security breach!

Posted on 2012-09-18
Medium Priority
Last Modified: 2012-10-05
i have recently had somone illegally come onto my network to create a firewall rule to allow them to have unauthorised access to a personal nas drive that sits on the netword.

i grant contractors access to the network allowing them to create a firewall rule .  however, i was looking at the rules and seen that someone had created a rule to allow them access in and out - i have a suspiion who it might be but how do i get the evidence to sack them ?

we use watchguard and a admin account
how could i find out when they logged in/out to do this ?
Question by:LBC
LVL 32

Expert Comment

ID: 38411749
Unless you have a syslog server running, the Watchguard log only stores a limited amount of data, which is a few days at best.

My suggestion, don't delete the rule or stop it.  just change something simple like the protocol or port it uses.  Also, don't change your admin password YET.

Monitor the logs over the next few days to see who logs in and makes changes.
LVL 18

Accepted Solution

deimark earned 450 total points
ID: 38416772
Yup, as above, be sneaky about this.  Set it log as well (if not done already) to monitor who actually hits that rule.

Moving forward, I would also suggest individual accounts for administration which can provide an audit trail of "who did what and when" much better than a shared account can use,

Author Closing Comment

ID: 38467020
i have created my own account - thanks for your help

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month14 days, 15 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question