SlideShare a Scribd company logo

A firewall is an important and necessary part of that security, but cannot be expected to perform all the required security functions.

P
psenthilkumarshadan

The presentation provides an overview of firewalls, their functions, and limitations, emphasizing that firewalls cannot perform all security tasks and can be bypassed by skilled attackers. It discusses common vulnerabilities and attack methodologies including passive and active evasion techniques. Notably, it highlights the necessity for a comprehensive security program beyond reliance on firewalls alone.

Education
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Firewall Presentation Senthil Kumar P
This presentation: • does not contain NRC official positions • is not guidance on how to configure firewalls • is an overview of firewalls and their limitations • is a demonstration of how attackers can bypass firewalls
What is a Firewall? Q: What is a firewall? A: A firewall is a computer. • A firewall has the following: - Two or more network cards - Processor, RAM, hard drive - Operating System Q: What makes a firewall different from other computers? A: Very little. • Designed to analyze and filter data flows at its most basic level • May include additional logic to perform real-time contextual analysis of data flows • May include specialized networking hardware to aid in this task 3
What is a Firewall? Q: What is the purpose of a firewall? A: To control the flow of data between networks according to pre- defined rules • Packet Filtering (by port, by protocol, by source address, by destination address) • Stateful Inspection (can determine if a packet is part of an existing data flow) • Other features include the following: -“Application Aware:” contains logic specific to common application (web, FTP, Secure Shell, etc.) - Quality of Service: Traffic prioritization and scheduling - Session Inspection: Can search a data flow for certain types of content 4
Firewall Limitations •A firewall cannot perform all security tasks – Hardware limitations – Memory and overhead limitations – Time limitations – Logic limitations – Encrypted traffic payloads are not visible – Firewalls do not typically do traffic normalization • As a computer, a firewall can have vulnerabilities – CVE-2012-4661: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module – CVE-2012-5316: Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 – ICSA-12-102-05: Siemens Scalance S Multiple Security Vulnerabilities 5
Firewall Limitations A firewall is only as good as its ruleset. Source: Wool, Avishai. (2009). Firewall configuration errors revisited. Tel Aviv University School of Engineering. Retrieved from: 6 http://arxiv.org/pdf/0911.1240v1.pdf
Typical Network Architecture • Business network acts as backbone • Firewall between business network (BN) and plant control network (PCN) • Firewall between PCN and plant network (PN) may or 7
Typical Network Architecture Problems: • BN/PCN Firewall is configured to partially or completely trust BN • PCN/PN Firewall is configured to partially or completely trust PCN 8
Common Weaknesses to Model •Poorly configured firewalls (historical, political, or legacy technical reasons) - Passing Microsoft Windows networking packets - Passing remote services (rsh, rlogin) - PCN/PN having trusted hosts on the business LAN - Not providing outbound data rules • Peer links that bypass or route through external firewall direct to PCN or PN 9
Common Weaknesses to Model • IT controlled assets in the PCN or PN (communications links, replicated services) • Vendor links for remote maintenance/monitoring • Out-of-band communications channels (backup links to RTUs) 10
Getting Inside the Trusted Network • Passive Evasion - The victim “phones home” to the attacker 1. Phishing/spearphishing 2. Malicious website/drive-by infection 3. “Sneakernet” infection 4. Social Engineering • Indirect Evasion – Traffic appears to be authentic 1. Stolen remote access credentials 2. VPN piggyback 3. Session hijacking 4. Address spoofing (for internal zones) 11
Getting Inside the Trusted Network • Active Evasion 1. Attack exposed services (Web, E-mail) 2. Attack firewall vulnerabilites 3. Exploit weak ruleset/poor configuration 4. “Trick” or subvert the firewall logic with protocol manipulation (AET) 5. Find out-of-band channels (wireless, modems, satellite links) 6. Get physical access to firewall or other infrastructure 12
