security

Sometimes, firewalls (and packet filtering ACLs on switches and routers) are configured so that they accept traffic with certain source ports. In the old days of CheckPoint firewall, for example, the default configuration was to accept all traffic where the source port was 53 (udp and tcp).

We can use this kind of flaw to tunnel through the firewall.

I've configured a CheckPoint firewall to mimic this behaviour. I created a new TCP service called sourceport53. The destination ports are 1-65535 and the source port is configured as 53:

Corporate ID badges: everyone has them these days. Most organisations with more than a few tens of people have listened to their security and HR consultants. They've spent money on ID badges. This is great news, of course. However, they're not very much use if people don't check them. I mean really check them, not just a cursory glance. This article explains some of the issues that I've seen as a consultant and gives some ideas to improve the situation in your business.

There are many applications that link to FaceBook. Some of the apps that I make regular use of are included in this list: FourSquare, Twitter, Klout, various games and toys, etc. But I've always had the choice whether to link them to FaceBook. I've chosen to do this in some cases, and not in others. All good, it's my choice. But apparently, Spotify now requires you to link to a FaceBook account or your can't use their services. That's right, no FaceBook, no Spotify. Hmm.

I've just had cause to perform a security audit on a pfSense firewall. It would have been easiest if they had been able to give me read only access to the Web based interface and let me poke about there. But this was not possible operationally, so I had to make do with a copy of the /conf/config.xml file. I wrote a (very) simple parser that made it a little easier to read. You can take this output and manipulate it easily using standard Unix tools such as grep, awk et al.

People seem to be getting the idea about FaceBook security. (Oh, wait, no they don't, but anyway...) Here is a really simple thing that you can do to improve the privacy of your FaceBook time (er stalking?). This article will show you how (about one minute of your time!)

This is a brief article that will show you how to add a user from the Windows command line. This is quite useful if you have managed to obtain a shell using Metasploit, but need to progress onwards.

Imagine that you've managed to connect to a Windows 2003 server via the command line, but that it isn't running Remote Desktop. Sounds a little odd I know, but as a dedicated user of Metasploit this will happen to you, believe me. It took some time to work out how to enable the Remote Desktop functionality from the command line. No amount of Googling seemed to provide a solution, so I've got one for you here.

I recently took my Tiger Check Team Member exam. I'll write about that in another posting sometime in the near future. I needed to remind myself about the salient points of the Computer Misuse and Data Protection Acts before I went into the exam. So I made two colourful one page sheets. These can be printed and stuck on your fridge so that you see them every morning and do some revision while you grab milk for your cereal. Or whatever.

As CheckPoint are pulling support for NGX R65, we're doing a load of upgrades from R65 to at least R70. Usually, I'm going beyond this to R71 or R75 depending on how the customer feels about it. This article describes the usual process that I go through.

At the moment, CheckPoint are busily withdrawing support for R65. This means we're doing a load of upgrade work from R65 to later versions such as R71 and R75. Quite often, the best way forward would be to perform a clean installation of the SecurePlatform (SPLAT) operating system. However, it's typical that there will be a bunch of configuration that you'd want to take with you. One of the most important of these configuration items are the routes. This article describes how to export the routes and reimport them safely onto a newly installed SPLAT box.