Wat hebben we vandaag geleerd uit de Capture The Flag?

Blog post only available in English

Flag 1: AXS Guard keeps your passwords secure

AXS Guard is the gatekeeper to your secure network. Keeping your sensitive information like login credentials safe is our top priority. 

That we need to work with user login credentials is inevitable. That’s why we follow industry standards to minimize the risks involved in handling/storing credentials

1. Hashing Passwords: 

Where possible AXS Guard doesn’t store passwords but rather an irreversible hash of the actual password. This ensures that even if AXS Guard is compromised, passwords cannot be easily retrieved.

2. Salting:

To discourage attackers from using precomputed tables (rainbow tables) to crack password hashes efficiently, we use a unique salt for each password before hashing.

Salting is the process of adding a unique random text to passwords before the password is hashed, thus extending the original password and obfuscating users with the same password.

3. Encryption:

In some case the AXS Guard needs to store a users password (password replacement, … ) In these cases the passwords are stored using a strong encryption algorithm with a key specific to the current device.

Flag 2: Console tool, there is more than the administration tool

While we try to make all functionality available in the admin tool. Some things can only be done, can be done faster or can be automated via the console tool.

1. Capture traffic using tcpdump

In the screenshot below for example we can see a user trying to connect to google ( but not getting a response back.

This also allows you to save the capture to open it in wireshark or another analysis tool.

2. Download logs for further processing using winscp/scp

By downloading the logs, you can use your favorite editor to search/process/backup the log files as you like.

Flag 3: Secure authentication

The internet is an insecure place. When using/providing services on the internet, make sure to always 

  • Use secure protocols
  • Use safe authentication methods
1. Use secure protocols

Encryption scrambles the data between client and server, making it unreadable to anyone who might intercept it. This is crucial for protecting sensitive information such as login credentials, credit card details, and personal data.

If you are using company services over the internet, make sure they are protected using the latest standards. The advised standards are currently TLS 1.2 and 1.3

If the application you are using does not provide sufficient encryption methods, AXS Guard can help you by shielding them with OpenVPN or a reverse proxy.

2. Use safe authentication methods

Even if you follow all security measures, there is always the possibility your credentials get leaked via phishing, hacks, …

A possible way to stop hackers from using your stolen credentials is by using One Time Passwords or MFA

Flag 4: Automation for hackers is a problem

We wish we could say the internet is becoming a safer place. But modern tools/infrastructure allow attackers to automate things that would have taken weeks/months a few years ago.

Port scanners like Nmap, Unicornscan, Angry IP Scan, … can (with the right infrastructure) do a port scan of the whole internet in minutes. Making it easy to detect (hidden) services.

To make it even worse. As an attacker you don’t even have to do it yourself. If you are willing to spend a little money, you can buy the results from external parties like Shodan, Censys or Rapid7 and get the open ports, the software running behind those ports and even a list of security issues with that software.

So you should never rely on security through obscurity. The best solution is:

  • Limit the number of attack vectors by limiting the number of public facing services.
  • Effective patch management

Flag 5: IPSEC documentation

Keeping software up to date is very important, but using the correct configuration is at the very least as important. Many vulnerabilities are introduced by an incorrect configuration. To mitigate this risk, reading the documentation is very important before installing or using new software.

A good example of this is our IPSEC documentation. While very expansive, it clearly explains what each setting does and how to configure it. After all, the most potent firewall is the human firewall.

Flag 6: Alert dashboard

No matter how hard we try, depending on how you configure your AXS Guard and the type of thread, not all threats can be prevented and/or stopped at the network level. In these cases AXS Guard needs to work together with software running on the endpoint. 

This piece of software running on the client can intervene before any damage is inflicted on the client device.

A typical example is ransomware that gets installed via an infected USB pen drive. There is no way for an UTM to stop the ransomware from starting to encrypt the harddrive of the endpoint. What it can do is minimize the effects and alert on the presence of the ransomware. 

That’s where centralized alerting (where UTM alerts and EDR alerts are combined) provides additional value and action on network and endpoint level can be coordinated.

Able bv, Lode Mertens 1 juli 2024

Overbruggen van de kloof tussen CISO's, securityteams en executives
Bedrijfstop begrijpt cyberbedreigingen niet.