Do you really know what vulnerabilities currently exist in your enterprise firewalls? Your vulnerability scans are coming up clean. Your penetration tests have not revealed anything of significance. Therefore, everything’s in check, right? Not necessarily. In my work performing independent security assessments, I have found over the years that numerous firewall-related vulnerabilities can be present right under your nose. Sometimes they’re blatantly obvious. Other times, not so much.
Here are my top 10 common firewall vulnerabilities that you need to be on the lookout for listed in order of typical significance/priority:
- Password(s) are set to the default which creates every security problem imaginable, including accountability issues when network events occur.
- Anyone on the Internet can access Microsoft SQL Server databases hosted internally which can lead to internal database access, especially when SQL Server has the default credentials (sa/password) or an otherwise weak password.
- Firewall OS software is outdated and no longer supported which can facilitate known exploits including remote code execution and denial of service attacks, and might not look good in the eyes of third-parties if a breach occurs and it’s made known that the system was outdated.
- Anyone on the Internet can access the firewall via unencrypted HTTP connections, as these can be exploited by an outsider who’s on the same network segment such as an open/unencrypted wireless network.
- Anti-spoofing controls are not enabled on the external interface which can facilitate denial of service and related attacks.
- Rules exist without logging which can be especially problematic for critical systems/services.
- Any protocol/service can connect between internal network segments which can lead to internal breaches and compliance violations, especially as it relates to PCI DSS cardholder data environments.
- Anyone on the internal network can access the firewall via unencrypted telnet connections. These connections can be exploited by an internal user (or malware) if ARP poisoning is enabled via a tool such as the free password recovery program Cain & Abel.
- Any type of TCP or UDP service can exit the network which can enable the spreading of malware and spam and lead to acceptable usage and related policy violations.
- Rules exist without any documentation which can create security management issues, especially when firewall admins leave the organization abruptly.
Every security issue – whether confirmed or potential – is subject to your own interpretation and needs. But the odds are good that these firewall vulnerabilities are creating tangible business risks for your organization today.
But the good news is that these security issues are relatively easy to fix. Obviously, you’ll want to think through most of them before “fixing” them as you can quickly create more problems than you’re solving. And you might consider testing these changes on a less critical firewall or, if you’re lucky enough, in a test environment.
Ultimately understanding the true state of your firewall security is not only good for minimizing network risks, it can also be beneficial in terms of documenting your network, tweaking its architecture, and fine-tuning some of your standards, policies, and procedures that involve security hardening, change management, and the like. And the most important step is acknowledging that these firewall vulnerabilities exist in the first place!
Subscribe to Blog
Receive notifications of new posts by email.