FACTS & FINDINGS #001: Unrestricted Firewall Egress
When doing any kind of internal network assessment at Red Siege one of the initial things we check for is whether or not our client's perimeter firewalls allow unrestricted outbound traffic to the internet.
Essentially, am "I" as an attacker able to exfiltrate data via any service that I choose??Do you know the answer to that question for your organization?
Why this matters.
We at Red Siege consider egress filtering an essential part of network security best practices. Our client's that allow only authorized traffic through their firewalls to the internet significantly cut down on an attacker's ability to establish command and control networks. More importantly for some this also cuts down the ability to exfiltrate data acquired from within their organization.
What you should do.
Red Siege recommends everyone should implement egress filtering on all firewalls, ensuring that only business critical ports and protocols are allowed outbound.
Any services that are allowed out should be restricted to only specific hosts on an as needed basis. Additionally when possible, this traffic should be routed through a proxy and there should always be an explicit deny as the last rule in the ruleset ensuring any non allowed traffic is dropped.
Test Yourself.
Want to test this on your own? Load up nmap or any other portscanning tool on an internal host and target the site allports.exposed. This site listens on all ports and will respond when queried.
This nmap command will scan the site allports.exposed, on all open ports, and only display ports which return a status of open.
领英推荐
nmap -p- allports.exposed --open
If a firewall rule drops traffic bound for allports.exposed it will report back as closed.
This is a quick, cost free test that could save you a finding on your next penetration test!
Need Penetration Testing and Red Team services or Offensive Training?
Contact Red Siege Today:[email protected]
If you would like to learn more about the services we offer, please visit our website:?https://redsiege.com
Red Siege is one of the most trusted information security consulting firms in the industry that concentrates on the latest threats to organizations today. We perform in-depth analysis, determine organization/business risk, and find the vulnerabilities before the bad guys do. The Red Siege team of trained, qualified and experienced information security experts is led by one of the most recognized names in the industry, our CEO Tim Medin .