10 Common Firewall Mistakes That Hackers Love

By Sanjay Seth
18 hours ago
139
0

Top 10 Firewall Mistakes That Put Your Network at Risk

Hi, this is 3rd coffee here at my desk and I’m still running on overdrive with DefCon hardware hacking village, keeps me humble when it’s so easy to find basic mistakes even in a world of shiny new tech. I’ve been doing this since the early 90s — started as a network admin when voice and data muxing over PSTN was cool (also, ages me) and lived through the Slammer worm and its nuttiness on networks.

These days, I’m running my own security shop, and I just helped three banks move to zero trust. Now that’s what I call layered security! Despite how much we may have evolved in this regard, firewall misconfigurations continue to be the low-hanging fruit hackers pluck like candy.

So without further ado, here are 10 firewall misses I see all too frequently. These are not the holes kickstarter is poking, these are the side-steps, or blowout, or outright submersion. Quick heads-up: Start by reading the Quick Take; if you’re pressed for time, skip to the Quick Take — but you won’t want to.

1. Open RDP Access

The horrors of open RDP (Remote Desktop Protocol). When I entered, RDP was not even in the thoughts of most attackers. Fast forward — I’ve also seen (up close and personal) how RDP ports, and especially the stock 3389, are honey for bad guys. This error alone has resulted in ransomware takeovers multiple times for customers.

Automated bots are employed by hackers to check for open RDP ports. When they find one, the process of password guessing or factor stuffing begins. And oh, by the way, many companies still do not restrict access to known IPs or enforce MFA for RDP.

Here’s the thing:

Avoid leaving RDP open to the internet
Through VPN tunnels or zero trust controls gate it
Use Multi-factor authentication is a must
Change default ports (security by obscurity is not your primary defense though)

Believe me, an up-to-date RDP setup is to information security what locking your car doors at night is to protecting all that candy you have in your pockets from being stolen. If you don’t do it, don’t be shocked when something is taken — perhaps even your portable spreadsheet machine.

2. Poor Logging Practices

Logging is about as popular as a tiresome chore. I was as guilty of this as anyone in the early days — and who’d look through logs anyway? But logs are the black box of your firewall. Without good logs, investigations into attacks are akin trying to repair your car engine blindfolded.

Large numbers of organizations either log too little or keep logs for too short a time. Worse, logs aren’t actually reviewed or parsed often, so the warnings never get noticed.

Important logging essentials:

Do comprehensive firewall logging, including dropping packets
Securely store logs and maintain for the required compliance period
Regularly check logs or rely on automated analysis (but watch out for claims of AI-powered — you need human review)

Ignoring logs? It’s like driving a Ferrari without a dashboard — you’re flying blind.

3. Disabled Threat Detection

I have seen some of client firewalls where the threat detection is disabled for the sake of performance. Really? That’s the equivalent of powering down your car’s brakes because it uses less gas. Threat detection capabilities – IDS/IPS, malware filter – are designed to catch or block anything amiss.

Some even depend only on perimeter firewalls, oblivious to the reality that attackers move around inside networks as well. Firewalls with no realtime threat detection is all wishful thinking.

Here’s my take:

Do not turn off IDS/IPS on your firewalls
Tailor Threat Signatures to your environment
Keep firmware and signatures updated on a regular basis

Attackers are creative every day, not having a firewall in fullerenes is playing with fire.

4. No Geo-Blocking

Between pretty much any two nations in the world, nothing would appear to be inherently wrong with this kind of blocking technologies. For example, banks I worked with swear by only allowing traffic from countries it does business with (that’s geo-blocking). Simple but effective. But a lot of organizations don’t turn on this feature, leaving firewalls open to global noise.

Not every business has that much “can” in their “block strictly,” but blocking high-risk geographies or known hostile regions is a panacea for a lot of unwanted traffic—risk and load.

Why skip geo-blocking? Others, it’s the “but we have people working remotely worldwide” excuse, and that’s a fair one. But I advocate granular policies that can reconcile access with security.

This is no silver bullet — but it’s akin to building a fence around your garden. It won’t stop everything, but it keeps most riff-raff out.

5. Unsecured VPNs

VPNs are the gateway drug for hackers when misconfigured. Just last month, working on a bank’s zero-trust setup, we found VPNs that permitted weak encryption and nothing at all for endpoint checks.

When VPNs are improperly secured:

Credentials get intercepted
Network access is acquired by infected devices
Intruders burrow in undetected

Best practices for VPNs:

Employ robust encryption (that means no more PPTP, people)
Endpoint compliance checks deployed
Cloud-native zero-trust segmentation with VPN access combined

Don’t forget, even the most secure VPNs are little more than a fancy door with no lock if they’re not properly authenticated and vetted.

The Rest I See All the Time (a Little)

Default firewall rules in place: Perhaps allow all outbound is a rule a defense contractor might faint at the sight of, but you — yes you — might even be to blame.
Trust Levels Too High: Trusting too much, in other words, this person is family.
Outdated firmware; We see devices with firmware from 2015 because “it’s stable.” News flash: stable to hackers is not secure.
Failing to Firewally Internally: Caring only about the first layer of defenses. Internal division wins elections.
No or Weak MFA on Firewall Admin Access: You wouldn’t leave your server room unlocked, so why leave firewall access wide open?

Quick Take For the Busy Execs

Lock down RDP — no exceptions, no excuses
Log like your life depends on it (because it does)
Flip the switch open on threat detection notice — don’t be lazy
Block dangerous geographies to limit noise and dangers
Lock down your VPNs: Don’t trust the tunnel alone

Wrapping It Up

Here’s my somewhat grumpy, but well-intentioned advice: firewalls are your first line of defense, but they suck without the human hands and brains behind them. I have witnessed all these and made some myself (when I thought that open access equals easy administration).

Security is not a set-it-and-forget-it. It’s an ever-evolving battleground. It’s not an option to take these things into account if you want to achieve your network to be as secure as a classic Rolls Royce stored in a locked garage.

Well PJ Networks Pvt Ltd is here to help you find those holes before the bad guys do. Because — and I mean this — every misconfiguration is an invitation. And hackers? They’re always RSVP-ing.

Alright, coffee 4 is calling. Stay sharp out there.

— Sanjay Seth

Top 10 Firewall Mistakes That Put Your Network at Risk

1. Open RDP Access

2. Poor Logging Practices

3. Disabled Threat Detection

4. No Geo-Blocking

5. Unsecured VPNs

The Rest I See All the Time (a Little)

Quick Take For the Busy Execs

Wrapping It Up

Related Content

How Default Firewall Settings Put Your Business at Risk

Misconfigured Firewalls: The Silent Killer of Network Security

The Top Firewall Misconfigurations That Put Your Business at Risk

How AI Automates Compliance & Security Audits for Businesses

How AI-Powered Threat Intelligence Improves Cyber Risk Management

How AI & Machine Learning Power Zero Trust Security Models