In honor of Halloween this past weekend, I’d like to highlight some of the threats hiding within our network. If not fixed right away, these nasty little gremlins may come out to play when you least expect them to. Here are a few places to search for these ghouls and some ways to protect yourself from them.
Insecure protocols: One of the most diabolical issues with a firewall ruleset is the presence of insecure protocols. Allowing FTP, SNMP, Telent, etc is just asking for trouble and they should be replaced with more secure updates such as SFTP, SNMPv3, and SSHm to protect the data in transit across your firewall
Unapproved rulesets: Say you have a rule in your firewall that’s going into a very sensitive part of your network on a secure port. From a protocol standpoint this looks fine, but why is it there? If you don’t know you may be creating holes that will allow an attacker to come creeping into your network. Learn what you have in your ruleset and take out that sickle and cut out the rules that aren’t needed.
Egress filtering: Make sure you have egress filtering implemented on your firewalls to stop unwanted traffic from escaping. If certain systems are accessing the internet without reason, it might mean that they’ve been compromised and data is being exhilarated. Determine which systems really need to have internet access and review the firewall logs for any shady characters trying to get past your defenses.
ANY ANY: One of the scariest two words for a firewall admin and security engineer is “ANY ANY”. “ANY ANY” rules allow any system on any port to connect to any of your systems on any port. So hunt through your ruleset to see if ANY rules exist right away, otherwise it’s a portal for cyber ghouls to enter through without obstruction.
Ghouls don’t just attack only on Halloween, so if you have any of these issues in your ruleset you’re at risk. So lets plug these risks in our firewalls and stop any nasty characters from taking advantage of an insecure ruleset.
Receive notifications of new posts by email.