secauditor speaks: hmmmm…Security - Imagine That

I am giving some big kudos to Stephen Moore, Shane Castle and Nathaniel Hall who helped me sort through some issues I was having regarding web servers pulling dynamic data off of SQL servers. I decided I wanted to base a little article around this. Let’s set the scenario an outside system hits the DMZ based web server which in turn pulls information from an internal SQL box.

My initial thought was how can I secure this better than a one to one ACL that is only allowed across an SQL port? My goal was to find an alternative solution that provided better granularity.

Read the rest of this entry »

In a recent release Google has release Google Apps Team Edition. As an administrator for your organization you need to get out and set this up so you have control over this function for your organization rather than Joe Blow user.

I decided I wanted to take a look at this to figure out how an organization can limit access or take control over this app for an organization. I have a feeling that many companies “would not” like to have their employees use this for collaboration. However any employee can go and register using company domain and get started.
Read the rest of this entry »

This week CoreLabs came out with notification of a vulnerability found with in VMWare’s software. This vulnerability allows an attacker to break out of the Guest Operating System. This vulnerability was found in VMware’s shared folders mechanism. It grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. The exploitation of this vulnerability allows attackers to break out of a Guest system to compromise the underlying Host system that controls it. To understand what is bad about this you have to see that the Guest system has been considered an isolated system.

Many security experts have utilized a virtual environment for testing malware, security exploits and vulnerabilities for years. I to am one of these. The one issue that I see that is creating a problem in these environments that has never really been an issue revolves around shared folders.

Read the rest of this entry »

When dealing with security I often think of Lao Tzu and the Tao Te Ching when he wrote, “The soft and the pliable will defeat the hard and strong.”

In an effort to provide a manageable form of Authentication in the DMZ for a Micro$oft centric organizations I was required to take a look at incorporating AD into a DMZ environment. A DMZ (DeMilitarized Zone) is a separate network that that is based off of an independent connection on your firewall. It isolates the internal network from the internet and controls what kind of traffic, if any, is allowed to pass on to the internal network.

By creating a DMZ, you limit the amount of damage an intruder can do to your network by containing it in the DMZ. Web servers and e-mail servers are typically the type that goes into the DMZ; a general rule is if a server needs to be exposed to the Internet it should be placed within the DMZ. With these servers being hosted on a separate network segment some form of authentication needs to be present. In Microsoft environments the choice is usually Active Directory.

So how do you take a more secure approach to this?

Read the rest of this entry »

As promised the second part in our series on utilizing Yersinia to exploit insecure network infrastructure designs. This blog focuses on VLAN hopping. First let me say that early on in my pilgrimage to security enlightenment and network utopia (not that I am there yet) I was guilty of the same pitfall that many organizations continue to believe. That belief being, that VLANs are a way to secure network segments. Unfortunately that is not the case. VLANs are purely a way to segment traffic. With strong access lists and port controls they will help to assist in increasing network security, but as a stand alone item they have nothing to do with security. Readers flame on.

With this in mind lets exam how to exploit the unsubstantiated belief that VLANs will secure independent network segments. To do this once again we will go to our wonderful friends in Spain, David and Alfredo and their great tool Yersinia.

Connect your system locally to the switched infrastructure that you would like to exploit. Fire up Yersinia in its graphical mode “yersinia –I” from your beast of a linux machine. Because as the boys in Spain say when asked about a Windows version. “ No, it does certainly not. Perhaps some nice fellow could port yersinia to Windows and make you happy.”

Read the rest of this entry »