We tested the ability of the proxies to block methods and HTTP URL filtering
based on length or text matching. Application firewalls aren't meant to provide
full-blown Web application protection; however, simple URL matching shouldn't be
difficult. We tested whether the HTTP proxy could block a common
directory-traversal attack. We used regular expressions or simple strings,
depending on what the firewall supported. We tested the blocking by sending the
offending URL containing the offending strings and even Unicode encoded them to
bypass the filter proxies.
DNS Cache Poisoning
We set up a Bind DNS server on the external network and created a new zone under
our domain name called zone-1-1. We also created a zone called zone-1-2. We
created an alias, "spoof" on zone-1-1 that points to "real" in zone-1-2. In
zone-1-2, we created an A record that resolved "real" to an IP address. When we
queried zone-1-2 for "spoofed," the DNS server returned the answer as an alias
for real.zone-1-2 and the address for real.zone-1-2. Our misconfigured DNS
server promptly cached both entries.
SMTP testing
Because none of the firewalls had true POP3 and IMAP application proxies, we
focused on SMTP. We tested open relaying of e-mail by configuring the SMTP proxy
only to allow e-mail to our domain, and then, using an SMTP client on the
outside, we tried to relay mail by direct relay and used bang-path strings such
as victim![email protected] or victim%[email protected].
Glossary
Application-level firewall: A proxy that examines network traffic at the application-protocol level and can enforce protocol syntax and filter specific protocol commands and content.
Circuit-level gateway (also known as a proxy): A circuit-level gateway is similar to a stateful packet filter except the circuit-level gateway proxies connections passing through it. Clients and servers never communicate directly.
Stateful packet-filtering firewall: A firewall that monitors TCP session state and drop/reject packets that are not part of a current session or are out of state with a current session. Application filtering is usually limited to handling randomly assigned connections within protocols like FTP or H.323.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
