Access to a single internal host typically

Info icon This preview shows pages 7–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Access to a single internal host typically accelerates the process of penetrating the client’s internal network. Internal machines usually have trust relationships with other internal machines, default accounts are often not disabled, and many users choose easy-to-guess passwords. Worse yet, few networks have monitoring software installed. Again, we exercise great care to avoid modifying or crashing any host. Layer 3 activity should trigger alarms within the firewall and target hosts within the internal network; network administrators should notice the firewall testing activity shortly after it commences. Whether or not the testing activity is detected is, in fact, one of the most important findings that should be carefully documented in the report issued afterwards. We strongly encourage the client organization to explore methods of generating alarms when our attacks go unnoticed. Layer 4 - Compromise from Internal Sources The final step is to penetrate the firewall from an internal host within the client’s network. This part of the test simulates the scenario in which an external attacker exploits leakage in a network’s security perimeter to gain access to one or more internal hosts, then attacks the firewall from one or more of these hosts to modify the firewall, permitting free and easy external access to the network. Once again we emphasize that the penetration testing activity should not result in any changes to the client’s firewall, because changes are likely to be disruptive. The testing team should simply instead note how (if at all) the firewall can be compromised. Note that if the activity in Layer 3 is not successful, the client organization must grant the penetration testing team access to one or more internal hosts if Layer 4 activity is to proceed. Experience has taught us that if the firewall is not running some exposure-laden software in the first place, a sure way to gain root access on one or more hosts within the internal network is to install a network sniffer program 5 within the network segment on which the firewall is located and wait for an administrator to connect. We can in this manner usually sniff an administrator's login/password combination; obtaining this information in this manner makes gaining root access to the firewall easy. Trusted host access from a machine within the internal network is also often an effective attack method in Layer 4. Remote services offered by the firewall provide other promising avenues of attack. PART 2 - SYSTEM DESIGN REVIEW The next part of our methodology is to review the firewall design documents. The basic issue on which we focus is whether the firewall actually does what it is designed to do. Examining a network infrastructure diagram to ensure that the firewall, other network components such as authentication servers, and throwaway hosts are correctly placed within the network is a particularly important part of a system design review.
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern