Plug and Play Security

One of the really interesting things we find is that most people have a "plug and play" attitude about security.  They think that their network is secure just because they bought a name-brand firewall or because they have top-of-the-line Cisco switches.  The hard truth is that security isn't always a given with these devices.  In most cases, they are configured so that you can plug them in and they work.  That's great, but where does security come into play?

Recently I was doing a firewall policy review for a client.  This is one of my favorite parts of my job because it's very detail-oriented work.  Everything was looking good on their review, and I didn't have much to report.  Then I got down to the bottom of the policy list and found the dreaded "outbound" policy.  In essence, this policy was serving as a hole through their firewall because it lets traffic out on any port.

I have seen this so many times that I've lost count at this point.  The problem is that this is a policy that comes pre-configured on this particular firewall.  So, when you plug it in, you can get out to the Internet.  Sounds great, right?  Definitely not from a security standpoint.  What this policy does is allow any type of traffic out of your network, thus limiting your firewall's ability to do its actual job.

This is a problem we see time and again with all types of equipment.  Just because it's a device that is supposed to make sure your network is secure doesn't mean it's going to do it out of the box.  You have to make sure you take the time to configure it properly, or better yet, have an expert do it for you.