BWC Cybersecurity Overlord ✭✭✭
Reactions
Comments
-
@David W I know it's the code from MailFrontier, but if this code is using log4j, aren't we back at square one? Apache James was just an example that it is not HTTP/S only, any service can be at risk. --Michael@BWC
-
@AGSonicWall I assume that you installed a Certificate on the Firewall Appliance which covers 192.168.15.1 as Common Name, this Certificate should be issued by a CA which is trusted on the Endpoint. My advice here is always to run a (tiny) CA from where you issue Certificates for all purposes and distribute the CA cert. I…
-
My hunch was correct, SMTP is an option (shown below for Apache James), great, so any customer is at (potential) risk, even those not publishing HTTP/S. No word from SNWL so far, radio silence on my Engineering Ticket. --Michael@BWC
-
@Rave_Romero12 I don't see a Match Object Type that would be of any help here, IMHO there is no way to archive this on the Firewall. You might handle this on the Endpoint itself. --Michael@BWC
-
Is this a bad joke? PSIRT changed it's mind to After review, version 10.x appears to be impacted by CVE-2021-44228. SonicWall is reading a HotFix to remediate the issue, which will be released shortly. Thankfully I did not forwarded the false information to my customers because it seems my suspicion was right. One aspect…
-
For anyone who is not familiar with PSIRT: --Michael@BWC
-
According to the latest information on PSIRT, ES 10.x is not affected: But the conclusion looks a bit strange to me, because "Apache Log4j project disclosed CVE-2021-44228, which is a Critical (CVSS 10.0) remote code execution vulnerability affecting Apache Log4j2 version<= 2.14.1. A subsequent security patch was released…
-
@Matt_Hodge I tend to give a similar answer like over here: You might create a FQDN Object for the Host you need to access and put it in the GeoIP exclusions. This is not perfect, because it will allow access to URLs which are hosted on that IP address. I could not find any other way around, because AppRules do not have a…
-
Hi @DrewK I did a quick test on 6.5.4.8 (hope that applies to 7.0 too) and when an URL gets blocked by CFS I can force access by having an Address Object in the CFS Exclusion - Excluded Address setting. I always thought it's valid for Source/Destination IP but wasn't sure anymore since you mentioned it. --Michael@BWC
-
@DrewK wouldn't it be easier to exclude 17.0.0.0/8 from CFS at all? But this might mess with your statistics, if you need to know the CFS rating of the accessed URLs in that netblock. --Michael@BWC
-
Everything is better without login. 🥷 🤦♂️ Because it has the same checksum I would tend to say it was pulled for no reason then. --Michael@BWC
-
10.2.0.9-41sv (with the same MD5 checksum) is back, 10.2.1.3 might follow. --Michael@BWC
-
@md3895 this scenario is IMHO creating way to much overhead when forced into the current VPN scenario. Wouldn't it be easier to have 192.168.1.192/26 configured on each location and placing a Mikrotik Router at each end. With RouterOS you can provide a so called Ethernet-over-IP Tunnel Depending on the speed you need this…
-
@David W thanks for checking, I'll open up a ticket and keep you posted because this is something I don't wanna attack with general Support. I don't have any Policies in use which are related to archives. The whole DMARC implementation seems to be fragile, outbound reporting does not seem to work without having an outbound…
-
@Marco_Caporiondo according to https://www.sonicwall.com/de-de/customers/loyalty-trade-in-program/secure-upgrade-plus/ you can't, but if you read https://www.sonicwall.com/medialibrary/en/datasheet/datasheet-customer-loyalty-program.pdf you can. I did a similar trade-in and the answer was that the remaining services will…