One Article Review
| Source |  SANS Institute |
|---|---|
| Identifiant | 362215 |
| Date de publication | 2017-05-04 16:20:16 (vue: 2017-05-04 16:20:16) |
| Titre | Migrating Telnet to SSH without Migrating, (Thu, May 4th) |
| Texte | I recently had a security assessment / internal pentest project, and one of the findings was I found an AS/400 running telnet services (actually unencrypted tn5250, but it comes to the same thing) The clients response was that this host was up for history purposes only, it was not longer production system. So it was only used occassionally when they needed transaction history from before their migration to the current system. Which doesnt really address risk around their clients information on that host. Weve all been there. Weve found a telnet service that should be migrated to SSH, but the affected device either doesnt support SSH, or the client for one reason or another cant put resources into enabling encrypted services. In the case of the AS400 above, theyd need to do an OS update, which would require an application update to an app they had retired, on a system that isnt production anymore. We see this in legacy systems, but in Industrial Control Systems (ICS) that control factories, water or hydro utilities we see this all the time in production - and the answer there is the gear doesnt support ssh, and in some cases doesnt support credentials. In ICS systems in particular, gear like this is often on the same 5,7 or 10 year depreciation cycle as might be seen on an industrial press or other manufacturing equipment, so upgrades are really a long-term thing, there are no quick fixes. Even finding where all the vulnerable gear is (physically, not on the network) can be a challenge So what to do? In some cases, Ive front-ended the problem child gear with a cheap SSH gateway. A Raspberry Pi does a decent job here for less than $100 per node. The Pi runs real linux, so you can secure it. The solution looks like this: base64,iVBORw0KGgoAAAANSUhEUgAAA5gAAADQCAIAAADtSVl2AAAgAElEQVR4nO2d/3MbZ37f8x/wOlNHSZvwprmGUSZVpp0Lpzetbqa6YdKZ8vqL2ckP7PUHq85MNJk2w5N9ImOeTd+Zx7AuebJ8Qe9CU4QFkwZtSBQh0iIDERccaUpGTMMCKZM8UaQgU+YXiTZMWgBBfNn+sMBi99nn2V0AC2D3wfs17x8kYHfxAALFFx58ns/zGwIAAAAAAAA25DeqPQAAQJGs7kT7Z8ItA75mx5SY9vHgxGKk2uMCAAAAKgREFgD7EX64d7LPW3fWSU1950j/TLjaYwQAAADKDkQWAJvRPxM+ds7FslgpTRcmV3ei1R4sAAAAUEZqRWS392Oza1uza1u+5U1H4E40lqj2iAAomHgy1Trk11VY+dSsb3mz2qMGAAAAygXPIru9H/OE1ts8Nxt7x8Tf68fOubomF2CxwKacdgWMW6z0ng8/3Kv2wAEAAICywKfIhh/uqSeuzrjntvdjqzvR4eDd7f1YdUcYvL8rzhDHk6nqjgTYhYnFSKEWK+Zkn7faYwcAAADKAoci2+a5Sfwibx3yR/YOxHvjyVRD16h4oye0XuHJqmgsMRy8K80QS4ZdyTEAOyK9b9X5Ts/IM6+PPvP66NN97q93XKIe83f/uFTtZwAAAACYD28ie8Y9J//93eyYUqvq7NqWdMDg/ErFxtY+HmSt0TnjnuufCVd9nhhYlp7pkPpt8/WOS72XLntluK+Mf/fVt9VHfu2s83dfGEaNAQAAAM7gSmQJi6076zztClCPFAsP6jtHKvbNfvjhnu5XwLNrW5UZDLAdJ7