Most business have a corporate network, a LAN (local area network), this network is comprised of network devices such as firewalls, routers, and switches.
All of these devices are connected via cables or wireless infrastructure and form the backbone of your network. If any of these devices were to be compromised the malicious actors could potentially go unnoticed modifying network flows, creating shadow networks, collecting data and monitoring traffic for considerable amount of time.
A number of nightmare scenarios could come to fruition with compromise of a network device.
Gartner | Adam Hils , Rajpreet Kaur, One Brand of Firewall is a Best Practice for Most Enterprises
Regardless of how good your governance policies may be, exceptions happen, and things get forgotten.
Emergency changes to allow quick access, after all your business is dynamic and wants to facilitate an import project, promptly. The odd firewall rule change or port opening up some Network Access Controls (NAC).
We may not be following the best of practices, but that’s ok, its only for a short period of time, right? You have a nightmare scenario; your go live date is a few days away and your systems are still not functioning as expected. An emergency change is approved to allow all ports and services to be opened on the firewall. In aid of testing and diagnosing the fault. Changes will be reverted once the testing has been completed anyway, wont they…?
Does this sound familiar? We have seen these types of situations many times and completely understand why they happen; however, pragmatism can quickly turn to a data leak when these types of changes are forgotten, and open rules left unchecked for anyone to abuse.
Once a firewall is in situ, regular audits of at least once annually should be planned as part of best practice. Undertaking annual audits would greatly increase the likelihood of finding any security concerns before they are abused.
Laneden can help you build a security program that includes regular auditing of these devices, not only the rule sets but identifying known vulnerabilities and general insecure configurations. Delivering a simple to understand report detailing all the findings and recommendations.
Businesses of all sizes generally host directory services such as Active Directory (AD) on their network. (AD) on their network. Active Directory is a Microsoft product which consists of several services running on a Windows Server. Its purpose is to manage permissions and access to networked resources, providing your users with a simple solution to collaborate and get the job done.
Active Directory is where it would be done.
Laneden Founder,
Darryl Lane
In our experience AD grows organically and is a treasure trove of information for an attacker. Hosting mountains of legacy build up over the years, potentially thousands of forgotten network accounts, who only knows how many of those accounts have terrible guessable passwords allowing access to your systems and data.
Laneden can carry out general configuration audits and password audits. Utilising the same techniques as malicious actors, we can help you identify and understand the potential risks associated with your directory services.
Delivering a simple, concise report highlighting all associated risks, password statistics, cracking statistics, general configuration concerns and remediation advice. Along with best practises and techniques for helping users understand how they can help protect themselves, your business and most of all your customers.
Let’s work together to bring peace of mind.
Laneden Founder,
Darryl Lane
Using a combination of automated and manual testing, our consultants will conduct a thorough assessment of your infrastructure, identifying vulnerabilities that may be exploitable by both authenticated and unauthenticated users across your network.
The use of automated tools and in-depth knowledge of manual testing allows us to accurately and effectively assess your infrastructure, maximising the time available.
Assessments are conducted in line with the current standards and methodologies utilised in the industry, such as those outlined in the Penetration Testing Execution Standard (PTES). Using PTES as guidance, Laneden defines our approach in six phases:
- Pre-engagement
- Intelligence Gathering
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
- Our consultants engage with the client to discuss the scope and make certain all is in order prior to the assessment beginning
- Communications at the beginning and end of each assessment day, confirming either the assessment is starting or ending for the day.
- On-going communications from the engaged engineer, highlighting any major issues as they come across them.
- A comprehensive report is provided containing an executive summary which gets right to the point of the associated risks and is consumable by anyone in the organisation regardless of their technical background.
- Clear and concise information describing each issue to hand.
- Technical references will be provided when relevant, allowing you to gather more information on the vulnerability if required.
- Each vulnerability will be put into context and given a risk-based score. Utilising CVSS 3 scoring and relevant context you can get a real picture for each associated risk.
- Simple remediation advice, advising what is required to remediate the relevant vulnerability.
FREQUENTLY ASKED QUESTIONS
A firewall is a network security device that acts as the gatekeeper between networks, such as those of your internal network and the internet.
Allowing traffic to flow through it based on a set of security rules and configurations. These gateways are all that lie between malicious actors, hackers, malware, viruses, and your internal network.
To put it bluntly, yes you really should care about your firewalls and audit them regularly.
These security devices are the barrier between your organisation, your data, your customer’s data and hackers, malware, viruses, and the cacophony of other malicious actors on the internet.
These devices undergo regular changes in most businesses, and their rule sets can quickly become outdated and open to abuse. Temporary rules opening up systems become permanent changes and forgotten about.
With more and more vulnerabilities being identified daily services, protocols, and configurations can quickly become outdated and susceptible to known attack vectors.
It is recommended that firewalls are audited at least twice yearly with PCI-DSS (v3) requirement 1.1.7 stating that organisations should “review firewall and router rule sets at least every six months.”