[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4418611D.70301@snosoft.com>
Date: Wed Mar 15 18:47:03 2006
From: simon at snosoft.com (Simon Smith)
Subject: HTTP AUTH BASIC monowall.
At last!
Someone that understands! I realize that the network would be pretty
much in a hole at this stage of the game, no contest there. I'm just
thinking about how to better protect critical devices from this type of
internal attack (assuming the admin doesn't notice the cert changes and
all that good stuff.). So far, I've received a lot of flack for asking
this question but nothing useful (short of what you just wrote). I
understand the benefits of SSL, but I also understand (as most people
here don't seem to) that wrapping something insecure in something secure
doesn't make it secure, it just makes it more difficult to get at.
I want to protect the authentication information better than it is
currently being protected.
I like the idea of encrypting the authentication traffic within the SSL
session...
bkfsec wrote:
> Simon Smith wrote:
>
>> Ok,
>> As suspected... so I am correct; and it is a security threat. I can
>> compromise a network, arp poison it, MiTM, access the firewall,
>> distributed metastasis, presto... owned...
>>
>>
>>
>>
> Yes and no... as others have pointed out, you already have much larger
> problems at that point, such as the fact that your network has been
> totally and completely compromised from the inside in order to do the
> MitM in the first place... I can see some reasons why one would want
> to do that, but really, if you can execute a good MitM attack, there
> really isn't anything you can't do... once you've broken the
> encryption you can intercept all kinds of auth traffic and replay it.
> OK - at that point, maybe you can tunnel under the SSL using another
> form of encryption as a wrapper for the authentication
> infrastructure... aside from that, there really isn't much to do...
> certs, shared keys, etc... these can all be grabbed from the air if
> the SSL traffic is MitM'ed.
> Essentially, we're talking very significant owning of a network in
> order to simply get the firewall password. At that point, I'd think
> there'd be even worse things that can be done.
>
> -bkfsec
>
>
>
--
Regards,
Adriel T. Desautels
Harvard Security Group
http://www.harvardsecuritygroup.com
Powered by blists - more mailing lists