SSL VPN vulnerability of June 24th, 2021
All Replies
-
Denying WAN to Zywall source = All should stop any of the attacks right? no need to really change any ports? it looks like all services are tied to the WAN object by defaultChipConnJohn said:For my part, I haven’t been able to make sense of the vulnerability given what Zyxel is telling us. I have locked down WAN->Device allowing only IPs I specify to access. It hasn’t been too bad. I sent an email last week apologizing and directing users to a site that gives their wan ip and they email or text it to me and I add it to the device.
For the current models that support FQDN - I'm having my users create DDNS (lots of free ones out there), and they can manually update that FQDN if their ISP changes. Then on our end trust the FQDN. Optionally, if you pay for those DDNS services, add all of those FQDN as trust and you can update those when users change IPs, this way, won't have to keep adding more rules to the security policy.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
