[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Firewall penetrated

Posted on 2006-06-05
7
Medium Priority
?
595 Views
Last Modified: 2013-11-16
I am ignorant in security services. I have a watchguard firebox x500 we just bought.  I have tested all my ports and everything looks closed or in stealth.  I ran GRC's leakage tester and it is telling me that "leak test was not prevented from connecting to the Gibson research web server. You either have no firewall, you have deliberately allowed leak test to connect outbound or leak test has just slipped past your firewall's outbound protection. "  by default all outgoing connections are allowed and enabled on the watchguard http service.  Should I be concerned about this?  what is the appropriate action I should take?
0
Comment
Question by:jettset
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16840026
Have a quick search on Google for a free port scan.
http://www.dslreports.com/scan    this is one I use although you need Java client installed.

This will tell you the ports you have open.

Post the results and we will see if we can help further.
0
 
LVL 12

Assisted Solution

by:srikrishnak
srikrishnak earned 750 total points
ID: 16841952
Quite simple. I dont know whether Steve did it for some great cause or not but I can say this shows the fundamental flaws in many Firewall Systems. Having said that I have to accept this is a part of Human Behaviour also.
Common Analogy:
Firewall is there to protect from intrusion. We have a safe system and we need to firewall to protect it from the bad guys from internet or outerspace ;). But this firewall doesnt care ( normal circumstances) when there is a outgoing connection initiated from the safe system to external world.
This is true with most personal firewalls.

But in your case as you've mentioned that all out going connections are open on HTTP that gives the answer. When you downloaded the program and click on test, then it initiates a connection to outerworld. When this connection reaches the firewall the rulebase/security policy allows it. So the connection reaches the destination Steve website.
Result: "LEAK TEST FAILED". :)

If I am in your shoes I will do a nessus scan from outer world first (With Nessus 3.0 its much more easier). Close the loopholes; Then look in to the requirement of opening all the outgoing connections. Do a detailed study on the requirements and close the policy accordingly.
0
 

Author Comment

by:jettset
ID: 16841994
As I stated all my ports are closed,  I used the shields up program.  I then used GRC's leak tester  (http://www.grc.com/lt/leaktest.htm).  This test is used with an internet connection.  It does state a "personal" firewall tester.  I am not sure that this test is something I should be concerned about.  
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 11

Expert Comment

by:prueconsulting
ID: 16844905
Watchguard by default does not apply access controls to outbound connections and this is why the "leakguard" connection was allowed.
0
 

Author Comment

by:jettset
ID: 16844992
Should I apply outbound restrictions?  If so, I am not exactly sure how this can be done and not impede the domain users ability for web access.  
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 750 total points
ID: 16845247
This was the point of our earlier posts. You 'need' to allow outgoing traffic in the same way as you deliberately open incoming ports for email etc. It is not a concern unless you 'wanted' to block the outgoing ports.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16846537
Thank you Jettset :)
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month18 days, 13 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question