1. About This Report
1.1.
Organisation
1.2.
Conventions
2. Security Audit
2.1.
Introduction
2.2.
Access Rules
2.3.
Conclusions
3. Device Configuration
3.1.
Introduction
3.2.
General
3.3.
Firewall Filtering
3.4.
Service Definitions
4. Appendix
4.1.
Abbreviations
4.2.
Common Ports
4.3.
Logging Severity Levels
4.4.
Time Zones
4.5.
Nipper Details
1. About This Report
This SonicWall Firewall 00401012AED9 report was produced by Nipper on Wednesday 2 April 2008. The report contains the following sections:
- a security audit report section that details any identified security-related issues. Each security issue includes a description of the issue, its impact, how easy it would be to exploit and a recommendation. The recommendations include, where appropriate, the command(s) to resolve the issue;
- a configuration report section that details the configuration settings;
- an abbreviations appendix section that expands any abbreviations used within the report;
- a common ports appendix section that details the TCP and UDP port numbers for the common services outlined within the report;
- an appendix section detailing the logging severity levels used by the logging facility;
- a time zones appendix section that details a number of the most commonly used time zones;
- an appendix section detailing the software used to produce this report.
This report makes use of the text conventions outlined in Table 1.
Table 1: Report text conventions
| Convention |
Description |
command | This text style represents the SonicWall Firewall command text that has to be entered literally. |
string | This text style represents the SonicWall Firewall command text that the you have to enter. |
[ ] | Used to enclose a SonicWall Firewall command option. |
{ } | Used to enclose a SonicWall Firewall command requirement. |
| | Divides command option or requirement choices. |
Nipper performed a security audit of the SonicWall Firewall 00401012AED9 on Wednesday 2 April 2008. This section details the findings of the security audit together with the impact and recommendations.
Observation: SonicWall Firewall access rules are sequential lists of allow, deny and discard rules that specify whether network traffic should be allowed or dropped. Both the deny and discard actions block the traffic that matches the rule, but a deny will notify the sender that the packet was blocked. Access rules are used to restrict access to services and network devices, preventing access to services and devices that should not be accessible.
Nipper identified six security-related issues with the configured access rules, these are listed in Table 2.
Table 2: Insecure access rules
| From |
To |
Rule |
Description |
| 0 | 0 | 1 | Allows access from any source to 192.168.0.66. |
| 0 | 0 | 2 | Allows access from any source to 192.168.0.66. |
| 2 | 1 | 1 | Allows access from any source to any address. |
| 1 | 2 | 1 | Responds to denied network access. |
| 0 | 3 | 1 | Allows access from any source to any address. |
| 3 | 0 | 1 | Responds to denied network access. |
Impact: If access rules are not sufficiently restrictive, an attacker may be able to access services or network devices that should not be accessible. Furthermore, an attacker who had compromised a device could install a backdoor which could listen on a network port that was not filtered.
Ease: N/A
Recommendation: Nipper recommends that the access rules be reviewed and, where possible, modified to ensure that:
- access rules do not allow access from any source;
- access rules do not allow access from entire source networks;
- access rules do not allow access to any destination;
- access rules do not allow access to entire destination networks;
- access rules do not allow access to any destination port;
- disabled access rules are removed;
- access rules should not deny packets.
However, in certain circumstances, such as a public web server, a more relaxed configuration may be required to allow any host to access specific hosts and services.
Nipper performed a security audit of the SonicWall Firewall device 00401012AED9 on Wednesday 2 April 2008 and identified one security-related issue. Nipper determined that:
- insecure access rules were configured.
This section details the configuration settings of the SonicWall Firewall device 00401012AED9.
