Bad one: SonicWALL Remote Management Vulnerability
-
Their site was offline most of this morning. It seems to be back now.
Rule #1: Never, ever, have a device connected to the Internet in an unrestricted manner for any kind of management. Never.
Rule #2: Update it. Always. Pay the fee if need-be, but make sure it's up to date.The number of iDRAC/iLO/RMM horror stories heard around here as a result of being plugged directly into the Internet are sadly more numerous than they should be.
-
@PhlipElder said in Bad one: SonicWALL Remote Management Vulnerability:
Their site was offline most of this morning. It seems to be back now.
Rule #1: Never, ever, have a device connected to the Internet in an unrestricted manner for any kind of management. Never.
Rule #2: Update it. Always. Pay the fee if need-be, but make sure it's up to date.The number of iDRAC/iLO/RMM horror stories heard around here as a result of being plugged directly into the Internet are sadly more numerous than they should be.
Did a blog post with a How-To for disabling: https://blog.mpecsinc.com/2019/07/19/important-sonicwall-vulnerability-patch-for-remote-management/
-
@PhlipElder Is the blog post 3 steps?
- unplug sonicwall
- open window
- throw sonicwall out open window
?
-
@DustinB3403 said in Bad one: SonicWALL Remote Management Vulnerability:
@PhlipElder Is the blog post 3 steps?
- unplug sonicwall
- open window
- throw sonicwall out open window
?
I don't subscribe to that religion.
-
WTF? People NAT their iDracs?
-
@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:
WTF? People NAT their iDracs?
Some people...
-
@DustinB3403 said in Bad one: SonicWALL Remote Management Vulnerability:
@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:
WTF? People NAT their iDracs?
Some people...
Probably the same people that put ketchup on a perfectly good steak..... psychopaths the whole lot of them
-
4 years ago I changed SonicWall for Pfsense.
One of the best changes I've ever done.
-
@iroal said in Bad one: SonicWALL Remote Management Vulnerability:
4 years ago I changed SonicWall for Pfsense.
One of the best changes I've ever done.
We've been replacing pfSenses with UBNT, also a nice move
-
@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:
WTF? People NAT their iDracs?
As opposed to what? Having a disconnected management LAN and only jump boxes to get to them?
-
@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:
@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:
WTF? People NAT their iDracs?
As opposed to what? Having a disconnected management LAN and only jump boxes to get to them?
I think he was referring to inbound NAT / port forwarding from the internet as opposed to LAN only access
-
@notverypunny said in Bad one: SonicWALL Remote Management Vulnerability:
@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:
@wrx7m said in Bad one: SonicWALL Remote Management Vulnerability:
WTF? People NAT their iDracs?
As opposed to what? Having a disconnected management LAN and only jump boxes to get to them?
I think he was referring to inbound NAT / port forwarding from the internet as opposed to LAN only access
Oh, yeah PORT FORWARDING to an iDRAC would be pretty "not recommended." But behind a NAT firewall would just allow them to reach out and update, and no one to reach in by default.
-
@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:
UBNT
For what reason? Are there any problem with Pfsense ?
-
@iroal said in Bad one: SonicWALL Remote Management Vulnerability:
@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:
UBNT
For what reason? Are there any problem with Pfsense ?
Not problems, pfSense is a good product. The biggest "problem" is the lack of vertical integration with hardware. With the UBNT we get software custom made for the specific hardware, and support. So we don't have to do our own installs, and don't need random third party software. It's one, inclusive package that is well known and tested both in the field and by the vendor. pfSense is software only and as a software firewall would be at the top of my list. But we deploy hardware and the benefits are the lower cost, better supported hardware with massive supply chain are pretty impossible to beat.
And the central monitoring features of UBNT carry a lot of value. We get centralized visibility.
-
@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:
@iroal said in Bad one: SonicWALL Remote Management Vulnerability:
@scottalanmiller said in Bad one: SonicWALL Remote Management Vulnerability:
UBNT
For what reason? Are there any problem with Pfsense ?
Not problems, pfSense is a good product. The biggest "problem" is the lack of vertical integration with hardware. With the UBNT we get software custom made for the specific hardware, and support. So we don't have to do our own installs, and don't need random third party software. It's one, inclusive package that is well known and tested both in the field and by the vendor. pfSense is software only and as a software firewall would be at the top of my list. But we deploy hardware and the benefits are the lower cost, better supported hardware with massive supply chain are pretty impossible to beat.
And the central monitoring features of UBNT carry a lot of value. We get centralized visibility.
Thanks for your opinion, I always learn of them.
-
PFSense has a newer fork now as well, known as OPNSense (https://opnsense.org/)
More modern UI and such, decent packages available if you need extra stuff, but as far as routing and a firewall, it's pretty excellent!
-
@dafyre said in Bad one: SonicWALL Remote Management Vulnerability:
PFSense has a newer fork now as well, known as OPNSense (https://opnsense.org/)
More modern UI and such, decent packages available if you need extra stuff, but as far as routing and a firewall, it's pretty excellent!
Both have a third party UTM add on option, too.