Case Study – Palo Alto Networks • Founded in 2005 by Checkpoint veteran • First firewall product developed in 2007 • First of the “Next Generation” firewalls1 • Named leader in the 2011 Gartner “Magic Quadrant” report2 • At Defcon 19 (Dec 2011), Palo Alto firewall demonstrated to have fatal design flaw 1. Pescatore, J. & Young, G. (2009, October 19). Defining the Next-Generation Firewall. Gartner RAS Core Research Group. Retrieved from: http://img1.custompublish.com/getfile.php/1434855.1861.sqqycbrdwq/Defining+the+Next-Generation+Firewall.pdf, retrieved 2012-12-02 2. Denne, S. (2011, December 16). Palo Alto Networks hits the Magic Quadrant for firewalls. The Wall Street Journal. Retrieved from: http://blogs.wsj.com/venturecapital/2011/12/16/palo-alto-networks-hits-the-magic-quadrant-for-firewalls/ 3. Woodberg, B. (2011). Palo Alto Networks Security Bypass. Defcon 19. Retrieved from: http://www.youtube.com/watch?v=AuaCrRlIgnQ 13
Case Study – Palo Alto Networks Cache poisoning attack: • HTTP port open, SIP port blocked • Attacker generates large number of HTTP sessions • Memory cache fills, traffic no longer inspected • HTTP session re-established as SIP, bypassing filter 14
Demonstration Attack Stage 1 – Desktop attack Attack Stage 2 – Impersonation Attack Attack Stage 3 – Session Hijack 15
Attack Stage 1– Desktop Attack Scenario 1: • Attacker crafts email message to employee - Looks very believable, may come from spoofed address of trusted source • Email contains link to compromised website Scenario 2: • Employee goes to trusted website, which has link to infected website, employees computer is infected without knowledge (watering hole attack) 16
Attack Stage 1– Desktop Attack Both Scenarios: • Zero-day exploits in desktop software (e.g. browsers, operating system, browser plugin) • Anti-virus/anti-malware measures will not detect if no signature available • IDS/IPS will not detect if no signature available or if connection is encrypted • Payload deploys rootkit or Remote Access Toolkit (RAT) • Payload initiates outbound connection over SSL/TLS or other encrypted protocol to bypass IDS/IPS/firewall inspection measures • Attacker now has full control over employee’s system and can attack local servers 17
Attack Stage 2 – Impersonation Attack Scenario: • No connections are allowed thru firewall from PCN to BN • Firewall is configured as “one way” • Server A, behind the firewall, sends a requests for data to Server B • Server B cannot talk to Server A 18
TCP “Handshake” A B Listening Store data Wait Connected Once established, all TCP connections are bi- directional. Attacks can flow back to clients!
Attack Stage 2 Buffer Overflow • A buffer overflow occurs when attacker sends data that cannot be adequately handled by the victim program -Unexpected value -Value out-of-bounds -Memory violation • Attack packet contains executable instructions to request victim open a shell prompt • The original session has not terminated 20
Attack Stage 3 – Session Hijack Scenario: • Victim is logged into CDA/CS, through the firewall • Telnet connection is allowed from Victim to ICS • No other hosts are allowed to connect thru firewall to ICS • Telnet Connection is authenticated 21
Blind TCP Session Hijacking • Victim, target trusted authenticated connection - Packets will have predictable sequence numbers • Attacker impersonates victim to target - Opens connection to target to get initial seq number - Fills victim’s receive queue - Sends packets to target that resemble victim’s transmission - Attacker cannot receive, but may execute commands on target 22 Target Attacker Victim
Attack Stage 3 – Session Hijack • Attacker listens to unencrypted session • Attacker uses probes to determine sequence numbers • Attacker sends spoofed identity packets to ICS while performing Denial of Service on Victim • Attacker sends shutdown command to ICS 23
How Easy are These Attacks? • Numerous RAT/trojan toolkits available on underground market – Push-button ease of use – Exploits as a Service (EaaS) becoming viable business model1,2 • Buffer overflow attack methodologies have been well- known and well-documented for many years – “Smashing the Stack for Fun and Profit” by AlephOne, Phrack magazine,1996 • Session hijacking is one of the oldest attack methods on the Internet – Kevin Mitnick “man-in-the-middle” attack, 1994 1. Grier, Ballard, Caballero, et. al. (2012). Manufacturing Compromise: The Emergence of Exploit-as-a-Service. 19th ACM Conference on Computer and Communications Security. Retrieved from http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf 2. Asprey, D. (2011). New type of cloud emerges: Exploits as a Service (EaaS). TrendMicro Security. Retrieved from http://cloud.trendmicro.com/new-type-of-cloud-emerges-exploits-as-a-service-eaas/ 24
How Easy are These Attacks? •Free, easily available hacking tools and toolkits can perform some or all firewall bypass attack types: -Metaploit Framework -Cain and Abel -Firesheep -LOIC -Evader -Backtrack Live CD -Nmap -Ettercap 25
Firewall Limitations •Firewall technology is not one way (non-deterministic, not application-fluent) •Firewalls can be bypassed in many ways •Firewalls have their own vulnerabilities •Effective Security Programs must do the following: -Prevent -Detect -Delay -Deny -Deter -Respond -Recover • Firewalls cannot do all of these things alone 26

