Category: Security

Security Articles

Posted on

Nmap Scanning a WatchGuard Firewall

I recently completed a perimeter security audit for a client who was using a WatchGuard Firewall. One of the default options is port scan detection which automatically blocks any IP addresses it detects as carrying out a port scan against it. One of the problems for penetration testers is that it does not have a whitelist so for a client it’s either on or off.

When you are performing infrastructure penetration testing its important to get reliable, comprehensive port scans. I found that the following Nmap options can be used to carry out a scan without your IP blacklisted or blocked:

# nmap -sS -P0 -vvvv -sV -T2 ip-address
# nmap -P0 -p1-20000 -vvvv -O -T Sneaky -sS ip-address

These options can also be used for other security appliances which feature port scan blocking functions including ISS Proventia, Fortigate, TippingPoint and Cisco ASA.

Posted on

How to protect Horde Webmail (Plesk) against brute force attacks

This article outlines the process of configuring Fail2Ban to secure a Horde Webmail, running on a Plesk server, against brute force attacks.

Prerequisite: This article expects that you have already completed the installation of Fail2Ban as outlined here.

Once you have completed the installation of Fail2Ban –

1. Copy the Courier IMAP filter to a new filter for Horde:

# cp /etc/fail2ban/filter.d/courierlogin.conf /etc/fail2ban/filter.d/hordelogin.conf

2. Edit the contents of /etc/fail2ban/filter.d/hordelogin.conf

# nano -w /etc/fail2ban/filter.d/hordelogin.conf

The file should read:

[Definition]

failregex = FAILED LOGIN for *.* \[< HOST >\] .*$

ignoreregex =

3. Edit the Fail2Ban jail file:

# nano -w /etc/fail2ban/jail.conf

4. At the end of the file add: Continue reading “How to protect Horde Webmail (Plesk) against brute force attacks”

Posted on

How to force HTTPS in Horde (Plesk)

If your using Horde as your preferred webmail client on a Plesk virtual hosting server, its advisable to enable (and force) the use of HTTPS in order to secure webmail users against their login information and email communication being compromised.

To force HTTPS within Horde:

# nano -w /etc/psa-webmail/horde/horde/conf.php

Then change:

$conf['use_ssl'] = 2;

to:

$conf['use_ssl'] = 1;

Next edit the Horde virtual host file:

nano -w /etc/httpd/conf.d/zzz_horde_vhost.conf

And just below the “ServerAdmin [email protected]” line add:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

Make sure to tab the lines in to match the delimiter of the previous servername/alias/admin lines. Continue reading “How to force HTTPS in Horde (Plesk)”

Posted on

Secure Courier-IMAP POP3/IMAP (Plesk) against brute forcing

This article outlines the process of configuring Fail2Ban to secure a Plesk server running Courier-IMAP as its IMAP and POP3 server against brute forcing.

Prerequisite: This article expects that you have already completed the installation of Fail2Ban as outlined here.

Once you have completed the installation of Fail2Ban –

1. Edit /etc/fail2ban/filter.d/courierlogin.conf using nano.

nano -w /etc/fail2ban/filter.d/courierlogin.conf

And change: “LOGIN FAILED, .*, ip=\[< HOST >\]$”

To: “LOGIN FAILED, ip=\[< HOST >\]$”

2. Add the following configuration to /etc/fail2ban/jail.conf: Continue reading “Secure Courier-IMAP POP3/IMAP (Plesk) against brute forcing”

Posted on

15 steps to secure your iPhone / iPad

There has been a lot of controversy in the media regarding the security of Apple iPhone and iPad devices. Whilst both ship with a natively secure operating system, the majority (~60%) of iPhone and iPad users have jail broken their devices which makes them blatantly insecure!

Jailbreaking is a process that allows iPad, iPhone and iPod Touch users to install homebrew applications on their devices by unlocking the operating system and allowing the user root access. Once jailbroken, iDevice users are able to download many extensions and themes previously unavailable through the App Store via unofficial installers such as Cydia. A jailbroken iPad, iPhone or iPod Touch is still able to use the App Store and iTunes.

Jailbreaking is different from SIM unlocking, which, once completed, means that the mobile phone will accept any SIM without restriction on, for example, the country or network operator of origin. Jailbreaking, according to Apple, can void Apple’s warranty on the device,[1] although this is quickly remedied by restoring the device in iTunes.

This article will address some of the security issues with jailbroken iPhone and iPad devices and how you can secure your unit.

1. SSH Passwords

By default, jailbroken devices are vulnerable to being hacked into using SSH. If you have jailbroken your device and installed Cydia it is vital that you change your phones mobile and root account passwords. The default password is ‘alpine’ which means that if you connect to a wireless access point using your device, rogue individuals can gain un-authorized access to your device. Continue reading “15 steps to secure your iPhone / iPad”