In our network office, the firewall device is used for both VPNs site to site, used to connect to different branch offices (Al Quoz, Al Khawaneej, Mosque) and remote access for employees needing to work remotely and access company resources. For VPN to work correctly, the firewall needs to be open for Internet access via its Public IP address.
The access was not secured, so other unwanted users can try to access it. Several login attempts started from last week were traced back from different China IP Addresses. We don’t have any vendors and services that are in China. Moreover, China has a history of hacking companies (Griffiths, 2019). From the firewall logs, multiple login attempts were made indicating a brute force attack – repeated efforts to crack the correct password.
Cyber Risk Involved:
Should the hacker successfully log in to the firewall, it would be problematic. This firewall is interconnected to all critical servers (ERP, File Server) and employee devices (mobile phones, laptops). He can inject malware to cause damage to a computer, server, client, or computer network. Also, he can compromise the corporate and employee devices to steal corporate data, deliver ransomware, and carry out DoS attacks – all of which can have devastating effects on an organization.
Now, we have enabled secure login features. Namely, trusted hosts (only trusted user system can log in as admin) and two-factor authentication ( requiring token number from an authorized mobile phone). I checked the firewall logs today and do not see any rogue IP addresses/users attempting to log in so far. We will monitor for some time, and if no issues will enable this feature on all other RAJGC firewalls as well. Also, it’s better to upgrade the firewall firmware and subscribe to active support. The firewall ensures that malicious traffic from compromised devices, applications, or websites that try to enter your network are detected and stopped.