Ads 468x60px

19 de marzo de 2018

What’s new in FortiOS 6.0

I wrote about what’s new in FortiOS 5.6 one year ago but most FortiGate firewalls in a production environment are still in FortiOS 5.4. However, most security engineers are already upgrading to FortiOS 5.6 but, meanwhile, Fortinet goes ahead because the new security operating system FortiOS 6.0 is going to be released next weeks. This new operating system comes with more than 200 features and capabilities that has been designed to provide the broad visibility, integrated threat intelligence, and automated response required for digital business. As I’ve already attended an online sessions to know new features and improvements, I’m going to highlight the most interesting features.

FortiOS 6.0 Dashboard

One of the enhanced features is Security Fabric which extends beyond the boundaries of firewalls and even network security. It includes some new integrations, including Fabric inclusion of FortiMail, expanding local caching capacity seamlessly with FortiCache and a new CASB product. The Security Fabric is also designed to shrink the windows from both intrusion to detection and detection to response. Therefore, automation comes from a new User-Defined Automation feature where triggers take immediate actions in the form of quarantines, configuration changes, reports, or other notifications.

Configuring Automation

Bandwidth management is a must and Multi-path intelligence for SD-WAN, or Software Defined WAN, has also been enhanced in FortiOS 6.0 with SLA controls to measure application transactions, ensuring critical applications travel on the best of the multiple branch links. SD-WAN ensures performance for SaaS, VoIP, and critical business applications as well as automated fail-over capabilities. In addition, new one-touch VPN and zero-touch deployment further reduce complexity and rapidly enable new enterprise branches.

Best of breed SD-WAN
Another powerful enhanced feature is Multi-Cloud Security where connectors within Security Fabric provide full visibility across multi-cloud environments, including private cloud connectors, public cloud connectors and SaaS clouds with CASB connectors. For instance, FortiCASB (Cloud Access Security Broker) offers visibility and advanced threat protection of Software-as-as-Service (SaaS) applications such as, Office 365, Dropbox, Box, AWS and more. It is also integrated with AV and FortiCloud Sandbox for extended protection and detection capabilities.

FortiCASB for Office365
Asset Tagging is a new feature in FortiOS 6.0 which allows us to tag devices, interfaces, and objects with business context, so we can logically manage the traffic, despite the tempest of change at the physical layer. The tagging capability tags interfaces and objects then security policies are automatically invoked when these objects are created. Asset Tagging introduces business precise dynamic network segmentation through tagging that logically separates data and resources where we can set global policies for automatic enforcement.

Intent based network security

Last but not least, new FortiGuard Protection Services are available such as a list of compromised hosts from the Indicators of Compromise (IOC) service, automatic removal of malicious scripts in files from the Content Disarm & Reconstruction (CDR) service which proactively strips potentially malicious content embedded in Microsoft Office and Adobe files to sanitize the most common file formats, and the new Virus Outbreak Protection Service (VOS) which closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats.

FortiGuard Protection Services
Regards my friends; new firewall operating system, new features, go ahead.

12 de marzo de 2018

CyberSecurity Challenge

The ForoCIBER 2018 was an interesting conference about technological law and IT security where speakers like Eloy Velasco and Enrique Ávila spoke about cybersecurity. However, this year, ForoCIBER came with a CyberSecurity Challenge as well where young people with less than 35 years old and knowledges about reverse engineering, exploiting, forensics, hacking, cryptography and steganography could participate to show their technical skills and win some award. Therefore, I took the plunge to resolve these CyberSecurity Challenges.

The first challenge was about hacking where I had to find out a hidden word into a server. I only had the public IP address of the server but I knew soon remote services like SSH and MySQL was published to Internet, after scanning and testing with Nmap and Telnet. A Vulnerability assessment was the second thing I launched to know whether remote services had some important issue to exploit. I also launched Armitage to exploit the remote services but I got nothing. Finally, it was easier than all of this because administrator credentials to get into MySQL database was by default, where the magic word was hidden.

MySQL Access
The second challenge was about hacking, cryptography and exploiting where I had to steal a database from a webpage to know the credentials of a WebShell then I had to decrypt the magic words. Stealing the database wasn’t difficult because it was vulnerable to SQLi attack. However, credentials of the WebShell were encrypted. I was thinking about the encryption algorithm for hours till I realised letters were rotated 14 letters to the left. Once I knew the encryption algorithm, it was easy logging in to the WebShell and find out the magic words.


