A Firewall is the most basic security requirement, and these days, pretty much every company has next gen firewalls and other security appliances like IDS / IPS, NAC, Proxy and WAF etc. As we all should know, just buying and installing these appliances doesn’t provide strong security until they are properly designed and configured. Here, I’m going to share what might make you laugh and think, “this can’t happen in our environment”. However, remember where this happened. This was a very well known, big company, with good security systems.
Here is what happened: One of their firewalls was configured in a reverse fashion so that their vendor could access the network remotely and get their work done. Whereas the firewall should protect the inside of the company’s infrastructure from threats in the outside world, it was actually ‘protecting’ the outside world from the company’s internal infrastructure and letting the threats in. The lesson here is that we should always connect the dots and validate security appliance configurations, even when our trusted vendors and employees are working together.
I hope this will help you rule out these types of mistakes and keep your environment safer from cyber threats. I will get back to you soon, with another experience of the unwanted cyber activity, and its root cause. Please stay tuned.