o9xLvlGy9ccl8Z99L4K8c71DfY2Edr1X4eAAAAgJnwI7LB+7vUlS7UaU7f8mbdWacjcKdiw2t2TOmKLFahASrRWEL9bnnFeZlqsSLffPkt9Snff/O9aj8VAAAAwEz4EVn1dKwYqZXm9n5MqpSdWIyc7PNWbDqWtUxHrDRodkyJze0bukZ7pkOVGRKwEeLnLnm++fJbanm9cePGrVu3QqHQ7OzsK87L6vfb033uzU104wIAAMAP/IgsqzORIPtaX+ypecY919A1Wsl6waYLk4S/tl8NNjumHL+6c7LPG40l2jw3268G67DwC8iIJ1Nia4v2qx8Q7+o//6lbrrATExP37t2Tn/vw0efqn4Vvdw+/995777///pMnT6r1pAAAAAAT4UdkuyYX1L+5mx1TgiBEYwlRCMQjI3sHwfu7FRuYujr22DmXODcsryUQl6VjOQ7Y3o91TS4QrS2I/PXP35Es9vr16wcHB+rr/N6L5Kqvp55/03N13Ov1bm2hGhsAAAAP8COy1BpZK3xTT92KiSqsz499UPnhAUsxsRip7xzRLaf+3mujkshubGyorxNPpqgnipW1xPQtAAAAYFP4EVkhV11wxj0XjSXOuOeoK72Gg3crvAcB1UviydTEYqRnOtQzHYrGEv0z4Yau0foXRqQqXlCDUHtsUSPVyAYC9L4crC4ZT/e5vV7v0pKirWxk74B446lvqS47O7ufAqDkK1TI8MVnn21V+z0FLEc8fqj7zuFKZLf3Y8fOuYaDd8W/qneZj8YSPdMhaflXZWgZ8BEy0dg7JghCPJnqnwk7AnfiyZQntD67tnXaFajvHEETrtrEE1o3aLFifvb2FbWSSrSPB6lnfeOFS16vNxgMSkfOrm2Jiw6lJh7S2rJKtvXQICMIt27deuUNL4JIuXjZt/jJSiYjZKr9/gSmED88fH8eP+aIIhM3Znd2djKZTEbz55wrkRVyc1qVLIHVRa0UrBVd4nqvhq7RCo8QVJ3t/Rhr4y5WvvE3l7xeL7ULgXbT4pcueq5fvy4dLP+gJX6IktYmHjvnqnrRdkYQ0hnh1q1bp9reQBApz73mCd9ZSaUzcFkOyAhCLH74j3M3q/6+QiyVi1dmtnd20hkhkxE0XJY3kY0nUye6PerN5aOxhCNwp+nCZH3nSCU1dzh4V11aoJ5z9S1vbu/HpGpaNJStNdT7KhvJqZ6RT359l7jU7NqWthPXd7z5w4ueqdtr4gpI+cEn+7yza1vyd2zLgE88rPJZ3YmK/3kl0xmILELkudc8t5dWDpPpVFpvugZYm4wgpDOZr57EIbIIkYtXbmx+tp1IplOan1d5E1kh98Uo1QU9ofWq1xVQJ1xn17aisYS0UN0RuNMy4BMEYWIxYqnZZVAm1J92nnr+zb/++Tuvj1zxer29ly43/oiywUHdWeeJl9/2hNbFd3vw/i5FiL9fsB9b |
| Envoyé | Oui |
| Condensat | $100 100 100mbps 4th 7966 =============== above access account actually address adopted affected after all allows almost already also amongs another ansible/puppet/chef answer anymore anything app appetite application approach approaches are around as/400 as400 assessment attacker attribution back backups base64 based been before boot box but can cant cards case cases center challenge cheap chickens child chops cis client clients close comes comment commons compact complexity compugen computer configured control course creative credentials current cycle debian decent default depending depreciation device devices direction disable distro distros dmz does doesnt done easier easy edu either enabling encrypted end ended ends equipment ethernet even ever everyone exit expand expose factories fail fastest featured file finding findings fine firewall fixes form forwarding found free from front full further gate gateway gear get gets good got gov/nistpubs/ir/2015/nist guide had happier hardening has have help here history hospital host hosts house http://nvlpubs https://isc huge hydro ics ill imaged immediately incident industrial information infrastructure instead intel internal internet isnt its