The third challenge was about forensics where the challenger gave us a tar.gz file for Capturing The Flag (CTF). The tar.gz file contained a text file with hashing information and another file, in fact a RAW image, which was split in many and small files of 100 bytes. Next, I put together all the files thanks to the windows type command, although it could have been used cat or affuse as well. The RAW image contained three pictures and two zip files with password protection, that I cracked with the fcrackzip tool. Digging into the decompressed files, I found a picture file with the flag hidden into the metadata.

The last challenge was about steganography and forensics where I had to find out the magic word using an IMG image. First, I mounted the image which contained tools, like HxD, Recuva and JPHS, and an empty folder called ”Imagenes”. Next, I used FTK Imager and Autopsy for searching for deleted files where there were a stegocontainer and a link to download the password for accessing to the stegocontainer. However, the password was a picture but thanks to the picture name and the HxD tool, I got the real password to get into the stegocontainer for reading the magic word.

It took me nearly 28 hours for resolving these challenges which was amazing because I was thinking about the challenges for all day to find out tips and steps. At the end, I got the second award, which was an iPad. Thank you. Thanks to the University of Extremadura and Viewnext for this interesting initiative about CyberSecurity.

CyberSecurity Challenge Awards
Best regards my friends. I’ve requested to be a challenger next year. We’ll see. Thanks.

5 de marzo de 2018

ForoCIBER 2018

I’ve been in the second edition of ForoCiber last Friday in Badajoz where speakers have spoken about technological law and IT security. I had already been in the First National ForoCiber Summit in Cáceres and I didn’t want to miss the ForoCiber summit this year because it’s one of the few meeting about IT security in Extremadura. In addition, ForoCiber is not only about IT security but technological law as well what means IT engineers and lawyers share knowledges and point of views, which is very interesting. Therefore, I want to make an overview about the second edition of ForoCiber in this post.

The first speaker was the judge Eloy Velasco from the Spanish National Court who talked about technologies for crime investigations. He spoke about the criminal prosecution law 13/2015 and he also told us many stories and examples. For instance, he talked about the case of banking data theft by Falciani and the investigation of shooting in San Bernardino (California) where protection of fundamental rights and collaboration with the justice is important and mandatory in Spain. He also talked about geolocation, cameras, microphones, etc used for his investigations as a judge. It was a really interesting talk.

Eloy Velasco

The next speech was for Susana González from Hiberus who talked about Data Protection Management System into General Data Protection Regulation (GDPR) where risk identification, risk assessment and risk management is important into the Data Protection Impact Assessment (DPIA). In addition, she spoke about Privacy by Design & Default where companies should process personal data with data protection and privacy in mind at every step and where strictest privacy setting should apply by default. It was a non-tech talk but a security management talk.

Susana González
Miguel Ángel Arrollo founder of Hack&Beers was the next speaker who talked about SOCMINT: Social Media Intelligence. From my point of view, it was a funny and interesting talk because he show many online tools for Social Media Intelligence like tinfoleak for searching Twitter users leaks, IntelTechniques where there are many online tools and where we can search Twitter or Instagram users to find out where someone’s been posting from recently. The best recommendation is to disable geolocation into social media applications.

Miguel Ángel Arroyo
Once again, Enrique Ávila comes to ForoCiber. This time, Enrique as Manager at Spanish National Centre of Excellence on CyberSecurity (CNEC) talked about Strategic Cyber Intelligence. He highlighted the importance of multidisciplinary teams to improve protection on cyberspace. In addition, he spoke about the strategic talent reserve on cyberdefense and cybersecurity where technical profiles could be required by the government as voluntaries to protect and help Spain.

Enrique Ávila

Finally, Manuel López who works as a National Police of Spain talked about Computer Forensics. He spoke about the importance of chain of custody but he also spoke about the danger and the difficulty to get into criminal’s houses to get evidences. In addition, he told us that most forensic tasks he does are against mobile devices like smartphones and tablets, although he has also had to analyse laptops, servers or video game consoles.

Manuel López
To sum up, it has been an interesting summit and I would like to say thanks to the organization for their hard and good job.
Related Posts Plugin for WordPress, Blogger...

Entradas populares