Large enterprises within the network penetration of the common software has a breaking point-vulnerability warning-the black bar safety net

Some enterprise-level network, especially in Europe and the United States of large companies, the network structure of the General characteristics is the dmz Zone and the internal network is substantially isolated from the domain into the clear, the permissions are set meticulous and strict, firewall and IDS configuration is complete. In order to carry out the attack and penetration of their ideas with the invasion of some use only the web hosting service or just a stand-aloneweb serversmall company Site natural completely different. But large companies also have large companies issues, such as a US-based company, which is to integrate the company in the United States as well as around the globe branch of the LAN to a joint work or a schema into a unified management of the company has within the network, must also want to use some special network applications and solutions, and these applications and solutions are often the security of the weakest link, also is the hackers penetration attacks to the common entry point. In terms of software, currently being used to penetrate the following entry points:

1. VPN and WebVPN, many large enterprises within the network each subnet between the connected to each other through a virtual private network(vpn), and in order to facilitate in the external network employees access to internal network resources, employees can dial into a virtual private network client connection software, commonly used with the Cisco Systems VPN Client, or Nortel Networks Contivity VPN Client. For the software itself, each client connection tool are there may be vulnerabilities such as the Cisco VPN hub in the presence of the remote group name enumeration vulnerability(BUGTRAQ ID: 1 3 9 9 2), which IPsec VPN client and the group password information disclosure vulnerability(BUGTRAQ ID: 1 0 1 5 5), the Nortel VPN client then there is a local elevation of privilege vulnerability(BUGTRAQ ID: 1 4 5 4 2), these vulnerabilities are likely to lead to a malicious user to obtain the VPN network from unauthorized access; and for the software configuration to the Cisco client, for example, its configuration is to use one. the pcf configuration file, inside the major sensitive information there are three, to provide the VPN service, the IP address, set the password and the individual password; and in addition a common WebVPN services does not require the user to download another client, you can directly in a provided WebVPN services site login, and then through the site to access the corporate e-mail or other network resources, the WebVPN will generally use the enterprise employees in the company’s individual accounts for authentication, but sometimes the more secure setting would be to use Dual-authentication(two-factor)in the form of landing, i.e. you first need an account login to WebVPN and log in according to their choice to access network resources, such as Company E-mail or Intranet, and then require another registered account authentication. This configuration of the weaknesses is that as long as there is a staff of account information or the VPN configuration file is accidentally compromised, then the entire company intranet would be threatened; and if the company employees in the company outside of the site to register to use some services, such as some public forum or free e-mail, at the time of registration will need to fill in your personal mailbox and password information, security awareness is not high, the employees tend to use the company’s e-mail address and even login to the company VPN service the same password to register, so that once some of the security weakness of the site being attacked, which is stored in the user information on the user’s corporate network pose a threat,especially to have a large number of employees in the largest companies,this risk factor but higher.

2. Citrix, Citrix Systems, Inc. produced Microsoft Remote Desktop Connection services has become very much the company to provide remote application services of the first choice, which requires the user to first install the Citrix Client, with a registered account to log on Citrix Metaframe Web Interface, and then according to the selection you want to use the application, such as Microsoft Office Word, Windows Desktop, or any other pre-set application, start the appropriate. ica file to be accessed, its characteristics is to reject remote direct 3 3 8 9 port connections for Terminal Services, you can according to the different permissions set access restrictions, you can also share the local hard drive for easy file operation. The service software itself is constantly found to have vulnerabilities, such as Citrix MetaFrame Presentation Server user name policy can be bypass vulnerability(http://securitytracker.com/id?1014994), Citrix MetaFrame Password Manager encryption mechanism is also flawed(http://www.foundstone.com/products/sa/fs-sa-04-05-04.pdf); the software configuration weaknesses that only Metraframe the Web interface once authentication, and after login you can access the remote applications on the server access, and most applications require the file operation, 黑客往往可以利用文件的选择窗口寻找并打开windows系统目录下的explore.exe and then thereby obtaining desktop access rights, and then will then try to use the server local vulnerability to elevate privileges. Since a lot of companies will be the Citrix server on the internal network, so once the server is compromised, the company within the network will be a huge threat.

3. Outlook Web Access(OWA)and Exchange Server, many of the company’s e-mail server using Microsoft’s Exchange Server, in order to facilitate staff remote e-mail, and will often open the Exchange Outlook Web Access Service, log in which is generally also just use a personal account to conduct a certification. For the software itself, the different versions of the OWA service itself, there is some vulnerability, such as OWA for Exchange Server 5.5 exist to allow cross-site scripting attack vulnerability(MS04-0 2 6, AND MS05-0 2 9), and the Exchange Server have recently been found to have dangerous level of the highest remote overflow vulnerability(MS05-0 2 1); in the configuration, since the user login to OWA using the e-mail account information, this article describes the first entry point for the possible threats for the service is equally applicable; in addition to more serious, and in the DMZ area ofWeb serveris different, the Exchange Server will often be placed on the internal network, once compromised, the hacker could directly access the network access rights.