Today’s Tales from the Trenches is brought to you by Bill Burge, Senior Security Solutions Consultant.
When you’re first diving into network modeling with RedSeal, one of the initial tasks is connecting to network devices to gather their configurations. It’s a step that seems simple enough, but that elusive F-word, “Failed” becomes an all-too-familiar sight. […]
Name: Juniper Firewall Vulnerability Detection Description: This Custom Best Practice Check (CBPC) detects potential vulnerabilities in Juniper firewalls that could lead to unauthorized access and remote code execution.
Rule: Regex: ^ *web-management \{(\r?\n) *htt.*
Explanation: This regular expression (regex) is designed to match specific configuration lines within a Juniper firewall’s configuration related to web management settings. […]
“The law of unintended consequences” states that the more complex the system, the greater the chance that there is no such thing as a small change.
While working with a customer in the early days of my RedSeal Professional Services tenure, I looked for an opportunity to prove the capability of Zones & Policies. In an unfamiliar environment, the easy starting point is creating a policy that examines the access from “Internet to all internal subnets.” It is easy to setup and easy to discuss the results, UNLESS the results say that most of the Internet can get to most of the internal network.
While working with a large customer with multiple, interconnected, environments; their greatest fear was that infection in one environment might cross over one environment into the others. They had purchased a managed service, which meant I was the primary RedSeal Admin. They approached me with a request and it was obvious they were having a possible “incident”. It was obvious they didn’t want to provide TOO many details, but I’ve spent enough time on both sides of these topics that I was pretty sure what I was up against.
While working with a global reach chip manufacturer, a new member was added to those who helped manage RedSeal. As we were reviewing some of the RedSeal findings and giving him a tour of the capabilities of the deployment, it was pretty obvious he was neither impressed nor entertained. With his history of designing, building, and managing the network; he was almost offended that some product could tell him ANYTHING that he didn’t already know about his network.
Numbers are a tricky business and more numbers equals more tricky, and sometimes our brains see what they want to see and not what is actually there.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly released a report on the top 10 vulnerabilities consistently being scanned, targeted, and exploited by foreign sponsored hacking groups.
Multiple news sources, security researchers and security agencies have reported on a new attack against tens, if not hundreds, of thousands of Internet accessible Exchange servers configured for Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Outlook Web App (OWA) access. These attacks are being carried out by the China nation/state sponsored hacking group known as Hafnium.
The U.S. National Security Agency published a report detailing the top 25 vulnerabilities consistently being scanned, targeted, and exploited by Chinese state-sponsored hacking groups. All 25 vulnerabilities are known and have patches available from their vendors.
