nprofile1q…xd2rl I have seen this as well. But those attacks could usually have ...

Martin Seeger /

npub125g…k5gh

2024-12-08 07:16:39

in reply to nevent1q…ydg3

nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdsaxd2rl (nprofile…d2rl) I have seen this as well. But those attacks could usually have been mitigated with a second firewall of the same vendor as good/bad as with a firewall of a different one.

Attack vectors against firewalls are usually VPN or management connections.

Doing firewalls for 30+ years now, I do not know of any incident of a firewall being successfully attacked when it was purely operating as firewall in the original sense.

I usually recommend companies to replace the second firewall by one of the same vendor but reducing it to basic functionality.

In all cases where I was involved and a firewall was „hacked“ it happened after patches were available and usually went through functions the company wasn’t even using.

Even without patch they would have been safe if they had understood their system and disabled unused functionality.

Firewalls (even multiple ones) are no magic bullets. Attention to policy and config matters.

In IT security a realistic approach to your own capabilities is essential. You don’t get more secure by spreading a tiny bit of butter on tons of bread.

Author Public Key

npub125gvlgury2dk2f48p0cz8gdnl0alsze2w82rleh55euq8sz6kyns5mk5gh

Seen on

wss://relay.nostr.band

Show more details

Published at

2024-12-08 07:16:39

Kind type

1 Short Text Note

Event JSON

{ "id": "2c987e78f82e5ee157667e014f3fd96ae6b815b083fe7bde489931499cbe276c", "pubkey": "5510cfa383229b6526a70bf023a1b3fbfbf80b2a71d43fe6f4a67803c05ab127", "created_at": 1733642199, "kind": 1, "tags": [ [ "p", "cf860c4034090328f71471a6c44dc6db7f45df3a7b90877c045f4db2d81f7e1b", "wss://relay.mostr.pub" ], [ "p", "ddaef735ba82c4c8eb3942423bf54420567582fd5b68ed1046a7e18c9f780bfe", "wss://relay.mostr.pub" ], [ "e", "4257f34c27350e74a10c303e558aa02e73d47c2ec76a23f2f755ef890e1e3502", "wss://relay.mostr.pub", "reply" ], [ "proxy", "https://infosec.exchange/users/masek/statuses/113615975185026634", "activitypub" ] ], "content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdsaxd2rl I have seen this as well. But those attacks could usually have been mitigated with a second firewall of the same vendor as good/bad as with a firewall of a different one.\n\nAttack vectors against firewalls are usually VPN or management connections.\n\nDoing firewalls for 30+ years now, I do not know of any incident of a firewall being successfully attacked when it was purely operating as firewall in the original sense. \n\nI usually recommend companies to replace the second firewall by one of the same vendor but reducing it to basic functionality.\n\nIn all cases where I was involved and a firewall was „hacked“ it happened after patches were available and usually went through functions the company wasn’t even using.\n\nEven without patch they would have been safe if they had understood their system and disabled unused functionality. \n\nFirewalls (even multiple ones) are no magic bullets. Attention to policy and config matters. \n\nIn IT security a realistic approach to your own capabilities is essential. You don’t get more secure by spreading a tiny bit of butter on tons of bread.", "sig": "59b97789970a8452d2fb8d28cffc7bc91056df9a962aa10eabfcb471c04c796a279431d0ea5a4e5a28aa2016d0409a4e3eda874d44b7cfbc4ed8f439d7ca1c77" }