networks Introduction In Chapter 8, we discussed the issue of security in remote access networks. In this chapter we will consider how security is applied in remote
The SpeedTouch and Firewalling Peter Huyge Date: April 2002 Edition: 01 Abstract: This application note provides technical Firewall information and how this relates to the DSL SpeedTouch 610Series product.
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
Cisco Secure PIX Firewall with Two Routers Configuration Example Document ID: 15244 Interactive: This document offers customized analysis of your Cisco device. Contents Introduction Prerequisites Requirements
McAfee NGFW Reference Guide for Firewall/VPN Role 5.7 NGFW Engine in the Firewall/VPN Role Legal Information The use of the products described in these materials is subject to the then current end-user
Small Business Server Part 2 Presented by : Robert Crane BE MBA MCP email@example.com Computer Information Agency http://www.ciaops.com Agenda Week 1 What is SBS / Setup Week 2 Using & configuring SBS
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
Report Number: I332-016R-2005 Security Guidance for Deploying IP Telephony Systems Systems and Network Attack Center (SNAC) Released: 14 February 2006 Version 1.01 SNAC.Guides@nsa.gov ii This Page Intentionally
How can I protect a system from cyber attacks? System Technical Note Cyber security recommendations Design your architecture 2 Disclaimer This document is not comprehensive for any systems using the given
Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE FORTINET Controlling Web 2.0 Applications in the Enterprise PAGE 2 Summary New technologies used in Web 2.0 applications have increased
2010 White Paper Series Top Ten Security Issues Voice over IP (VoIP) Top Ten Security Issues with Voice over IP (VoIP) Voice over IP (VoIP), the use of the packet switched internet for telephony, has grown
ZyWALL 5 Internet Security Appliance Support Notes Version 4.02 Dec. 2006 INDEX Application Notes...12 Seamless Incorporation into your network...12 Using Transparent (Bridge Mode) Firewall...12 Internet
Special Publication 800-41 Guidelines on Firewalls and Firewall Policy Recommendations of the National Institute of Standards and Technology John Wack, Ken Cutler, Jamie Pole NIST Special Publication 800-41
I nt er netload Bal anc i nggui de Peplink Balance Internet Load Balancing Solution Guide http://www.peplink.com Copyright 2010 Peplink Internet Load Balancing Instant Improvement to Your Network Introduction
9854_C034.qxd 7/1/2004 6:05 PM Page 1 34 Network Security and Secure Applications Christopher Kruegel University of California 34.1 Introduction...34-1 34.2 Security Attacks and Security Properties...34-2
CHARTER BUSINESS INTERNET PLUS Interactive welcome kit 800.314.7195 Charter-Business.com CB.016.intCD.0210 CHARTER BUSINESS INTERNET PLUS 2 ADDITIONAL INFO Thank you for choosing Charter Business INTERNET
A Tutorial on Network Security: Attacks and Controls Natarajan Meghanathan Associate Professor of Computer Science Jackson State University Jackson, MS 39217, USA Phone: 1-601-979-3661; Fax: 1-601-979-2478
Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...