Microsoft Security Bulletin MS17-010 - Critical

Security Update for Microsoft Windows SMB Server (4013389)

Published: March 14, 2017

Version: 1.0

On this page

• Executive Summary
• Affected Software and Vulnerability Severity Ratings
• Vulnerability Information
• Security Update Deployment
• Acknowledgments
• Disclaimer
• Revisions

Executive Summary

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software and Vulnerability Severity Ratings section.

The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests.

For more information about the vulnerabilities, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 4013389.

Affected Software and Vulnerability Severity Ratings

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the March bulletin summary.

Note Please see the Security Update Guide for a new approach to consuming the security update information. You can customize your views and create affected software spreadsheets, as well as download data via a restful API. For more information, please see the Security Updates Guide FAQ. As a reminder, the Security Updates Guide will be replacing security bulletins. Please see our blog post, Furthering our commitment to security updates, for more details.

Operating System	Windows SMB Remote Code Execution Vulnerability – CVE-2017-0143	Windows SMB Remote Code Execution Vulnerability – CVE-2017-0144	Windows SMB Remote Code Execution Vulnerability – CVE-2017-0145	Windows SMB Remote Code Execution Vulnerability – CVE-2017-0146	Windows SMB Information Disclosure Vulnerability – CVE-2017-0147	Windows SMB Remote Code Execution Vulnerability – CVE-2017-0148	Updates Replaced
Windows Vista
Windows Vista Service Pack 2 (4012598)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3177186 in MS16-114
Windows Vista x64 Edition Service Pack 2 (4012598)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3177186 in MS16-114
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2 (4012598)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3177186 in MS16-114
Windows Server 2008 for x64-based Systems Service Pack 2 (4012598)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3177186 in MS16-114
Windows Server 2008 for Itanium-based Systems Service Pack 2 (4012598)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3177186 in MS16-114
Windows 7
Windows 7 for 32-bit Systems Service Pack 1 (4012212) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows 7 for 32-bit Systems Service Pack 1 (4012215) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3212646
Windows 7 for x64-based Systems Service Pack 1 (4012212) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows 7 for x64-based Systems Service Pack 1 (4012215) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3212646
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (4012212) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (4012215) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3212646
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (4012212) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (4012215) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3212646
Windows 8.1
Windows 8.1 for 32-bit Systems (4012213) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows 8.1 for 32-bit Systems (4012216) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3205401
Windows 8.1 for x64-based Systems (4012213) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows 8.1 for x64-based Systems (4012216) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3205401
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 (4012214) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows Server 2012 (4012217) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3205409
Windows Server 2012 R2 (4012213) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows Server 2012 R2 (4012216) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3205401
Windows RT 8.1
Windows RT 8.1[2] (4012216) Monthly Rollup	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3205401
Windows 10
Windows 10 for 32-bit Systems [3] (4012606)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3210720
Windows 10 for x64-based Systems [3] (4012606)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3210720
Windows 10 Version 1511 for 32-bit Systems [3] (4013198)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3210721
Windows 10 Version 1511 for x64-based Systems [3] (4013198)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3210721
Windows 10 Version 1607 for 32-bit Systems [3] (4013429)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3213986
Windows 10 Version 1607 for x64-based Systems [3] (4013429)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3213986
Windows Server 2016
Windows Server 2016 for x64-based Systems [3] (4013429)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3213986
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (4012598)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3177186 in MS16-114
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (4012598)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3177186 in MS16-114
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (4012212) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (4012215) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3212646
Windows Server 2012 (Server Core installation) (4012214) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows Server 2012 (Server Core installation) (4012217) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3205409
Windows Server 2012 R2 (Server Core installation) (4012213) Security Only[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	None
Windows Server 2012 R2 (Server Core installation) (4012216) Monthly Rollup[1]	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3205401
Windows Server 2016 for x64-based Systems [3](Server Core installation) (4013429)	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Critical Remote Code Execution	Important Information Disclosure	Critical Remote Code Execution	3213986

[1]Beginning with the October 2016 release, Microsoft has changed the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this Microsoft TechNet article.

[2]This update is only available via Windows Update.

[3] Windows 10 and Windows Server 2016 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. Please note that effective December 13, 2016, Windows 10 and Windows Server 2016 details for the Cumulative Updates will be documented in Release Notes. Please refer to the Release Notes for OS Build numbers, Known Issues, and affected file list information.