Table 3: General device settings
| Description |
Setting |
| Firewall Name | 00401012AED9 |
| Serial No. | 00401012AED9 |
| IP Address | 192.168.0.66 |
| IP Network Mask | 255.255.255.0 |
Table 4: From 0 to 0 access rules
| Rule |
Enabled |
Action |
Source |
Destination |
Service |
Fragments |
| 1 | Yes | Allow | Any | 192.168.0.66 | HTTPS Management | No |
| 2 | Yes | Allow | Any | 192.168.0.66 | HTTP Management | No |
Table 5: From 2 to 1 access rules
| Rule |
Enabled |
Action |
Source |
Destination |
Service |
Fragments |
| 1 | Yes | Allow | Any | Any | Any | No |
Table 6: From 1 to 2 access rules
| Rule |
Enabled |
Action |
Source |
Destination |
Service |
Fragments |
| 1 | Yes | Deny | Any | Any | Any | No |
Table 7: From 0 to 3 access rules
| Rule |
Enabled |
Action |
Source |
Destination |
Service |
Fragments |
| 1 | Yes | Allow | Any | Any | Any | No |
Table 8: From 3 to 0 access rules
| Rule |
Enabled |
Action |
Source |
Destination |
Service |
Fragments |
| 1 | Yes | Deny | Any | Any | Any | No |
Table 9: Service definitions
| ID |
Name |
Port(s) |
IP Type |
| 0 | Any | 1 - 65535 | Any |
| 1 | Web (HTTP) | 80 | TCP |
| 2 | File Transfer (FTP) | 21 | TCP |
| 3 | Send Email (SMTP) | 25 | TCP |
| 4 | Retrieve Email (POP3) | 110 | TCP |
| 5 | Name Service (DNS) | 53 | UDP |
| 6 | Name Service (DNS) | 53 | TCP |
| 7 | News (NNTP) | 119 | TCP |
| 8 | Ping | 8 | ICMP |
| 9 | Ping | 0 | ICMP |
| 10 | Key Exchange (IKE) | 500 | UDP |
| 11 | HTTPS Management | 443 | TCP |
| 12 | HTTP Management | 80 | TCP |
| ICMP | Internet Control Message Protocol |
| TCP | Transmission Control Protocol |
| UDP | User Datagram Protocol |
Table 10: Logging message severity levels
| Level |
Level Name |
Description |
| 0 | Emergencies | System is unstable |
| 1 | Alerts | Immediate action is required |
| 2 | Critical | Critical conditions |
| 3 | Errors | Error conditions |
| 4 | Warnings | Warning conditions |
| 5 | Notifications | Significant conditions |
| 6 | Informational | Informational messages |
| 7 | Debugging | Debugging messages |
Table 11: Common time zone acronyms
| Region |
Acronym |
Time Zone |
UTC Offset |
| Australia | CST | Central Standard Time | +9.5 hours |
| Australia | EST | Eastern Standard/Summer Time | +10 hours |
| Australia | WST | Western Standard Time | +8 hours |
| Europe | BST | British Summer Time | +1 hour |
| Europe | CEST | Central Europe Summer Time | +2 hours |
| Europe | CET | Central Europe Time | +1 hour |
| Europe | EEST | Eastern Europe Summer Time | +3 hours |
| Europe | EST | Eastern Europe Time | +2 hours |
| Europe | GMT | Greenwich Mean Time | |
| Europe | IST | Irish Summer Time | +1 hour |
| Europe | MSK | Moscow Time | +3 hours |
| Europe | WEST | Western Europe Summer Time | +1 hour |
| Europe | WET | Western Europe Time | +1 hour |
| USA and Canada | ADT | Atlantic Daylight Time | -3 hours |
| USA and Canada | AKDT | Alaska Standard Daylight Saving Time | -8 hours |
| USA and Canada | AKST | Alaska Standard Time | -9 hours |
| USA and Canada | AST | Atlantic Standard Time | -4 hours |
| USA and Canada | CDT | Central Daylight Saving Time | -5 hours |
| USA and Canada | CST | Central Standard Time | -6 hours |
| USA and Canada | EDT | Eastern Daylight Time | -4 hours |
| USA and Canada | EST | Eastern Standard Time | -5 hours |
| USA and Canada | HST | Hawaiian Standard Time | -10 hours |
| USA and Canada | MDT | Mountain Daylight Time | -6 hours |
| USA and Canada | MST | Mountain Standard Time | -7 hours |
| USA and Canada | PDT | Pacific Daylight Time | -7 hours |
| USA and Canada | PST | Pacific Standard Time | -3 hours |
This report was generated using Nipper version 0.11.5. Nipper is an Open Source tool designed to assist security professionals and network system administrators securely configure network infrastructure devices. The latest version of Nipper can be found at the following URL:
http://nipper.sourceforge.net.