Ads 468x60px

Featured Posts

19 de marzo de 2018

What’s new in FortiOS 6.0

I wrote about what’s new in FortiOS 5.6 one year ago but most FortiGate firewalls in a production environment are still in FortiOS 5.4. However, most security engineers are already upgrading to FortiOS 5.6 but, meanwhile, Fortinet goes ahead because the new security operating system FortiOS 6.0 is going to be released next weeks. This new operating system comes with more than 200 features and capabilities that has been designed to provide the broad visibility, integrated threat intelligence, and automated response required for digital business. As I’ve already attended an online sessions to know new features and improvements, I’m going to highlight the most interesting features.

FortiOS 6.0 Dashboard

One of the enhanced features is Security Fabric which extends beyond the boundaries of firewalls and even network security. It includes some new integrations, including Fabric inclusion of FortiMail, expanding local caching capacity seamlessly with FortiCache and a new CASB product. The Security Fabric is also designed to shrink the windows from both intrusion to detection and detection to response. Therefore, automation comes from a new User-Defined Automation feature where triggers take immediate actions in the form of quarantines, configuration changes, reports, or other notifications.

Configuring Automation

Bandwidth management is a must and Multi-path intelligence for SD-WAN, or Software Defined WAN, has also been enhanced in FortiOS 6.0 with SLA controls to measure application transactions, ensuring critical applications travel on the best of the multiple branch links. SD-WAN ensures performance for SaaS, VoIP, and critical business applications as well as automated fail-over capabilities. In addition, new one-touch VPN and zero-touch deployment further reduce complexity and rapidly enable new enterprise branches.

Best of breed SD-WAN
Another powerful enhanced feature is Multi-Cloud Security where connectors within Security Fabric provide full visibility across multi-cloud environments, including private cloud connectors, public cloud connectors and SaaS clouds with CASB connectors. For instance, FortiCASB (Cloud Access Security Broker) offers visibility and advanced threat protection of Software-as-as-Service (SaaS) applications such as, Office 365, Dropbox, Box, AWS and more. It is also integrated with AV and FortiCloud Sandbox for extended protection and detection capabilities.

FortiCASB for Office365
Asset Tagging is a new feature in FortiOS 6.0 which allows us to tag devices, interfaces, and objects with business context, so we can logically manage the traffic, despite the tempest of change at the physical layer. The tagging capability tags interfaces and objects then security policies are automatically invoked when these objects are created. Asset Tagging introduces business precise dynamic network segmentation through tagging that logically separates data and resources where we can set global policies for automatic enforcement.

Intent based network security

Last but not least, new FortiGuard Protection Services are available such as a list of compromised hosts from the Indicators of Compromise (IOC) service, automatic removal of malicious scripts in files from the Content Disarm & Reconstruction (CDR) service which proactively strips potentially malicious content embedded in Microsoft Office and Adobe files to sanitize the most common file formats, and the new Virus Outbreak Protection Service (VOS) which closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats.

FortiGuard Protection Services
Regards my friends; new firewall operating system, new features, go ahead.

12 de marzo de 2018

CyberSecurity Challenge

The ForoCIBER 2018 was an interesting conference about technological law and IT security where speakers like Eloy Velasco and Enrique Ávila spoke about cybersecurity. However, this year, ForoCIBER came with a CyberSecurity Challenge as well where young people with less than 35 years old and knowledges about reverse engineering, exploiting, forensics, hacking, cryptography and steganography could participate to show their technical skills and win some award. Therefore, I took the plunge to resolve these CyberSecurity Challenges.

The first challenge was about hacking where I had to find out a hidden word into a server. I only had the public IP address of the server but I knew soon remote services like SSH and MySQL was published to Internet, after scanning and testing with Nmap and Telnet. A Vulnerability assessment was the second thing I launched to know whether remote services had some important issue to exploit. I also launched Armitage to exploit the remote services but I got nothing. Finally, it was easier than all of this because administrator credentials to get into MySQL database was by default, where the magic word was hidden.

MySQL Access
The second challenge was about hacking, cryptography and exploiting where I had to steal a database from a webpage to know the credentials of a WebShell then I had to decrypt the magic words. Stealing the database wasn’t difficult because it was vulnerable to SQLi attack. However, credentials of the WebShell were encrypted. I was thinking about the encryption algorithm for hours till I realised letters were rotated 14 letters to the left. Once I knew the encryption algorithm, it was easy logging in to the WebShell and find out the magic words.


The third challenge was about forensics where the challenger gave us a tar.gz file for Capturing The Flag (CTF). The tar.gz file contained a text file with hashing information and another file, in fact a RAW image, which was split in many and small files of 100 bytes. Next, I put together all the files thanks to the windows type command, although it could have been used cat or affuse as well. The RAW image contained three pictures and two zip files with password protection, that I cracked with the fcrackzip tool. Digging into the decompressed files, I found a picture file with the flag hidden into the metadata.

The last challenge was about steganography and forensics where I had to find out the magic word using an IMG image. First, I mounted the image which contained tools, like HxD, Recuva and JPHS, and an empty folder called ”Imagenes”. Next, I used FTK Imager and Autopsy for searching for deleted files where there were a stegocontainer and a link to download the password for accessing to the stegocontainer. However, the password was a picture but thanks to the picture name and the HxD tool, I got the real password to get into the stegocontainer for reading the magic word.

It took me nearly 28 hours for resolving these challenges which was amazing because I was thinking about the challenges for all day to find out tips and steps. At the end, I got the second award, which was an iPad. Thank you. Thanks to the University of Extremadura and Viewnext for this interesting initiative about CyberSecurity.

CyberSecurity Challenge Awards
Best regards my friends. I’ve requested to be a challenger next year. We’ll see. Thanks.
Related Posts Plugin for WordPress, Blogger...

Entradas populares