Journal Masa's Journal: Boneheaded firewall rules 4
I have to say that the IT department of my employer doesn't have a clue at all.
They forced a new installation of a Symantec Firewall package to my computer (thanks, AD!). This new installation disables automatically the built-in Windows firewall. Well, that's fine except there seems to be a teeny tiny problem with the Symantec rule set. It doesn't block anything at all from the outside!
Well, of course my machine was hit immediately when this happened. Now I have the Windows firewall re-enabled and I hope that the Symantec application doesn't disable it again.
The worst part of this story is that there seems to be no way to tell this situation to anyone so the rule sets could be fixed. At the moment I'm writing this, the IT department is happily installing this defected rule set to all of our computers. Nice to know, that there will be tens of thousands machines vulnerable in our own local network. It will take just one contaminated machine to bring down the entire company.
They forced a new installation of a Symantec Firewall package to my computer (thanks, AD!). This new installation disables automatically the built-in Windows firewall. Well, that's fine except there seems to be a teeny tiny problem with the Symantec rule set. It doesn't block anything at all from the outside!
Well, of course my machine was hit immediately when this happened. Now I have the Windows firewall re-enabled and I hope that the Symantec application doesn't disable it again.
The worst part of this story is that there seems to be no way to tell this situation to anyone so the rule sets could be fixed. At the moment I'm writing this, the IT department is happily installing this defected rule set to all of our computers. Nice to know, that there will be tens of thousands machines vulnerable in our own local network. It will take just one contaminated machine to bring down the entire company.
brilliant (Score:2)
I recommend sending mail to firewalls at isc dot org FAQ and archives here [isc.org]. They have been remarkably low-volume over the past few years. I know one of the list maintainers.
P.S. important (Score:2)
Re:brilliant (Score:2)
To tell the truth, I'm a bit shy to report this kind of things anywhere else than my own journal. Besides, I'm suspecting that this is an internal problem of our company and not directly related to the official configuration of the Symantec software firewall. So, at least part of this problem isn't very interesting for general public.
However, I've done some further studies with the firewall and I've noticed one curious thing about it, which I think might actua