Securing Vendor Webapps - A Vulnerability Assessment On HELK

2OWtEymBQfA/default.jpg

00:50 - My Vulnerability Assessment methodology
03:00 - Starting a Nessus Scan to see what it thinks
04:20 - Running nmap and deciding what ports are needed
09:35 - Reviewing the Nessus Scan
12:02 - Examining what leaving KSQL/Kafka (8088) open can do
13:58 - Using iptables to block ports that don't need to be routable
15:53 - Preventing NMAP from detecting the port as filtered, doing REJECT --reject-with tcp-reset
18:30 - Using Draw.io to explain what we are doing with a Reverse Proxy
20:40 - Installing Apache2
21:33 - Creating the reverse proxy HTTPS Configuration, then enabling modules ssl, proxy, proxy_http
25:10 - Our Apache Server doesn't like self-signed certificate of remote server adding:
-- SSLProxyVerify, SSLProxyCheckPeerCN, SSLProxyCheckPeerName, SSLProxyCheckPeerExpire
28:44 - Enabling Universe Repo then installing mod-security
29:50 - Briefly going over the mod-security configuration file
32:35 - Setting ModSecurity to blocking mode then modifying the rules to allow Kibana to work
36:25 - ModSecurity doesn't like "application/x-ndjson", adding this to the allowed content types
40:13 - Beginning of creating a Certificate Authority to handle Mutual SSL Authentication
42:20 - Creating the CA Private/Public Keys with OpenSSL
44:11 - Creating the WebServer's private key with OpenSSL, then signing
46:00 - Creating the users private key with OpenSSL, then signing
47:20 - Copying the Webserver's keys to the reverse proxy, then updating Apache2 to use the certs
49:50 - Showing the SSL is working by adding the CA to firefox and checking if cert warnings go away
51:10 - Configuring Apache to force SSL Client Authentication which requires user certificates
52:00 - Creating the PFX File in order to allow Firefox to import our user certificate
53:00 - Demonstrating SSL Mutual Authentication is working
53:30 - Modifying iptables on HELK to only allow HTTP/HTTPS Connections from the Reverse Proxy
56:00 - Making the iptable rules on HELK persistent
56:40 - Uh-oh we forgot to do rules on IPv6, which allows for a firewall bypass. Let's just disable IPv6.

2OWtEymBQfA/default.jpg
Securing Vendor Webapps - A Vulnerability Assessment On HELK Securing Vendor Webapps - A Vulnerability Assessment On HELK Reviewed by Unknown on April 14, 2019 Rating: 5