A recently discovered security flaw affecting Fortinet FortiGate firewalls allows attackers to gain access to systems.
Authorization attacks such as these are a reminder that even firewalls have security limitations. Although firewalls play a key role in network security, they must not be your only line of defense for critical infrastructure. As with any software, errors in the design, implementation, or configuration result in vulnerabilities that leave your critical assets exposed to malicious actors.
OPSWAT’s NetWall Unidirectional Security Gateway provides a layer of security to protect critical assets while maintaining dependable data transfer needed to support business operations. NetWall’s security profile avoids common firewall vulnerabilities that expose critical assets to threats.
We will look at four common firewall vulnerabilities and how NetWall protects against these risks.
1. Unauthorized access
A common firewall vulnerability occurs when users or attackers gain unauthorized access to a system. With the FortiGate authentication bypass CVE, attackers were able to access the administrative interface using HTTP and HTTPS requests. This level of authorization allows attackers to access internal systems to retrieve data, perform malicious actions, or both.
OPSWAT’s NetWall Security Gateway enforces proper network segmentation while replicating data in real-time from the trusted network to the untrusted network, eliminating the need for direct access to critical systems that perform data analysis. NetWall’s one-way architecture blocks any connection attempts originating from the untrusted network, reducing the possibility of unauthorized access disrupting operations.
2. Outdated Firewall Software
Outdated firewall software leads to exploitable vulnerabilities. Firewall vendors work diligently to detect and address these vulnerabilities, but attackers may outpace the vendors. When an issue is detected patches are pushed but the gap between detection and patch deployment allows attackers time to exploit these known weaknesses. This security gap burdens resources and imposes additional operational costs on organizations.
NetWall’s one-way architecture is resistant to software vulnerabilities because attackers cannot establish a connection from the untrusted network to NetWall. OPSWAT provides the secure transfer of software updates reducing NetWall’s exposure to software vulnerabilities.
3. Improper Configuration
Misconfiguration is the most common firewall vulnerability. Human error results in outdated and misconfigured firewalls. Common mistakes include leaving ports open or misconfiguring rules and exposing the firewall to attacks. As a result, organizations must periodically audit their firewall configuration. Regulated industries must document their firewall audits and reports which increase recurring operational costs.
OPSWAT’s NetWall Security Gateway is preconfigured at installation and does not need periodic updates.
As added security, accessing the user interface is performed using removable security dongles. NetWall runs headless and cannot be reconfigured. If during installation NetWall is misconfigured, it will not alter the one-way data transfer security profile. A bad actor cannot take advantage of misconfiguration and connect to NetWall.
4. Lack of Proper Documentation and Training
Related to the improper configuration issue is complexity. Firewalls require greater documentation which results in more complicated training when adding new resources to the system. A new resource is more prone to error, resulting in improper firewall configuration or maintenance.
Using NetWall for securing perimeters dramatically reduces documentation and training overhead. Initial documentation of the supported data flows is updated only when the data flows change, reducing the time spent maintaining documentation. Training is simplified and there is no need for periodic audits.
Firewalls are a necessary and important feature of secure networks. But they are not without weaknesses. OPSWAT designed NetWall to avoid these common vulnerabilities, adding a more secure barrier around your critical infrastructure.
Source : https://www.opswat.com/blog/more-than-a-firewall-opswats-netwall-protects-against-authentication-bypass-vulnerabilities