Permissive firewall policy detected #203
Comments
|
TITLE
TL;DR Permissive firewall policy detected on [DEVICE/NODE/ENDPOINT(S)]. Permissive firewall policies permit all traffic unless otherwise specified. Note that you can have different firewall policies for ingoing (ingress) and outgoing (egress) traffic, so check both. Consider changing your policy to be more restrictive, either by implementing rules to your permissive policy, or setting it to restrictive. FAQ Firewall policies typically come in two modes: permissive (sometimes known as passive) or restrictive. Permissive policies permit all traffic unless otherwise specified, but these rules can be complex to implement depending on the firewall provider. Restrictive policies essentially do the opposite, they deny all traffic unless otherwise specified. This is the most secure option as it requires manual editing of the access control list. In order to be as secure as possible, configure your policy to be as specific as possible. Your source IP address, target IP address, and destination port for traffic should be specified and the range of such should be minimal. Avoid using Alternatively, implement more rules to your permissive policy (although this is still not recommended). Both ingress and egress traffic can be configured to go through different firewall policies. Make sure to check both for security weaknesses. |
fshmcallister
changed the title
|
Good job. Wait for Viktor to confirm ok. |
"Note that you can have different firewall policies for incoming (ingress) and outgoing traffic (egress)." |
|
Good @fshmcallister |
|
updated original post to include ingress and egress |
|
TITLE TL;DR Permissive firewall policy detected. Permissive firewall policies permit all traffic unless otherwise specified. Note that you can have different firewall policies for incoming (ingress) and outgoing (egress) traffic, so check both. Consider changing your policy to be more restrictive, either by implementing rules to your permissive policy, or setting it to restrictive. FAQ Firewall policies typically come in two modes: permissive (sometimes known as passive) or restrictive. Permissive policies permit all traffic unless otherwise specified, but these rules can be complex to implement depending on the firewall provider. Restrictive policies essentially do the opposite, they deny all traffic unless otherwise specified. This is the most secure option as it requires manual editing of the access control list. In order to be as secure as possible, configure your policy to be as specific as possible. Your source IP address, target IP address, and destination port for traffic should be specified and the range of such should be as minimal as possible. Avoid using 'any' where possible, the only scenario where this can't be the case is if you have a service that should be available to all internet users. So you may want to configure access to your port 80/tcp (HTTP) or 443/tcp (HTTPS) to 'any', but ensure access to other back-end services such as a database is limited. Alternatively, implement more rules to your permissive policy (although this is still not recommended). Both ingress and egress traffic can be configured to go through different firewall policies. Make sure to check both for security weaknesses. You can configure your firewall directly using the WoTT Dashboard either on a per-node basis (available under the Security tab) or using a group policy. Code Snippet Not applicable. |
We found permissive firewall policy present on {devices}. Please consider change it to more restrictive one.
as part of #198
The text was updated successfully, but these errors were encountered: