Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: The bad guys are in the house

J.F. Rice | Sept. 21, 2011
Last Friday, as I was tying up loose ends at the office, preparing to wind down in anticipation of the weekend, I made a terrifying discovery.

The firewall was configured with several ip-any-any rules. That means, for several computers on our internal network, any computer on the Internet could connect using any protocol - in other words, the firewall was wide open for about 16 computers on my company's network. With an ip-any-any rule, you essentially have no firewall at all, because it's allowing all the same traffic you would get from directly connecting a network cable.

If you're familiar with firewalls, you probably know the sensation of horror I felt. If not, I'm not sure I can really describe it -- but it's basically my worst nightmare. My network had a huge hole that hostile attackers were exploiting. It was like emptying out a cupboard in your kitchen and finding a hole in the wall that nasty critters were using to get at your food.

I sent the network admin off to close the firewall holes and initiated an audit of configurations on all our firewalls. Naturally, I had been auditing our firewall configurations on a regular basis, but with my lack of staffing and resources, I hadn't been able to do it very often. And these changes appear to have been fairly recent.

I think there are a lot of lessons to be learned from this experience, not the least of which is "trust nobody."



Previous Page  1  2 

Sign up for Computerworld eNewsletters.