As numerous breach incidents have emphasized, the inability of organizations to properly configure existing defenses remains arguably their most significant network security challenge.
With the Target breach standing as perhaps the best example – as attackers subsequently infiltrated the retailer’s point-of-sale data after gaining access to other areas of the network – the problem has been reinforced in a number of high-profile incidents.
This week, noteworthy vulnerability researcher H.D. Moore, perhaps best known as founder of the Metasploit pen testing platform, brought even greater attention to this issue, releasing new findings regarding a previously unreported firewall configuration issue that could expose many organizations to potential compromise.
The research, which affects organizations using devices made by Palo Alto Networks, a leader in the space, further highlights the fact that it is the challenge practitioners face in properly configuring such defenses – not vulnerabilities in those products – that remains so pervasive and troublesome.
As first detailed by Moore in a blog post and reported in news outlets including the U.K.-based Register, the issue involves misconfigured user identities set up for Palo Alto Networks firewalls that “leak” information onto the Web, exposing underlying services.