*The Updates Replaced column shows only the latest update in any chain of superseded updates. For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is provided on the Package Details tab).

Vulnerability Information

Multiple Windows SMB Remote Code Execution Vulnerabilities

Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.

To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.

The security update addresses the vulnerabilities by correcting how SMBv1 handles these specially crafted requests.

The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title	CVE number	Publicly disclosed	Exploited
Windows SMB Remote Code Execution Vulnerability	CVE-2017-0143	No	No
Windows SMB Remote Code Execution Vulnerability	CVE-2017-0144	No	No
Windows SMB Remote Code Execution Vulnerability	CVE-2017-0145	No	No
Windows SMB Remote Code Execution Vulnerability	CVE-2017-0146	No	No
Windows SMB Remote Code Execution Vulnerability	CVE-2017-0148	No	No

Mitigating Factors

Microsoft has not identified any mitigating factors for these vulnerabilities.

Workarounds

The following workarounds may be helpful in your situation:

• Disable SMBv1
  For customers running Windows Vista and later
  See Microsoft Knowledge Base Article 2696547.
  Alternative method for customers running Windows 8.1 or Windows Server 2012 R2 and later
  For client operating systems:
  1. Open Control Panel, click Programs, and then click Turn Windows features on or off.
  2. In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.
  3. Restart the system.
      
  For server operating systems:
  1. Open Server Manager and then click the Manage menu and select Remove Roles and Features.
  2. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.
  3. Restart the system.
      
  Impact of workaround. The SMBv1 protocol will be disabled on the target system.
  How to undo the workaround. Retrace the workaround steps, and select the SMB1.0/CIFS File Sharing Support check box to restore the SMB1.0/CIFS File Sharing Support feature to an active state.

Windows SMB Information Disclosure Vulnerability – CVE-2017-0147

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server.

To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.

The security update addresses the vulnerability by correcting how SMBv1 handles these specially crafted requests.

The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title	CVE number	Publicly disclosed	Exploited
Windows SMB Information Disclosure Vulnerability	CVE-2017-0147	No	No

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

The following workarounds may be helpful in your situation:

• Disable SMBv1
  For customers running Windows Vista and later
  See Microsoft Knowledge Base Article 2696547.
  Alternative method for customers running Windows 8.1 or Windows Server 2012 R2 and later
  For client operating systems:
  1. Open Control Panel, click Programs, and then click Turn Windows features on or off.
  2. In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.
  3. Restart the system.
      
  For server operating systems:
  1. Open Server Manager and then click the Manage menu and select Remove Roles and Features.
  2. In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.
  3. Restart the system.
      
  Impact of workaround. The SMBv1 protocol will be disabled on the target system.
  How to undo the workaround. Retrace the workaround steps, and select the SMB1.0/CIFS File Sharing Support check box to restore the SMB1.0/CIFS File Sharing Support feature to an active state.

Security Update Deployment

For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.

Acknowledgments

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

• V1.0 (March 14, 2017): Bulletin published.

Videos

Descrição: Corrida 4 Estações Primavera – Condeixa 2017
By Rui Melo
Pinned to Videos on Pinterest
Fonte: http://ift.tt/2pOSjOh

Corrida 4 Estações Primavera – Condeixa 2017

PFSENSE : DMZ

INTRODUÇÃO

DMZ é uma área onde os servidores ficam isolados com acesso a internet, separando assim os servidores que precisam de acesso a internet e os que não precisam, que rodam somente local. Assim poderemos isolar o problema colocando servidores, como de e-mail, na DMZ. 

DMZ é uma abreviação para "demilitarized zone", o que diz "que é uma área sem segurança". Porque dizer isso!? Bem, como o próprio nome já sugere, ela fica "sem segurança" porque tem o acesso direto à internet. Então vamos adicionar uma camada de segurança para que os servidores que rodam em nossa LAN só usem internet se necessário, deixando apenas os servidores que precisam de acesso externo na DMZ. 

Em nosso projeto teremos a comunicação da LAN com a DMZ, da DMZ com a LAN e DMZ e LAN fazendo a comunicação com a internet, passando pelo nosso firewall. 

