jetlib.sec » Penetration Testing » Re: auditing web/mail proxies

Feeds

133322 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Penetration Testing

• December 16, 2011
• 

  Re: auditing web/mail proxies

  Posted: December 16th, 2011, 6:40am PST

  Tags:   

  Posted by White Hat on Dec 16

  Is the main threat internal, or external?
  
  If it's internal, a few questions I would ask are:
  
  Do they allow egress ICMP?
  Do they allow egress SSH?
  Do they allow egress DNS?
  
  If they do allow these protocols out then an insider can probably
  bypass the proxy with tools like icmptx, nstx, ssh tunneling, etc.
  
  Do they control what browser clients use?
  Does the proxy transparently redirect outbound http requests, or does
  it rely on browser...