Professional Documents
Culture Documents
STUDENT ID#
LAB#
10/2/2022
Penetration Testing a pfSense Firewall (3e)
Table of Contents
1 SECTION.......................................................................................................................................1
1.1 Vulnerability Report..............................................................................................................1
1.2 List of Medium and low Vulnerabilities.................................................................................1
1.3 Updated Vulnerability Report...............................................................................................2
2 SECTION.......................................................................................................................................3
2.1 Results of the Traceroute Command.....................................................................................3
2.2 Nmap Scan with OS Detection Activated...............................................................................3
2.3 OpenVAS Scan Report...........................................................................................................4
2.4 Detailed OpenVAS Scan Results.............................................................................................4
3 Section.........................................................................................................................................5
3.1 Open Ports on TargetLinux01 and the DMZ Firewall Interface...............................................5
3.2 Vulnerability Scan Results.....................................................................................................6
4 Best Practice DMZ Deployments...................................................................................................6
4.1 Best Practice.........................................................................................................................6
4.2 Vulnerability.........................................................................................................................6
5 Summary......................................................................................................................................7
1|Page
Penetration Testing a pfSense Firewall (3e)
LAB#3
1 SECTION
1.1 Vulnerability Report
2|Page
Penetration Testing a pfSense Firewall (3e)
3|Page
Penetration Testing a pfSense Firewall (3e)
2 SECTION
4|Page
Penetration Testing a pfSense Firewall (3e)
5|Page
Penetration Testing a pfSense Firewall (3e)
3 Section
6|Page
Penetration Testing a pfSense Firewall (3e)
This step is crucial in DMZ because access to the service console of an ESX host grants complete
control over virtual machines hosted on that host.
It is crucial to clearly label networks for each DMZ zone, as connecting virtual servers to the
incorrect networks can undermine all security measures.
Protect against data spying, sniffing, and MAC spoofing by blocking promiscuous mode, MAC
address changes, and forged transmissions on virtual network interfaces.
In a virtual environment, denial of service can occur if each virtual machine demands a
disproportionate amount of ESX host resources. Other virtual machines running on the same ESX host
are starved.
4.2 Vulnerability
I. Insufficient hardening of DMZ systems.
You may have strong ingress and/or firewall filtering, yet attackers identify a vulnerability in the
DMZ machine's operating system or services.
5 Summary
It will limit or block the illegal content, which are two of the most significant services that are supplied
by the firewall, which also separates the DMZ zone. The firewall will verify that the traffic that is allowed
to pass is valid. The site servers should not be directly connected to the internet; this will ensure that
there are only a few numbers of potential security flaws in the intranet. Incoming traffic should be
routed through DMZ associated devices, which should then be connected by switches. This will ensure
that unneeded traffic is not routed through the DMZ or is kept away from DMZ operations.
7|Page