UM POUCO DO NOSSO PROJETO

A intenção do nosso projeto na verdade é proteger os servidores, mas deixá-los com acesso a internet, tanto na DMZ quanto na LAN. Vamos simular uma rede interna que é dividida em LAN e DMZ, então seguindo esse raciocínio precisamos entender que a DMZ faz comunicação tanto com a internet como com a LAN e a LAN faz o mesmo, se comunica com a DMZ e com a internet. 

Para a LAN vamos disponibilizar a faixa de rede 10.50.60.0/24. Para a DMZ vamos colocar outra faixa, até mesmo pela questão da segurança, vamos usar 192.168.4.0/24. Suponho que você também já tenha uma LAN com acesso a internet, pois a intenção desse artigo, na verdade, é que você entenda o que é uma DMZ e implante utilizando o PFSense. 

Vamos utilizar o PFSense para criar a DMZ. O PFSense é um ótimo firewall, robusto e funcional, que roda em plataforma BSD, para ser mais exato, ele roda no FreeBSD. Existem vários tutoriais espalhados pela internet, até mesmo no Youtube, de como instalar essa maravilhosa ferramenta. 

Espero que todos entendam que o conceito de DMZ é que o que está na LAN, só tenha acesso a internet, em último caso, mas neste tutorial ensinarei como deixar tanto a LAN como a DMZ com acesso a internet, então fica a critério de cada um alterar as regras e adaptar as suas necessidades. 

Infelizmente não ensinarei como instalar o PFSense, isso ficará como dever de casa para vocês. :) 

Bem, agora que entendemos como nossa rede vai funcionar, vou deixar um pouco mais claro, com o diagrama, feito no software DIA (que pode ser baixado no Debian/Ubuntu com um simples "apt-get install dia"):

Nossa LAN passa pelo firewall para poder acessar internet e também passa por ele para acessar a DMZ. A DMZ segue o mesmo esquema, ela precisa passar pelo firewall tanto para acessar a LAN como a internet. Isso será configurado mais a frente, nas regras (opção Rules) do PFSense. 

Então, na parte física, o que precisamos!? Precisamos de três placas de rede. Uma para ligar a DMZ, uma para ligar a LAN e uma para receber a WAN (internet). 

CRIANDO / EDITANDO A INTERFACE "DMZ" E CRIANDO AS REGRAS

CRIANDO E EDITANDO A INTERFACE "DMZ"

Para criar a DMZ vamos criar uma nova interface, com o nome DMZ. Para isso, clique em "assign" dentro do menu INTERFACES, então clique no sinal de mais ("+") para adicionar uma nova interface, com o nome de DMZ, para então editá-la, adicione dessa maneira:

Agora que já adicionamos a placa de rede, vamos editá-la, definindo nome e o IP. Note que ela apareceu em INTERFACES, provavelmente com um nome do tipo "OPT1", então clique nela (caso não tenha aparecido, atualize a página com um simples F5), marque a opção "Enable Optional 2 interface" no começo da página, em Description, defina "DMZ", em Type provavelmente já deve estar como "Static", se não estiver, marque como static. 

Nas opções de "IP configuration" mais abaixo, teremos as opções:

• Bridge with -> Deixe como "none"
• IP address -> Defina o IP que será o default do gateway 192.168.4.1 e selecione a máscara de rede
• Gateway -> Não tem necessidade de colocar nada, então deixe em branco.

Agora clique em "Save". 

CRIANDO AS REGRAS

No menu Firewall, clique em "Rules", então você vai enxergar a aba "DMZ", clique nela para criarmos as regras. Bem, clique no sinal de "+" para adicionar as regras. Uma coisa importante a se observar, é que o PFSense trabalha como o Iptablesna questão de adicionar as regras. 

No Iptables a opção -A é utilizada para adicionar uma regra ao final de todas as outras, e a opção -I adiciona uma regra no topo, antes de todas as outras, sabendo que as regras são executadas em ordem, primeira, segunda, terceira... 

Se eu tenho uma primeira regra, que bloqueia tudo, e uma segunda que libera tudo, "tudo" ficará bloqueado. O PFSense trabalha com a mesma lógica, então vamos adicionar as regras nessa ordem:

1. LAN -> DMZ
2. DMZ -> LAN
3. DMZ -> !LAN

Aqui vamos inverter, olhe a descrição da opção: 

"Use this option to invert the sense of the match" 

Ao final nossas regras para DMZ ficarão dessa maneira:

Bem, vamos incluir o acesso de origem da LAN para DMZ, liberando tudo. 

