Posted on 2011-04-28
My buddy was supporting a small business network (tree care company). The software application that has been sold to them under the guise of client-server software was actually a desktop application database that has been kept on a shared folder in the server. Application was having performance issues and lockups. So my friend was in the process of reconfiguring network when he got audited. As part of the reconfiguration, filtering on sonic wall firewall was turned off. However, the firewall was still in place and NAT'd (private IP on LAN port / Public IP on WAN port). The auditor who is a related to the software vendor presented the 'finding' (of temporarily turning off the outbound internet traffic filtering) as a 'dire' security threat that is going to bring down this 20 user network/risk business. Unfortunately the owner bought it and my buddy is being relieved of his responsibilities. The application response has improved (possibly after software patch/upgrade by the software vendor who was onsite with the auditor) and everything now is blamed on the firewall configuration. The public WAN IP is not used for email/web/ftp services where the IP reputation is at stake if a rogue machine inside the network acts up.
The question is
(1) Can someone on the public / WAN side (internet) easily traverse the NAT'd firewall and access/control the pc inside the network and risk the business in this situation ?