Firewall question
Hello,
My buddy was supporting a small business network (tree care company). The software application that has been sold to them under the guise of client-server software was actually a desktop application database that has been kept on a shared folder in the server. Application was having performance issues and lockups. So my friend was in the process of reconfiguring network when he got audited. As part of the reconfiguration, filtering on sonic wall firewall was turned off. However, the firewall was still in place and NAT'd (private IP on LAN port / Public IP on WAN port). The auditor who is a related to the software vendor presented the 'finding' (of temporarily turning off the outbound internet traffic filtering) as a 'dire' security threat that is going to bring down this 20 user network/risk business. Unfortunately the owner bought it and my buddy is being relieved of his responsibilities. The application response has improved (possibly after software patch/upgrade by the software vendor who was onsite with the auditor) and everything now is blamed on the firewall configuration. The public WAN IP is not used for email/web/ftp services where the IP reputation is at stake if a rogue machine inside the network acts up.
The question is
(1) Can someone on the public / WAN side (internet) easily traverse the NAT'd firewall and access/control the pc inside the network and risk the business in this situation ?
Thanks
Pat
My buddy was supporting a small business network (tree care company). The software application that has been sold to them under the guise of client-server software was actually a desktop application database that has been kept on a shared folder in the server. Application was having performance issues and lockups. So my friend was in the process of reconfiguring network when he got audited. As part of the reconfiguration, filtering on sonic wall firewall was turned off. However, the firewall was still in place and NAT'd (private IP on LAN port / Public IP on WAN port). The auditor who is a related to the software vendor presented the 'finding' (of temporarily turning off the outbound internet traffic filtering) as a 'dire' security threat that is going to bring down this 20 user network/risk business. Unfortunately the owner bought it and my buddy is being relieved of his responsibilities. The application response has improved (possibly after software patch/upgrade by the software vendor who was onsite with the auditor) and everything now is blamed on the firewall configuration. The public WAN IP is not used for email/web/ftp services where the IP reputation is at stake if a rogue machine inside the network acts up.
The question is
(1) Can someone on the public / WAN side (internet) easily traverse the NAT'd firewall and access/control the pc inside the network and risk the business in this situation ?
Thanks
Pat
Can it be done? Yes, absolutely anything can be done with enough time, skill, money, and desire. Like gbakies suggests though, it would not be ultra easy, then again, it would not be ultra hard, either. Turning off filtering on your firewall is just a bad idea.
Unless your friend has a vested interest, though, my advise to him would be to walk away and not worry about it. I took "relieved of his responsibilities" as being fired. If that is not the case, then the next step would be to do some research about firewall and security and present a well documented "case" for putting firewall filtering back in place.
DrUltima
Unless your friend has a vested interest, though, my advise to him would be to walk away and not worry about it. I took "relieved of his responsibilities" as being fired. If that is not the case, then the next step would be to do some research about firewall and security and present a well documented "case" for putting firewall filtering back in place.
DrUltima
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks gbakies/DrUltima
Chris
Yes only outbound filtering was turned off.
Sonicwall TZ 210 had all inbound ports closed except for Terminal Services. The application running on the terminal services is a Tree Care Order Entry program. Total users 15. No financial / personal social security/ health or other privacy sensitive data is being stored. The static ip address is also unpublished and do not show as belonging to the company
I do think that the auditor was scaremongering
-Pat
Chris
Yes only outbound filtering was turned off.
Sonicwall TZ 210 had all inbound ports closed except for Terminal Services. The application running on the terminal services is a Tree Care Order Entry program. Total users 15. No financial / personal social security/ health or other privacy sensitive data is being stored. The static ip address is also unpublished and do not show as belonging to the company
I do think that the auditor was scaremongering
-Pat
As long as access-lists are configured very tightly to only allow the absolutely necessary traffic to flow through the firewall breaches are unlikely. Certainly NAT wouldn't be considered a security hole.