Entries by Bill Burge, RedSeal Professional Services

Custom Best Practice Check for Detecting Juniper Firewall Vulnerabilities

Name: Juniper Firewall Vulnerability Detection Description: This Custom Best Practice Check (CBPC) detects potential vulnerabilities in Juniper firewalls that could lead to unauthorized access and remote code execution.

Rule: Regex: ^ *web-management \{(\r?\n) *htt.*

 Explanation: This regular expression (regex) is designed to match specific configuration lines within a Juniper firewall’s configuration related to web management settings. […]

Tales from the Trenches: Vol 9 — The Law of Unintended Consequences, OR Some Doors Swing Both Ways

“The law of unintended consequences” states that the more complex the system, the greater the chance that there is no such thing as a small change.

While working with a customer in the early days of my RedSeal Professional Services tenure, I looked for an opportunity to prove the capability of Zones & Policies. In an unfamiliar environment, the easy starting point is creating a policy that examines the access from “Internet to all internal subnets.” It is easy to setup and easy to discuss the results, UNLESS the results say that most of the Internet can get to most of the internal network.

Tales from the Trenches: Vol 7 — You Can’t Always Get What You Want

While working with a large customer with multiple, interconnected, environments; their greatest fear was that infection in one environment might cross over one environment into the others. They had purchased a managed service, which meant I was the primary RedSeal Admin. They approached me with a request and it was obvious they were having a possible “incident”. It was obvious they didn’t want to provide TOO many details, but I’ve spent enough time on both sides of these topics that I was pretty sure what I was up against.

Tales from the Trenches: Vol 6 — Barely-Passive Aggressive

While working with a global reach chip manufacturer, a new member was added to those who helped manage RedSeal. As we were reviewing some of the RedSeal findings and giving him a tour of the capabilities of the deployment, it was pretty obvious he was neither impressed nor entertained. With his history of designing, building, and managing the network; he was almost offended that some product could tell him ANYTHING that he didn’t already know about his network.

Microsoft Releases Fixes for 4 Zero Day Exchange Server Vulnerabilities

Multiple news sources, security researchers and security agencies have reported on a new attack against tens, if not hundreds, of thousands of Internet accessible Exchange servers configured for Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Outlook Web App (OWA) access. These attacks are being carried out by the China nation/state sponsored hacking group known as Hafnium.