More Related Content

PDF
We live in the earh seventy or eight years
AyalewWakeyo1
 
PDF
shivam sahu (firewall).pdfb jndvhjfvhjjf
sahushivam4928
 
PDF
ML13198A410.pdf
KalsoomTahir2
 
PDF
ML13198A410.pdf
ParvezAhmed59842
 
PDF
ML13198A410.pdf
ParasPatel967737
 
PPT
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
gocokir267
 
PPT
Network Security fundamentals
Tariq kanher
 
PPT
Network Security Firewalls (description).ppt
sadiaafrin562177
 
We live in the earh seventy or eight years
AyalewWakeyo1
 
shivam sahu (firewall).pdfb jndvhjfvhjjf
sahushivam4928
 
ML13198A410.pdf
KalsoomTahir2
 
ML13198A410.pdf
ParvezAhmed59842
 
ML13198A410.pdf
ParasPatel967737
 
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
gocokir267
 
Network Security fundamentals
Tariq kanher
 
Network Security Firewalls (description).ppt
sadiaafrin562177
 

Similar to A firewall is an important and necessary part of that security, but cannot be expected to perform all the required security functions. (20)

PPTX
Firewall and its purpose
Rohit Phulsunge
 
PPT
Network Security
DURYODHAN MAHAPATRA
 
PDF
BAIT1103 Chapter 8
limsh
 
PDF
[9] Firewall.pdf
lamtran367679
 
PPTX
Firewalls
vaishnavi
 
PPTX
Network security - Defense in Depth
Dilum Bandara
 
PPT
Firewall
lmbriscoe
 
PPT
Network Security
Mohammed Adam
 
PPT
Firewalls (1056778990099000000000000).ppt
TamilArasan564275
 
PPTX
Firewalls-Intro
Aparna Bulusu
 
PPT
Network Security
VIKAS SINGH BHADOURIA
 
PPTX
FIREWALLS BY SAIKIRAN PANJALA
Saikiran Panjala
 
PPT
Tech 101: Understanding Firewalls
Likan Patra
 
PPSX
Network security
syed mehdi raza
 
PPTX
Firewall presentation
yogendrasinghchahar
 
PPTX
Firewall ppt.pptx
BhushanLokhande12
 
PPTX
Cyber Security - Firewall and Packet Filters
Radhika Talaviya
 
PPTX
Network defenses
Prachi Gulihar
 
PPTX
Firewalls
Shashwat Shriparv
 
PDF
Network Security_Dr Shivashankar_Module 5.pdf
Dr. Shivashankar
 
Firewall and its purpose
Rohit Phulsunge
 
Network Security
DURYODHAN MAHAPATRA
 
BAIT1103 Chapter 8
limsh
 
[9] Firewall.pdf
lamtran367679
 
Firewalls
vaishnavi
 
Network security - Defense in Depth
Dilum Bandara
 
Firewall
lmbriscoe
 
Network Security
Mohammed Adam
 
Firewalls (1056778990099000000000000).ppt
TamilArasan564275
 
Firewalls-Intro
Aparna Bulusu
 
Network Security
VIKAS SINGH BHADOURIA
 
FIREWALLS BY SAIKIRAN PANJALA
Saikiran Panjala
 
Tech 101: Understanding Firewalls
Likan Patra
 
Network security
syed mehdi raza
 
Firewall presentation
yogendrasinghchahar
 
Firewall ppt.pptx
BhushanLokhande12
 
Cyber Security - Firewall and Packet Filters
Radhika Talaviya
 
Network defenses
Prachi Gulihar
 
Firewalls
Shashwat Shriparv
 
Network Security_Dr Shivashankar_Module 5.pdf
Dr. Shivashankar
 
Ad

Recently uploaded (20)

PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
master seminar digital applications in india
ananyaray35
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Lesson notes of climatology university.
sgladness67
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Ad

A firewall is an important and necessary part of that security, but cannot be expected to perform all the required security functions.

