Firewall for Lan network configuration? Security.So I figured that I would check for and gather other suggestions. They are only testing outbound to a Public Facing VM they have setup with a Hosting Partner somewhere and as long as they can get the ping out, they are counting that as a Critical Problem. So I am just thinking of the best way to try and resolve this. I could deny their traffic via the Local Host File or DNS, but they review these entries during the audit and they would call foul, so unfortunately, I am in between a rock and a hard place. So there is basically no give and take with the Auditing Firm. I have the Firewall Blocks in place and more than sufficient monitoring with Elastic and Vulnerability Scans. So my problem is that when the finalized report is under the next Exam via the FDIC, then this will reflect a Critical Item that is technically a false positive in my view. In there findings, they are recording this as a Critical Item under General Controls because their scripts are showing the Ports as Accessible via ICMP even though the Firewall is effectively blocking traffic on the various ports via TCP or UDP and Nmap confirms the Ports are Closed.
0 Comments
Leave a Reply. |