Firewall penetrated

I am ignorant in security services. I have a watchguard firebox x500 we just bought.  I have tested all my ports and everything looks closed or in stealth.  I ran GRC's leakage tester and it is telling me that "leak test was not prevented from connecting to the Gibson research web server. You either have no firewall, you have deliberately allowed leak test to connect outbound or leak test has just slipped past your firewall's outbound protection. "  by default all outgoing connections are allowed and enabled on the watchguard http service.  Should I be concerned about this?  what is the appropriate action I should take?
jettsetAsked:
Who is Participating?
 
Keith AlabasterEnterprise ArchitectCommented:
This was the point of our earlier posts. You 'need' to allow outgoing traffic in the same way as you deliberately open incoming ports for email etc. It is not a concern unless you 'wanted' to block the outgoing ports.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Have a quick search on Google for a free port scan.
http://www.dslreports.com/scan    this is one I use although you need Java client installed.

This will tell you the ports you have open.

Post the results and we will see if we can help further.
0
 
srikrishnakCommented:
Quite simple. I dont know whether Steve did it for some great cause or not but I can say this shows the fundamental flaws in many Firewall Systems. Having said that I have to accept this is a part of Human Behaviour also.
Common Analogy:
Firewall is there to protect from intrusion. We have a safe system and we need to firewall to protect it from the bad guys from internet or outerspace ;). But this firewall doesnt care ( normal circumstances) when there is a outgoing connection initiated from the safe system to external world.
This is true with most personal firewalls.

But in your case as you've mentioned that all out going connections are open on HTTP that gives the answer. When you downloaded the program and click on test, then it initiates a connection to outerworld. When this connection reaches the firewall the rulebase/security policy allows it. So the connection reaches the destination Steve website.
Result: "LEAK TEST FAILED". :)

If I am in your shoes I will do a nessus scan from outer world first (With Nessus 3.0 its much more easier). Close the loopholes; Then look in to the requirement of opening all the outgoing connections. Do a detailed study on the requirements and close the policy accordingly.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
jettsetAuthor Commented:
As I stated all my ports are closed,  I used the shields up program.  I then used GRC's leak tester  (http://www.grc.com/lt/leaktest.htm).  This test is used with an internet connection.  It does state a "personal" firewall tester.  I am not sure that this test is something I should be concerned about.  
0
 
prueconsultingCommented:
Watchguard by default does not apply access controls to outbound connections and this is why the "leakguard" connection was allowed.
0
 
jettsetAuthor Commented:
Should I apply outbound restrictions?  If so, I am not exactly sure how this can be done and not impede the domain users ability for web access.  
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thank you Jettset :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.