Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/cR0w/statuses/111896259819507664">cR0w (cr0w@infosec.exchange)'s status on Friday, 09-Feb-2024 00:52:38 JST</a><a href="https://infosec.exchange/@cR0w" title="cr0w@infosec.exchange"><img src="https://gnusocial.jp/avatar/161036-48-20240111172057.webp" width="48" height="48" alt="cR0w" style="position: absolute; left: 0; top: 0;">cR0w</a></section><article><p>Apropos of _nothing in particular_: Do you monitor or support perimeter SSL VPN portals? Have you tested various forms of successful and unsuccessful logins to see exactly what gets logged in various scenarios? If not, you may be surprised by what the system does not log.</p><p>Especially concerning would be successful authentication that does not get logged unless very specific further actions are taken, indicating that pre-auth AND post-auth RCE vulnerabilities would likely go unnoticed ( even with robust monitoring ) until you were notified by a third-party.</p><p>Good thing these security vendors produce ( er, acquire ) secure code for their security products and this is just a hypothetical thought exercise...</p><p><a href="https://infosec.exchange/tags/Infosec" rel="tag">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" rel="tag">#Cybersecurity</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2693374#notice-5340606">In conversation</a><time datetime="2024-02-09T00:52:38+09:00" title="Friday, 09-Feb-2024 00:52:38 JST">about 10 months ago</time> <span>from <span><a href="https://infosec.exchange/@cR0w/111896259819507664" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@cR0w/111896259819507664">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
cR0w (cr0w@infosec.exchange)'s status on Friday, 09-Feb-2024 00:52:38 JST cR0w
Apropos of _nothing in particular_: Do you monitor or support perimeter SSL VPN portals? Have you tested various forms of successful and unsuccessful logins to see exactly what gets logged in various scenarios? If not, you may be surprised by what the system does not log.
Especially concerning would be successful authentication that does not get logged unless very specific further actions are taken, indicating that pre-auth AND post-auth RCE vulnerabilities would likely go unnoticed ( even with robust monitoring ) until you were notified by a third-party.
Good thing these security vendors produce ( er, acquire ) secure code for their security products and this is just a hypothetical thought exercise...
#Infosec #Cybersecurity
In conversationabout 10 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice