this post was submitted on 04 Jan 2025
116 points (100.0% liked)

Cybersecurity - Memes

2050 readers
110 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
CannaVet@lemmy.world
Alphadef@programming.dev
116
Firewall vendors in 2024 (feddit.org)
submitted 1 week ago* (last edited 1 week ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world
17 comments fedilink hide all child comments
 

Fortinet, Palo, Checkpoint, Cisco, Sonicwall ... is there any big firewall vendor that didn't have any critical vulnerabilities last year?

top 17 comments
sorted by: hot top controversial new old
[–] fruitycoder@sh.itjust.works 2 points 5 days ago (1 children)

Did nftables or ebpf have any critical zero days last year?

[–] cron@feddit.org 4 points 5 days ago

AFAIK not. This meme is targeted at commercial firewall appliances, that often have VPN/IPS/authentication and many other features that are exploited regularly.

[–] M33@lemmy.sdf.org 31 points 1 week ago (3 children)

Obsolete binaries not updated for years, hardcoded secrets… this is what you get in firewalls like any other piece of black box equipment.

[–] MajorHavoc@programming.dev 6 points 6 days ago

Yep. Closed source is for the software that no one would ever buy if they could read it.

[–] lennivelkant@discuss.tchncs.de 21 points 1 week ago (1 children)

Security by obscurity may work in delaying exploits, but once someone breaks the obscurity, they have a headstart on exploiting it over those hoping to fix it.

[–] cron@feddit.org 15 points 1 week ago (1 children)

Security by old software, or how I call it: the ivanti approach

[–] lennivelkant@discuss.tchncs.de 11 points 1 week ago

That makes me nervous, but I'm not allowed to tell you why

[–] cron@feddit.org 7 points 1 week ago (1 children)

And every service runs as root. This enables the CRL webserver to download /etc/shadow ...

[–] M33@lemmy.sdf.org 5 points 1 week ago

Or user sessions persist on the filesystem so a glitch on the captive portal’s web server allow you to get clear text username and password for currently connected vpn sessions …

[–] kolorafa@lemmy.world 15 points 1 week ago (4 children)

Mikrotik & pfSense?

[–] cron@feddit.org 5 points 1 week ago

sounds correct

[–] osaerisxero@kbin.melroy.org 4 points 1 week ago (1 children)

pfsense technically shared the ssh server one i thought

[–] deltapi@lemmy.world 1 points 1 week ago (1 children)

The last time I installed pfsense Ssh was disabled by default.

[–] osaerisxero@kbin.melroy.org 3 points 1 week ago

It is, but it's also the first thing I turn on when I install a new one.

[–] pearsaltchocolatebar 2 points 1 week ago

Makes me glad I went with MikroTik for my home network.

[–] CodeHead@lemmy.world 2 points 1 week ago

firewalla?

[–] slazer2au@lemmy.world 5 points 1 week ago

No. And if there are any that say they didn't I don't believe them.