  • 2. This presentation: • does not contain NRC official positions • is not guidance on how to configure firewalls • is an overview of firewalls and their limitations • is a demonstration of how attackers can bypass firewalls
  • 3. What is a Firewall? Q: What is a firewall? A: A firewall is a computer. • A firewall has the following: - Two or more network cards - Processor, RAM, hard drive - Operating System Q: What makes a firewall different from other computers? A: Very little. • Designed to analyze and filter data flows at its most basic level • May include additional logic to perform real-time contextual analysis of data flows • May include specialized networking hardware to aid in this task 3
  • 4. What is a Firewall? Q: What is the purpose of a firewall? A: To control the flow of data between networks according to pre- defined rules • Packet Filtering (by port, by protocol, by source address, by destination address) • Stateful Inspection (can determine if a packet is part of an existing data flow) • Other features include the following: -“Application Aware:” contains logic specific to common application (web, FTP, Secure Shell, etc.) - Quality of Service: Traffic prioritization and scheduling - Session Inspection: Can search a data flow for certain types of content 4
  • 5. Firewall Limitations •A firewall cannot perform all security tasks – Hardware limitations – Memory and overhead limitations – Time limitations – Logic limitations – Encrypted traffic payloads are not visible – Firewalls do not typically do traffic normalization • As a computer, a firewall can have vulnerabilities – CVE-2012-4661: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module – CVE-2012-5316: Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 – ICSA-12-102-05: Siemens Scalance S Multiple Security Vulnerabilities 5
  • 6. Firewall Limitations A firewall is only as good as its ruleset. Source: Wool, Avishai. (2009). Firewall configuration errors revisited. Tel Aviv University School of Engineering. Retrieved from: 6 http://arxiv.org/pdf/0911.1240v1.pdf
  • 7. Typical Network Architecture • Business network acts as backbone • Firewall between business network (BN) and plant control network (PCN) • Firewall between PCN and plant network (PN) may or 7
  • 8. Typical Network Architecture Problems: • BN/PCN Firewall is configured to partially or completely trust BN • PCN/PN Firewall is configured to partially or completely trust PCN 8
  • 9. Common Weaknesses to Model •Poorly configured firewalls (historical, political, or legacy technical reasons) - Passing Microsoft Windows networking packets - Passing remote services (rsh, rlogin) - PCN/PN having trusted hosts on the business LAN - Not providing outbound data rules • Peer links that bypass or route through external firewall direct to PCN or PN 9
  • 10. Common Weaknesses to Model • IT controlled assets in the PCN or PN (communications links, replicated services) • Vendor links for remote maintenance/monitoring • Out-of-band communications channels (backup links to RTUs) 10
  • 11. Getting Inside the Trusted Network • Passive Evasion - The victim “phones home” to the attacker 1. Phishing/spearphishing 2. Malicious website/drive-by infection 3. “Sneakernet” infection 4. Social Engineering • Indirect Evasion – Traffic appears to be authentic 1. Stolen remote access credentials 2. VPN piggyback 3. Session hijacking 4. Address spoofing (for internal zones) 11
  • 12. Getting Inside the Trusted Network • Active Evasion 1. Attack exposed services (Web, E-mail) 2. Attack firewall vulnerabilites 3. Exploit weak ruleset/poor configuration 4. “Trick” or subvert the firewall logic with protocol manipulation (AET) 5. Find out-of-band channels (wireless, modems, satellite links) 6. Get physical access to firewall or other infrastructure 12
  • 13. Case Study – Palo Alto Networks • Founded in 2005 by Checkpoint veteran • First firewall product developed in 2007 • First of the “Next Generation” firewalls1 • Named leader in the 2011 Gartner “Magic Quadrant” report2 • At Defcon 19 (Dec 2011), Palo Alto firewall demonstrated to have fatal design flaw 1. Pescatore, J. & Young, G. (2009, October 19). Defining the Next-Generation Firewall. Gartner RAS Core Research Group. Retrieved from: http://img1.custompublish.com/getfile.php/1434855.1861.sqqycbrdwq/Defining+the+Next-Generation+Firewall.pdf, retrieved 2012-12-02 2. Denne, S. (2011, December 16). Palo Alto Networks hits the Magic Quadrant for firewalls. The Wall Street Journal. Retrieved from: http://blogs.wsj.com/venturecapital/2011/12/16/palo-alto-networks-hits-the-magic-quadrant-for-firewalls/ 3. Woodberg, B. (2011). Palo Alto Networks Security Bypass. Defcon 19. Retrieved from: http://www.youtube.com/watch?v=AuaCrRlIgnQ 13
  • 14. Case Study – Palo Alto Networks Cache poisoning attack: • HTTP port open, SIP port blocked • Attacker generates large number of HTTP sessions • Memory cache fills, traffic no longer inspected • HTTP session re-established as SIP, bypassing filter 14
  • 15. Demonstration Attack Stage 1 – Desktop attack Attack Stage 2 – Impersonation Attack Attack Stage 3 – Session Hijack 15
  • 16. Attack Stage 1– Desktop Attack Scenario 1: • Attacker crafts email message to employee - Looks very believable, may come from spoofed address of trusted source • Email contains link to compromised website Scenario 2: • Employee goes to trusted website, which has link to infected website, employees computer is infected without knowledge (watering hole attack) 16
  • 17. Attack Stage 1– Desktop Attack Both Scenarios: • Zero-day exploits in desktop software (e.g. browsers, operating system, browser plugin) • Anti-virus/anti-malware measures will not detect if no signature available • IDS/IPS will not detect if no signature available or if connection is encrypted • Payload deploys rootkit or Remote Access Toolkit (RAT) • Payload initiates outbound connection over SSL/TLS or other encrypted protocol to bypass IDS/IPS/firewall inspection measures • Attacker now has full control over employee’s system and can attack local servers 17
  • 18. Attack Stage 2 – Impersonation Attack Scenario: • No connections are allowed thru firewall from PCN to BN • Firewall is configured as “one way” • Server A, behind the firewall, sends a requests for data to Server B • Server B cannot talk to Server A 18
  • 19. TCP “Handshake” A B Listening Store data Wait Connected Once established, all TCP connections are bi- directional. Attacks can flow back to clients!
  • 20. Attack Stage 2 Buffer Overflow • A buffer overflow occurs when attacker sends data that cannot be adequately handled by the victim program -Unexpected value -Value out-of-bounds -Memory violation • Attack packet contains executable instructions to request victim open a shell prompt • The original session has not terminated 20
  • 21. Attack Stage 3 – Session Hijack Scenario: • Victim is logged into CDA/CS, through the firewall • Telnet connection is allowed from Victim to ICS • No other hosts are allowed to connect thru firewall to ICS • Telnet Connection is authenticated 21
  • 22. Blind TCP Session Hijacking • Victim, target trusted authenticated connection - Packets will have predictable sequence numbers • Attacker impersonates victim to target - Opens connection to target to get initial seq number - Fills victim’s receive queue - Sends packets to target that resemble victim’s transmission - Attacker cannot receive, but may execute commands on target 22 Target Attacker Victim
  • 23. Attack Stage 3 – Session Hijack • Attacker listens to unencrypted session • Attacker uses probes to determine sequence numbers • Attacker sends spoofed identity packets to ICS while performing Denial of Service on Victim • Attacker sends shutdown command to ICS 23
  • 24. How Easy are These Attacks? • Numerous RAT/trojan toolkits available on underground market – Push-button ease of use – Exploits as a Service (EaaS) becoming viable business model1,2 • Buffer overflow attack methodologies have been well- known and well-documented for many years – “Smashing the Stack for Fun and Profit” by AlephOne, Phrack magazine,1996 • Session hijacking is one of the oldest attack methods on the Internet – Kevin Mitnick “man-in-the-middle” attack, 1994 1. Grier, Ballard, Caballero, et. al. (2012). Manufacturing Compromise: The Emergence of Exploit-as-a-Service. 19th ACM Conference on Computer and Communications Security. Retrieved from http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf 2. Asprey, D. (2011). New type of cloud emerges: Exploits as a Service (EaaS). TrendMicro Security. Retrieved from http://cloud.trendmicro.com/new-type-of-cloud-emerges-exploits-as-a-service-eaas/ 24
  • 25. How Easy are These Attacks? •Free, easily available hacking tools and toolkits can perform some or all firewall bypass attack types: -Metaploit Framework -Cain and Abel -Firesheep -LOIC -Evader -Backtrack Live CD -Nmap -Ettercap 25
  • 26. Firewall Limitations •Firewall technology is not one way (non-deterministic, not application-fluent) •Firewalls can be bypassed in many ways •Firewalls have their own vulnerabilities •Effective Security Programs must do the following: -Prevent -Detect -Delay -Deny -Deter -Respond -Recover • Firewalls cannot do all of these things alone 26