Scribd Logo
Upload

Welcome to Scribd!

  • Penetration Testing A PfSense Firewall (3e)

    Uploaded by

    Hamza Bhatti
    34 views8 pages

    Original Title

    Penetration Testing a PfSense Firewall (3e)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    34 views8 pages

    Penetration Testing A PfSense Firewall (3e)

    Uploaded by

    Hamza Bhatti

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    NAME:

    STUDENT ID#
    LAB#
    10/2/2022
    Penetration Testing a pfSense Firewall (3e)

    Table of Contents
    1 SECTION.......................................................................................................................................1
    1.1 Vulnerability Report..............................................................................................................1
    1.2 List of Medium and low Vulnerabilities.................................................................................1
    1.3 Updated Vulnerability Report...............................................................................................2
    2 SECTION.......................................................................................................................................3
    2.1 Results of the Traceroute Command.....................................................................................3
    2.2 Nmap Scan with OS Detection Activated...............................................................................3
    2.3 OpenVAS Scan Report...........................................................................................................4
    2.4 Detailed OpenVAS Scan Results.............................................................................................4
    3 Section.........................................................................................................................................5
    3.1 Open Ports on TargetLinux01 and the DMZ Firewall Interface...............................................5
    3.2 Vulnerability Scan Results.....................................................................................................6
    4 Best Practice DMZ Deployments...................................................................................................6
    4.1 Best Practice.........................................................................................................................6
    4.2 Vulnerability.........................................................................................................................6
    5 Summary......................................................................................................................................7

    1|Page
    Penetration Testing a pfSense Firewall (3e)

    LAB#3

    1 SECTION
    1.1 Vulnerability Report

    1.2 List of Medium and low Vulnerabilities

    2|Page
    Penetration Testing a pfSense Firewall (3e)

    1.3 Updated Vulnerability Report

    3|Page
    Penetration Testing a pfSense Firewall (3e)

    2 SECTION

    2.1 Results of the Traceroute Command

    2.2 Nmap Scan with OS Detection Activated

    4|Page
    Penetration Testing a pfSense Firewall (3e)

    2.3 OpenVAS Scan Report

    2.4 Detailed OpenVAS Scan Results

    5|Page
    Penetration Testing a pfSense Firewall (3e)

    3 Section

    3.1 Open Ports on TargetLinux01 and the DMZ Firewall Interface

    3.2 Vulnerability Scan Results

    6|Page
    Penetration Testing a pfSense Firewall (3e)

    4 Best Practice DMZ Deployments

    4.1 Best Practice


    I. Harden and isolate the service console

    This step is crucial in DMZ because access to the service console of an ESX host grants complete
    control over virtual machines hosted on that host.

    II. Clearly label networks for each zone within DMZ

    It is crucial to clearly label networks for each DMZ zone, as connecting virtual servers to the
    incorrect networks can undermine all security measures.

    III. Set Layer 2 security options on virtual switches

    Protect against data spying, sniffing, and MAC spoofing by blocking promiscuous mode, MAC
    address changes, and forged transmissions on virtual network interfaces.

    IV. Use ESX resource management capabilities

    In a virtual environment, denial of service can occur if each virtual machine demands a
    disproportionate amount of ESX host resources. Other virtual machines running on the same ESX host
    are starved.

    4.2 Vulnerability
    I. Insufficient hardening of DMZ systems.

    You may have strong ingress and/or firewall filtering, yet attackers identify a vulnerability in the
    DMZ machine's operating system or services.

    5 Summary
    It will limit or block the illegal content, which are two of the most significant services that are supplied
    by the firewall, which also separates the DMZ zone. The firewall will verify that the traffic that is allowed
    to pass is valid. The site servers should not be directly connected to the internet; this will ensure that
    there are only a few numbers of potential security flaws in the intranet. Incoming traffic should be
    routed through DMZ associated devices, which should then be connected by switches. This will ensure
    that unneeded traffic is not routed through the DMZ or is kept away from DMZ operations.

    7|Page

    You might also like