Obs.: Bem, aqui eu estou liberando todas as portas e todos os protocolos, mas cabe a você definir o que realmente é necessário liberar.

Note que na maioria das modificações feitas no PFSense ele pede para você confirmar ou aplicar, aparecerá uma caixa vermelha que tem um botão dizendo "Apply Changes" como essa:

Vamos incluir a segunda regra, lembrando da ordem. Já que isso é importante, coloque essa regra na SEGUNDA posição, utilizando o botão "+" de baixo, na parte esquerda do PFSense:

Agora vamos definir a última regra, a regra de inversão para que a DMZ tenha acesso a internet:

Bem, lembre da questão de "APLICAR" toda modificação, cada regra que foi incluída, você terá que aplicar clicando no botão "Apply Change" na parte superior, que irá aparecer, senão a regra não será inclusa. 

Agora vamos adicionar duas regras para a nossa LAN (suponho que na LAN você já tenha acesso para internet, então vamos fazer apenas a comunicação dela com a DMZ). Sabendo que as regras da DMZ já permitem a comunicação da DMZ para LAN, mas por enquanto não é comunicação da LAN para DMZ, vamos fazer isso agora, altere da aba DMZ para a aba LAN, e faça essa configuração:

Então, com a primeira regra adicionada, vamos adicionar a segunda:

Já temos nossa DMZ montada e fazendo a comunicação com a internet e com a LAN. 

CONCLUSÃO

Bem, agora podemos dizer que temos uma rede um pouco mais segura". Sabemos que a segurança de uma rede nunca está 100% porque todos os dias "hackers" desenvolvem novas técnicas para burlar nossos meios de proteção, de "segurança". 

Então é por isso que a cada dia temos que buscar novos métodos para a proteção da rede. 

PFsense e snort

Bem, então, após a instalação concluída e tendo seu PFSense devidamente configurado, vamos aprender a habilitar o Snort nele! 

ACESSANDO E INSTALANDO OS PACKAGES

Bem, no menu "SYSTEM" escolha a opção "PACKAGES" (System > Packages), então você verá os pacotes disponíveis para download e instalação, entre eles, na versão 1.2.2 do PFSense, temos o Snort e o Snort-DEV, observe na imagem:

Clique no botão ao lado, com um sinal de mais "+", para instalar o Snort. 

Uma observação importante é que vamos instalar o "snort" e não o "snort-dev". 

Note também que na descrição do snort-dev temos um "WARNING", isso não é bom... o snort-dev ainda é um pacote instável com vários BUGS, então não vamos instalar ele, que é apenas um complemento. 

Após clicar no botão "+" ao lado da descrição, o software Snort será instalado e você estará numa tela desse tipo:

Ele irá instalar algumas dependências e o MySQL, aguarde até aparecer a mensagem: 

"Installation completed. Please check to make sure that the package is configured from the respective menu then start the package." 

SETTINGS, CATEGORIES E RULES

OPÇÃO SETTINGS

Agora clique em qualquer outro menu que a página será atualizada e você verá no menu "SERVICES" a opção "Snort", ou seja, a instalação obteve sucesso! 

Clique na opção "snort" do menu "services" e você irá visualizar essa tela:

Preste atenção nas opções e marque as que você utilizará na aba "Settings". 

Opções interessantes nessa aba são:

• Block offenders - Irá bloquear os "ofensores" que forem pegos e são exibidos na aba "ALERTS";
• Update rules automatically - Irá realizar atualizações automáticas das regras do Snort.

Antes de configurarmos as regras por modo visual, vamos baixar as regras do site e colocar no servidor! 

O diretório usado pelo PFSense no BSD foi: /usr/local/etc/snort/ 

Faça o download das regras no site do Snort, copie o arquivo para o diretório citado a cima e agora descompacte usando: 

# mkdir /usr/local/etc/snort/regras
# cp snortrules-snapshot-CURRENT.tar.gz /usr/local/etc/snort/regras
# cd /usr/local/etc/snort
# rm -rf rules
# cd regras
# tar -zxvf snortrules-snapshot-CURRENT.tar.gz
# cp rules ../ 

OPÇÃO CATEGORIES E RULES

Então vamos para "Categories" selecionar as regras que queremos utilizar! 

