Sonicwall Vunerablility exposed and currently being exploited.

We have Palo Alto at work. A few months ago there was a vulnerability and as we were in the process of patching it ,the logs lit up that someone was trying to exploit it.
That was nuts.
 
sonic.gif
 
You'd have to be a complete fool to expose any sort of web interface to the internet at large. Why do these routers do this? VPN is lame and is worth crap.

My work network is behind a lowly Edgerouter 3 Lite, and I can access a lot of my network from home through NAT routing because I use IP-based rules. I see all sorts of crap hitting the router. I run different IP blocking lists on the router, I'm blocking probably 1/2 the internet from hitting my web and mail server. I've seen a huge uptick on ports 500 and 143/993 lately.
 
You'd have to be a complete fool to expose any sort of web interface to the internet at large. Why do these routers do this? VPN is lame and is worth crap.

My work network is behind a lowly Edgerouter 3 Lite, and I can access a lot of my network from home through NAT routing because I use IP-based rules. I see all sorts of crap hitting the router. I run different IP blocking lists on the router, I'm blocking probably 1/2 the internet from hitting my web and mail server. I've seen a huge uptick on ports 500 and 143/993 lately.

VPN is not lame and is used extensively. Not every company can afford A $20/user/month for DaaS. Where and how the VPN points to also matters.
 
You'd have to be a complete fool to expose any sort of web interface to the internet at large. Why do these routers do this? VPN is lame and is worth crap.

My work network is behind a lowly Edgerouter 3 Lite, and I can access a lot of my network from home through NAT routing because I use IP-based rules. I see all sorts of crap hitting the router. I run different IP blocking lists on the router, I'm blocking probably 1/2 the internet from hitting my web and mail server. I've seen a huge uptick on ports 500 and 143/993 lately.
VPN's are standard fare for any reasonably sized network to allow access to company resources. Many companies also use them for traffic filtering, since you can force all traffic through the VPN and apply AMP and filtering rules. The Edgerouter doesn't support IDS and AMP or any sort of advanced content filtering or malicious payload detection.

SSL VPN's have become more and more commonplace in the last decade because of places like hotels and hospital locking down their guest WiFi and only allowing ports 80 and 443 to prevent people from running torrents and other non-HTTP/HTTPS traffic. SSL VPN's got around this restriction. You can also impose certificate based authentication on top of O365 or whatever cloud provider you are using with MFA to enforce 3-levels of authentication for clients. This is pretty robust but of course doesn't help if the edge device itself is compromised.

Putting the resources in the cloud also doesn't make them any more secure, you are just moving the potential ingress point to a hosted solution with arguably a broader attack surface. AWS instances being hijacked and used for DDoS and attack proxies as a vector into other instances or to bypass geoblocking is also well known.

"Best practices" typically involve an isolated RDP server behind the VPN firewall with only the RDP instances being able to access the internal resources, so that if the VPN was compromised, they'd still need to gain access to the instances on the server to actually get anywhere.
 
Back
Top Bottom