Battle of the Week - The Importance of Firewalls
The Battleground:
The infrastructure of a rural county that has the public works offices such as police department, library, and fire department which is all interconnected.
The Presumption:
If an external malicious IP is trying to establish a connection to an internal host, the firewall is responsible for stopping the connection.
The Discovery:
One of the members of the NSOC was doing some threat hunting and found a known reported malicious external IP connecting to an internal host. The IP found was connecting to the internal host via SMTP using an executable file.
Our Solution:
The customer was notified, and they added a firewall rule to prevent this from occurring again.
Lessons Learned:
Just because the port is a known protocol doesn’t mean that it can’t be exploited and cause a breach in a network.