Para testar, vamos marcar icmp.rules e scan.rules:

Clique em "SAVE". 

Agora vamos editar as RULES(Regras). Não iremos alterar nada em icmp.rules porque todas as regras já são bem definidas, porém vamos alterar as regras de scan, ou melhor, apenas habilitá-las. Em Category selecione scan.rules e clique na aba RULES:

Vamos habilitar as duas opções da regra scan.rules, que tem a seguinte mensagem:

• SCAN synscan portscan
• SCAN nmap XMAS

Basta observar a coluna MESSAGE, clique na primeira (SCAN synscan portscan), então clique no botão ao lado com um "E" e você irá para essa tela:

Em "ENABLED", dê um clique para habilitar essa regra e depois clique em SAVE. No no topo da página aparecerá essa mensagem: 

The Snort rule configuration has been changed. You must apply the changes in order for them to take effect. 

Ao lado terá um botão "Apply Changes", clique nele para aplicar realmente a regra editada (habilitada). 

Faça o mesmo em "SCAN nmap XMAS" para habilitá-la também. 

MONITORANDO E VERIFICANDO ERROS

Bem, agora vamos esperar e aguardar olhando no log, na aba "Alerts". No meu caso já detectei uma atividade suspeita, de acordo com minhas regras editadas:

Caso você queira limpar o log, clique no botão "Clear log". 

Bem, agora sabemos que tudo está rodando certo! Ou não!? 

Para ter certeza, vamos fazer o seguinte. Rode o snort com um simples: 

# /usr/local/etc/rc.d/snort.sh 

Caso dê algum erro do tipo: 

snort[12994]: FATAL ERROR: Dynamic detection lib /usr/local/lib/snort/dynamicrules//lib_sfdynamic_example_rule.so 1.0 isn't compatible with the current dynamic engine library /usr/local/lib/snort/dynamicengine/libsf_engine.so 1.10. The dynamic detection lib is compiled with an older version of the dynamic engine. 

Apenas remova essa lib usando: 

# rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so 

Em caso de outro erro relacionado ao diretório "dynamicengine", este é causado porque no arquivo de configuração do Snort, o "snort.conf", diz que um dos diretórios das libs é o /usr/local/lib/snort/dynamicengine/, porém lá no arquivo temos: 

/usr/local/lib/snort_dynamicengine/ 

Então ajuste isso de maneira simples, apagando o "_" (underline) e colocando "/" (barra). 

Até a próxima. :) 

Fonte https://www.vivaolinux.com.br/

pfSense 2.3.4 RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3.4!

This is a maintenance release in the 2.3.x series, bringing stability and bug fixes, fixes for a few security issues, and a handful of new features. The full list of changes is on the 2.3.4 New Features and Changes page, including a list of FreeBSD and internal security advisories addressed by this release.

This release includes fixes for 24 bugs and 11 Features.

Read on for more details. May the 4th be with you.

Dashboard Updates

On the 2.3.4-RELEASE Dashboard you’ll find a few additional pieces of information: The BIOS vendor, version, and release date – if the firewall can determine them – and a Netgate Unique ID. The Netgate Unique ID is similar to a serial number, it is used to uniquely identify an instance of pfSense software for customers who want to purchase support services. For hardware sold in our store, it also allows us to tie units to our manufacturing records. This ID is consistent across all platforms (bare metal, virtual machines, and hosted/cloud instances such as AWS/Azure). We had originally intended to use the hardware serial number or the UUID generated by the operating system, but we found that these were unreliable, inconsistent, and they could change unexpectedly when the operating system was reinstalled.

As with the serial number, this identifier is only displayed on the Dashboard for information purposes and is not transmitted anywhere automatically by default. In the future, customers can use this identifier when requesting support information from our staff or systems.

If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

Firewall GUI Certificates

Users of Chrome 58 and later, and in some cases Firefox 48 and later, may have issues accessing the pfSense Web GUI if it uses a default self-signed certificate generated automatically by a firewall running pfSense version 2.3.3-p1 or earlier. This is because Chrome 58 strictly enforces RFC 2818 which calls for only matching hostnames using Subject Alternative Name (SAN) entries rather than the Common Name field of a certificate, and the default self-signed certificate did not populate the SAN field.

We have corrected the certificate code to correctly follow RFC 2818 in a user-friendly way by automatically adding the certificate Common Name value as the first SAN entry.

Firewall administrators will need to generate a new certificate for use by the GUI in order to utilize the new format. There are several ways to generate a compatible certificate, including:

• Generate and activate a new GUI certificate automatically from the console or ssh shell using one of our playback scripts:

  pfSsh.php playback generateguicert
  

• Utilize the ACME package to generate a trusted certificate for the GUI via Let’s Encrypt, which is already properly formatted.
• Manually create a new self-signed Certificate Authority (CA) and a Server Certificate signed by that CA, then use that for the GUI.
• Activate the local browser “EnableCommonNameFallbackForLocalAnchors” option in Chrome 58. This setting will be removed by Chrome eventually, so this is only a temporary fix.

Some users may remember this is not the first time that the default certificate format has been problematic due to browser changes. Several years ago, Firefox changed the way they calculate certificate trust chains, which could make a browser appear to freeze or hang when attempting to access multiple firewalls with self-signed certificates containing common default data which resulted in all such certificates containing the same Subject. Fixing that was more of a challenge, but it resulted in a much better end-user experience.

Upgrade Considerations

As always, you can upgrade from any prior version directly to 2.3.4. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.

KNOWN REGRESSIONS

While, nearly all of the common regressions between 2.2.6 and 2.3-RELEASE have been fixed in subsequent releases, the following still exist:

• IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
• IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it. This has been fixed on our 2.4 development branch.
• Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223

PACKAGES

Compared to pfSense 2.2.x, the list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.

pfSense software is Open Source

For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on Github:

Main repository - the web GUI, back end configuration code, and build tools.
FreeBSD source - the source code, with patches of the FreeBSD 10.3 base.
FreeBSD ports - the FreeBSD ports used.

Download

Downloads are available on the mirrors as usual.

Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.

Supporting the Project

Our efforts are made possible by the support our customers and the community. You can support our efforts via one or more of the following.

• Official appliances, apparel and pre-loaded USB sticks direct from the source. Our appliances are the fast, easy way to get up and running with a fully-optimized system.
• Gold subscription – Immediate access to past hang out recordings as well as the latest version of the book after logging in to the members area.
• Commercial Support – Purchasing support from us provides you with direct access to the pfSense team.
• Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.

Videos

Descrição: XII Cross de Montanha JOBRA XIV Taça de Montanha de Portugal
By Rui Melo
Pinned to Videos on Pinterest
Fonte: http://ift.tt/2qFIzr3

XII Cross de Montanha JOBRA XIV Taça de Montanha de Portugal

Conhece o Testamento Vital?

Conhece o Testamento Vital?

É um documento feito por sua iniciativa, no qual pode inscrever os cuidados de saúde que pretende receber, ou não, numa situação clínica específica, em que não será possível expressar, autonomamente, a sua vontade. Permite, também, nomear um Procurador de Cuidados de Saúde.

É um direito em vida que pode e deve ser exercido por cada um de nós!

Para o Testamento Vital ficar ativo, deve preencher o formulário da Diretiva Antecipada de Vontade (DAV). Pode aceder à Área do Cidadão www.sns.gov.pt/cidadao, descarregar o modelo da DAV e preencher o formulário.

De seguida, e para efetuar o registo, deve entregar a DAV na sede do Agrupamento de Centros de Saúde (ACES) ou na Unidade Local de Saúde (ULS) da sua área de residência. Pode, também, entregar num dos balcões RENTEV (Registo Nacional do Testamento Vital) do país.

Aceda aqui à Lista Nacional de Balcões RENTEV.

Consulte na sua Área do Cidadão os acessos feitos pelos médicos e verifique se o seu Testamento Vital está correto, ativo e dentro do prazo. Poderá alterar ou revogá-lo a qualquer momento.

O médico assistente pode consultar o seu Testamento Vital, através do Portal do Profissional, garantindo que a sua vontade será cumprida.

Exerça este direito! Não deixe que decidam por si, quando a liberdade de escolha é sua!

Fonte Serviços Partilhados do Ministério da Saúde