![]() Firewall: Information about the firewall software deployed and its status.Patch Management: Information about any patch management software installed on the machine.General: Information about the host itself such as hostname, logon domain, OS etc….Global Protect can collect the following information: The VPN client then collects host information once the user has successfully signed in on the VPN gateway and an update is sent on a regular basis to ensure the computer is still compliant with the company’s security policy. For example, a computer that does not comply with the company’s security policy could be restricted to only access a web application exposed in the internal network but not access any other internal resource. This type of access control can be tuned, and administrators can simply reject any non-compliant devices as well as limit the protocols allowed for the device. ![]() This host information policy allows the server to verify that the user computer is compliant with the company’s security policy before allowing access to the company’s internal network. Global Protect VPN, as several other business VPN, allows administrators to define a host information policy. However, all connections were filtered, and it was not possible to even reach the domain controller as it had initially been hinted by the clients. The domain credentials worked, and the VPN tunnel was successfully mounted. The VPN initialized a connection with the VPN portal exposed on Internet and a Microsoft authentication is triggered: Once the client is installed on the computer, a connection is initialized. The VPN tested was the Palo Alto GlobalProtect solution, and the VPN client can be easily downloaded on Internet. With access to the computer, the first thing we tried was to extract the VPN client binary and use it on the attack computer.
0 Comments
Leave a Reply. |