基于智能门锁云端系统渗透测试的防火墙绕过风险探究

Firewall Bypass Risk Exploration Based on Penetration Test of Smart Door Lock Cloud System

随着互联网时代的到来,智能门锁的网络化趋势越来越明显。目前,蓝牙识别技术和Wi-Fi技术是网络智能门锁中应用最广泛的技术。网络智能门锁主要是指遵循Wi-Fi通信协议,利用手机软件客户端等方式,通过远程云端认证来控制智能门锁的开启和关闭。云端认证方式带来便利的过程中也带来了网络风险,可以使用渗透测试发现其中的漏洞与风险。渗透测试是指通过模仿黑客入侵对计算机网络进行安全评估的方法。安全人员可以通过两种方式进行渗透测试:内部渗透测试和外部渗透测试。本文的重点是在外部网络渗透测试的信息收集阶段绕过智能门锁云端防火墙,获取隐藏在防火墙后面的敏感端口信息,并为外部网络渗透测试的攻击和执行阶段奠定良好的基础。最后本文给出针对防火墙绕过风险的防御方法和建议。

With the advent of the Internet era,the network trend of intelligent door locks is becoming more and more obvious.At present,the most widely used technologies in network intelligent door locks are Bluetooth identification technology and Wi-Fi technology.Network smart door lock mainly refers to following the Wi-Fi communication protocol,using mobile phone software client and other ways,through the remote cloud authentication to control the opening and closing of the smart door lock.Cloud authentication brings convenience but also brings network risks,which can be found by penetration testing.Penetration testing is a method to evaluate the security of a computer network by imitating a hacker intrusion.Security personnel can conduct penetration testing in two ways:internal penetration testing and external penetration testing.The focus of this paper is to bypass the smart door lock cloud firewall in the information collection stage of the external network penetration test,obtain the sensitive port information hidden behind the firewall,and lay a good foundation for the attack and execution stage of the external network penetration test.Finally,this paper gives the firewall bypass risk prevention methods and suggestions.