Firewall question

My buddy was supporting a small business network (tree care company).  The software application that has been sold to them under the guise of client-server software was actually a desktop application database that has been kept on a shared folder in the server.  Application was having performance issues and lockups.  So my friend was in the process of reconfiguring network when he got audited.  As part of the reconfiguration, filtering on sonic wall firewall was turned off.  However, the firewall was still in place and NAT'd (private IP on LAN port / Public IP on WAN port).  The auditor who is a related to the software vendor presented the 'finding' (of temporarily turning off the outbound internet traffic filtering) as a 'dire' security threat that is going to bring down this 20 user network/risk business.  Unfortunately the owner bought it and my buddy is being relieved of his responsibilities.  The application response has improved (possibly after software patch/upgrade by the software vendor who was onsite with the auditor) and everything now is blamed on the firewall configuration.  The public WAN IP is not used for email/web/ftp services where the IP reputation is at stake if a rogue machine inside the network acts up.

The question is
(1) Can someone on the public / WAN side  (internet) easily traverse the NAT'd firewall and access/control the pc inside the network and risk the business in this situation ?


Who is Participating?
Chris DentPowerShell DeveloperCommented:
Outbound filtering only?

Source-NAT, which I assume is many-to-one (lots of internal clients, one external IP) is really not very easy to exploit from outside (not impossible, far from it, but not easy). You can't simply make up an attack from outside and start probing ports, you'd have to hijack an existing outbound session (stored in the session table on the firewall).

All Outbound filtering does is limit the number of things an outbound request can connect to. A very good thing, but likely to destroy a business if it's not in place? I doubt it.

I can't help but think the auditor is scaremongering. But I don't know the business, or the traffic profiles, maybe opening up outbound access really does constitute a significant threat.

I'm not terribly familiar with Sonicwall firewalls so I'm not sure what the 'filtering' setting does, but just answering as a general firewall it is not 'easy'.  NAT is certainly not the best security measure but it is very good at hiding private IP identities in the world.  Most breaches are due to holes or ports being left open in a firewall configuration and a hacker finding it with a port scan.  

As long as access-lists are configured very tightly to only allow the absolutely necessary traffic to flow through the firewall breaches are unlikely.  Certainly NAT wouldn't be considered a security hole.
Justin OwensITIL Problem ManagerCommented:
Can it be done?  Yes, absolutely anything can be done with enough time, skill, money, and desire.  Like gbakies suggests though, it would not be ultra easy, then again, it would not be ultra hard, either.  Turning off filtering on your firewall is just a bad idea.  

Unless your friend has a vested interest, though, my advise to him would be to walk away and not worry about it.  I took "relieved of his responsibilities" as being fired.  If that is not the case, then the next step would be to do some research about firewall and security and present a well documented "case" for putting firewall filtering back in place.

patp22Author Commented:
Thanks gbakies/DrUltima

Yes only outbound filtering was turned off.
Sonicwall TZ 210  had all inbound ports closed except for Terminal Services.  The application running on the terminal services is a Tree Care Order Entry program.  Total users 15.  No financial / personal social security/ health or other privacy sensitive data is being stored.  The static ip address is also unpublished and do not show as belonging to the company

I do think that the auditor was scaremongering

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.