Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sonicwall tz100 (hacked?): default rule any any allow

Posted on 2014-02-10
6
Medium Priority
?
765 Views
Last Modified: 2014-02-11
Hi,

I have a device on my network that was compromised. Couldn t logon to it, no ssh nothing.
Now, I try to limit accesses on my sonicwall.

I see a rule from any to any allow. That is not a default rule right? This would mean also my sonicwall user and pass are known.

Please advise.
J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39848529
Hi janhoedt,

It depends, by default Zones are set to Deny. Which Zones are they for?

The attacker would only know which users of the machine compromised and even then only if they have setup a sniffer or keylogger - just because they have been compro9mised doesn't necessarily point to any particular threat but rather that vulnerabilities have been exploited. Therefore, unless you are using SSO or have aligned the user's credentials with the ones in the SonicWALL. Even then someone would have to know not only their way around a SonicWALL but know that a user account has been setup there as well. Furthermore, unless they have admin access it they will not be able to change any settings within the SonicWALL but they will have access to whatever that user has access to inside the network. Change user credentials on the SonicWALL immediately for that user.

Let me know if you have any other questions!
0
 

Author Comment

by:janhoedt
ID: 39849482
Thanks.

The access rule is the following (system made access rule, I've set it on deny now):

 46      LAN      >      WAN      11      Any      Any      Any      Allow All      None                    Enabled        Edit this entry A service depends on this rule
0
 
LVL 26

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39849710
Awe, OK in this case LAN > WAN is completely normal to have it as Allow Any Any All. Unless you are filtering outbound traffic for PCI or some other compliance/security reason, the default for LAN > WAN is Allow and should be otherwise nothing will go outbound (no email, can't browse web, etc.).

Make sense?
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 

Author Comment

by:janhoedt
ID: 39849894
I'd like to explicitely allow or disallow so have put it on dissalow.
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39849906
Then you need to have the LAN > WAN Deny rule as the last rule in priority. Then explicitly allow each service above it in priority.

Any other questions?
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39849956
Glad I could help...thanks for the points!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question