🐿️
3

Just realized our firewall rules were 3 years out of date after a vendor call

I was on a call with our managed security provider last Tuesday and they casually asked when we last audited our ACLs. I said probably a few months ago, but when I actually checked the logs it had been over 3 years since anyone touched them. The vendor pointed out we still had a rule allowing RDP from any source IP to a server that got decommissioned in 2021. That hit different because I always assumed the senior guy before me had it all locked down tight. Now I'm digging through every rule one by one and finding stuff like old VPN access for contractors who left the company years ago. Has anyone else found ancient rules like that still sitting in their firewall config?
2 comments

Log in to join the discussion

Log In
2 Comments
jones.grace
Gasped out loud when I read that part about the decommissioned server from 2021. That's the kind of thing that keeps me up at night honestly. Three years of that rule just sitting there like a welcome mat for anyone who scans for open RDP ports. I found a similar one once where someone left a rule for a specific IP range that turned out to belong to an old office building we moved out of in 2019. The scariest part is how easy it is for these things to just sit there because nobody questions the "it's always been that way" mentality. You're probably going to find more skeletons in that config too, like old bypass rules for testing that never got cleaned up.
8
gray_gibson
Push back a little here @jones.grace - finding old rules isn't always a disaster, sometimes it just means nothing bad happened because nobody scanned for that open port. A decommissioned server with RDP open is definitely not great, but the real risk depends on whether that server was actually accessible from the internet or just internal traffic. Three years of untouched rules is more of a process problem than a security crisis, and you're fixing it now anyway.
1