Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 7335 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cyber Essentials - Question 4. Have all commonly attacked and vulnerable services.

Daryn Bray

Hi all, first post here please be gentle!

We use/have Sophos UTM 9 kit in our two main locations. We are currently going through a Cyber Essentials (basic) application and question 4 asks:

Have all commonly attacked and vulnerable services (such as Server Message Block (SMB) NetBIOSm tftp, RPC, rlogin, rsh, rexec) been disabled or blocked by default at the boundary firewalls?

How can I confirm this please, are there default rules for such?

Many thanks

Daryn

 

 

 

 



This thread was automatically locked due to age.
Parents
  • +1

    Hi, Daryn, and welcome to the UTM Community!

    The UTM's firewall blocks all traffic by default.

    See #2 in Rulz to understand that invisible and automatic firewall rules are applied first.  WebAdmin creates an invisible rule, for example, when you enable the User Portal or configure Web Protection, etc.  An automatic rule is created, for example, when you select to do so in a NAT rule or an SSL VPN Remote Access Profile.  Your explicit rules are considered if the traffic qualifies for none of the foregoing rules.

    The firewall is also "stateful" - it has a connection tracker that allows responses to allowed requests.  Unlike the Windows firewall, you don't need to allow traffic both ways.

    The basis for the UTM is SUSE Enterprise Linux, so those BSD-specific Services like rsh are not used.  You can configure Shell Access (SSH) to the command line in 'Management >> System Settings'.  If you have that enabled with the "Any" network object, you should disable it immediately.  You should have only a few IPs in there at most.

    The same is true of 'Management >> WebAdmin Settings' - access to WebAdmin should be severely restricted.

    Having said all that, it should be clear that the person that configured your UTM is best positioned to answer your questions.

    Cheers - Bob

Reply
  • +1

    Hi, Daryn, and welcome to the UTM Community!

    The UTM's firewall blocks all traffic by default.

    See #2 in Rulz to understand that invisible and automatic firewall rules are applied first.  WebAdmin creates an invisible rule, for example, when you enable the User Portal or configure Web Protection, etc.  An automatic rule is created, for example, when you select to do so in a NAT rule or an SSL VPN Remote Access Profile.  Your explicit rules are considered if the traffic qualifies for none of the foregoing rules.

    The firewall is also "stateful" - it has a connection tracker that allows responses to allowed requests.  Unlike the Windows firewall, you don't need to allow traffic both ways.

    The basis for the UTM is SUSE Enterprise Linux, so those BSD-specific Services like rsh are not used.  You can configure Shell Access (SSH) to the command line in 'Management >> System Settings'.  If you have that enabled with the "Any" network object, you should disable it immediately.  You should have only a few IPs in there at most.

    The same is true of 'Management >> WebAdmin Settings' - access to WebAdmin should be severely restricted.

    Having said all that, it should be clear that the person that configured your UTM is best positioned to answer your questions.

    Cheers - Bob

Children