With the threats abound in the world today, one cannot be expected to know each vulnerability that exists in their current firewall. But it's increasingly important information to know, for instance, that penetration tests aren't the be all end all of the vigilence against attacks. While threats can present themselves in an obvious manner, sometimes they require a little more attention to be able to identify.
![""]("__GHOST_URL__/content/images/2017/06/firewall1011-1.jpg")
I've compiled a list of vulnerabilities in no particular order that you need to be on the lookout for:
Using an outdated Firewall OS software which is no longer supported and can no longer facilitate known exploits including remote code execution and denial of service attacks, and might not look good in the eyes of third-parties if a breach occurs.
Setting passwords to default which is a reckless security vulnerability.
A SQL Server with a weak password including the default credentials leaves your Microsoft SQL Server databases vulnerable to access by anyone with an internet connection.
Rules exist without logging which can be especially problematic for critical systems/services.
Leaving your firewall with unencrypted HTTP connections which allows anyone on the Internet to access your firewall and exploit the network as long as they're on the same network segment such as open/unencrypted wireless network.
Anti-spoofing controls are not enabled on the external interface which can facilitate denial of service and related attacks.
Any protocol/service can connect between internal network segments which can lead to internal breaches and compliance violations, especially as it relates to PCI DSS cardholder data environments.
Unencrypted telnet connections grant anyone on the internal network access. These connections can be exploited by an internal user (or malware) if ARP poisoning is enabled via a tool such as the free password recovery program
Rules without any documentation which can create security management issues, especially when firewall admins leave the organization abruptly.
All TCP or UDP services can exit the network which enables the spreading of malware and spam and lead to acceptable usage and related policy violations.
While these security issues are relatively easy to fix, every security issue requires discernment.
Thank you for visiting Base64. Should you have any comments, please share them in the space provided below!