Linewize Users heads Up
41 views
Skip to first unread message
Kevin Whelan
Dec 5, 2017, 5:33:32 PM12/5/17
to Techies for schools
Ive just discovered as part of some random changes, goning through our existing web content and filtering rules, discovered that some of our existing rules have actually been broken through one of their various software updates.
A rule "unfiltered machine group" that allowed some servers and admin ip-addresses unfiltered access to the internet had been applied to an object of a specific Ip range.
The rule has existed for some years and has been completely untouched.
The ip range object still existed but had been unlinked from the filtering rule basically the filtering except was wide open instead of only appying to a specific group. Thereby allowing all of network to have complete unfiltered access.
It was first suggested that I must have removed it accidentily then there was some recent firewall rule changes but who knows how long this has been open in reality.
It would seem any rules applied to objects rather than user groups at some point of software updating have had their links broken.
I would suggest you check and recheck all your web content rules very carefully immediately.
A rule "unfiltered machine group" that allowed some servers and admin ip-addresses unfiltered access to the internet had been applied to an object of a specific Ip range.
The rule has existed for some years and has been completely untouched.
The ip range object still existed but had been unlinked from the filtering rule basically the filtering except was wide open instead of only appying to a specific group. Thereby allowing all of network to have complete unfiltered access.
It was first suggested that I must have removed it accidentily then there was some recent firewall rule changes but who knows how long this has been open in reality.
It would seem any rules applied to objects rather than user groups at some point of software updating have had their links broken.
I would suggest you check and recheck all your web content rules very carefully immediately.
Julian Davison
Dec 5, 2017, 5:35:49 PM12/5/17
to techies-f...@googlegroups.com
Ouch, that's not ideal.
Is it listed in the config changes history, or doesn't it go that far back?
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages