So, here are the details. I manage a network that includes a Police Department. A state IT official has told me that he were able to hack the network via my public access point, Penetrate into the system and "see" all my devices. This was part of an on-going dispute over a problem we were having maintaining a VPN Tunnel with his office.
Back to the "HACK"
They have not told me how they did it, nor have they described what they did.
This seems counter intuitive to me,
Should they be and / or are they required to tell me how they got in, so I can close and lock the door?
I do know what ports are open, and they are EMAIL (POP and IMAP), and MYSql.
There are NO default user names and passwords on any of those ports.
I am in the process of paying a professional group to "review" my public facing connection.