ivborw0kggoaaaansuheugaaa5gaaadqcaiaaadtsvl2aaagaeleqvr4no2d/3mbz37f8x/wolnhszvwprmguszvpp0lpzetbqa6ydkz8vql2ckp7puhq85mnjk2w5n9imoetd+zx7auebj8qe9cu4qfkwztsbqh0iiderccaupgtmmckzm8uaqgu+yxitzmwgbbfnn+smbi99nn2v0ac2d3wfs17x8kyhfxaalffx58ns/zgwiaaaaaaaa25deqpqaaqjgs7kt7z8ita75mx5sy9vhgxgkk2umcaaaakgrefgd7ex64d7lpw3fwsu1950j/tljaywqaaadkdkqwajvrpxm+ds7fslgptrcmv3ei1r4saaaauezqrws392oza1uza1u+5u1h4e40lqj2iaaomhgy1trk11vy+dssb3mz2qmgaaaaygxpiru9h/oe1ts8nxt7x8tf68foubomf2cxwkacdgwmw6z0ng8/3kv2waeaaicywkfihh/uqseuzrjntvdjqzvr4edd7f1yducyvl8rzhdhk6nqjgtyhynfskewk+zkn7faywcaaadkaoci2+a5sfwibx3yr/yoxhvjyvrd16h4oye0xuhjqmgsmry8k80qs4zdyteaoyk9b9x5ts/im6+ppvp66nn97q93xkie83f/ufttzwaaaacyd28ie8y9j//93eyyuqvq7nqwdmdg/erfxty+hmst0tnjnuufcvd9nhhylp7pkppt8/wos72xlntluk+mf/fvt9vhfu2s83dfgeanaqaaam7gsmqji6076zztclcpfasp6jthkvbnfvjhnu5xwlnrw5uzdladj7o9xlvlgy9ccl8z99l4k8c71dfy2edr1x4eaaaagjnwi7lb+7vuls7uau7f8mbdwacjckdiw2t2tomklfahasrrwel9bnnfezlqsslffpkt9snff/o9aj8vaaaawez4evn1dkwyqzxm9n5mqpsdwiyc7pnwbdqwtuxhrdrodkyjze0bukz7pkovgrkweelnlnm++fjbanm9cepgrvu3qqhq7ozsk87l6vfb033uzu104wiaamap/igsqzoriptax+ypecy919a1wsl6waylk4s/tl8nnjumhl+6c7lpg40l2jw3268g67dwc8iij1nia4v2qx8q7+o//6lbrratexp37t2tn/vw0efqn4vvdw+/995777///pmnt6r1paaaaaat4udkuyyx1l+5mx1tgibeywlrcmqji3shwfu7fruyujr22dmxodcsryuql6vjoq7y3o91ts4qrs2i/pxp35es9vr16wchb+rr/n6l5kqvp55/03n13ov1bm2hghsaaaap8coy1bpzk3xtt92kisqsz499upnhausxsrip7xzrlaf+3mujkshubgyorxnppqgnipw1xpqtaaaayfp4evkhv11wxj0xjsxouoeok72gg3crvacb1uviydteyqrnotqzhyrgev0z4yau0foxrqqqxlcduhtsuspvyayc9l4crc4zt/e5vv7v0pkirwxk74b446lvqs47o7ufaqdkk1ti8mvnn21v+z0flec8fqj7zufkzlf3y8fouyadd8w/qnezj8yspdmhaflxzwgz8bey0dg7jghcpjnqnwk7anfiyzqntd67tnxafajvheetrtree1o3alfifvb2fbwssrspb6lnfeofs16vnxgmskform2jiw6ljh7s2rjktvxqicmit27deuunl4jiuxjzt/jjsiyjzkr9/gsmed88fh8ep+aiihm3znd2djkztebz55wrkrvyc1qvlihvra0urbvd4nqvhq7rco8qvj3t/rhr4y5wvve3l7xel7ulgxbt4pcueq5fvy4dlp+gjx6iktymhjvnqnrrdkyq0hnh1q1bp9reqbapz73mcd9zsauzcfkoyahclh74j3m3q/6+qiyvi1dmtnd20hkhkxe0xjy3ky0nuye6pern5aoxhcnwp+nczh3nscu1dzh4v11aoj5z9s1vbu/hpgpanjstndt7khvjqz6rt359l7ju7nqwthpxd7z5w4ueqdtr4gpi+cen+7yza1vyd2zlge88rpjz3ymk/3kl0xmilelkudc8t5dwdpppvfpvugzym4wgpdozr57eibiikytxbmx+tp1iploan1d5e1kh98uo1qu9ofwq1xvqj1xn17aisys0un0runmy4bmeywixyqnzzvam1j92nnr+zb/++tuvj1zxer29ly43/oiywuhdweejl9/2hnbfd3vw/i5fil9fsb9bjgfccxlbskuzirrefihz3gue0olyk0q6mcpazw2n+k3lauqwuexilrurze1yip1ma/2mcyiygiccdgusmqmp3gpb7agmedk7mf3bmlimzn3bjo50bo409o5rdyydnkhwujcueoj9dv4tbbmui/latzw0rjgnh6uhsgir517zfbrepjhmjvkznkol7ewmk0mlhs+/iv1yfiklkdj45cb6p9shh6kjzc+rfipshfsssdjjnlpvn1bfouksqgs/3ouzdl1tke/jpq+lvo6d8kh803+7e1i9cdfbv64wp6tn/0e/n5cfc8y9j/6gg8gi6jz3mmchvlwftx0epvnptmjaglf86iudjxbzhmjglrv3hmztx3ofv2tkzc2ci3bh/eu56cik/ebfzq9u6bpthfjpleyqpfpqryg3ibxnrjzjna5cdfc7r77t9xq/+yq5oyl1i4psmpwjjviqwysikljfxllzmtlq/widoslkhknu5osdzmgizaav3fh7spvlphwytnecyl5/b/vdykpqjmf7pxanjds/no+dczx2jhgtstv7szn9xuky8v4ufdqoxjvkl36menmfhyxnzc3hjx/ |
| Tags | |
| Stories | APT 15 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.