This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How was the SQL injection done? We blocked off admin login

We have the admin login only allowing logins from our HQ (IP limited). Yet, they have all been compromised?



This thread was automatically locked due to age.
Parents Reply
  • Hi Alda,

    alda said:

    Isn't it a best practice firewall policy, in the recommended settings everything is forbidden and the necessary functions are activated by the administrator as needed?

    Sarcasm....

    YES - completely agree, I would never buy a big house, not knowing which doors where setup, with no locks :-(

    Now it's like, when you get a new XG device, there is an important note in the box with this link:

    https://nmap.org/book/port-scanning-tutorial.html

    #sarcasm 

    Frustrated and disappointed right now, we stopped selling new fw with UTM and then XG, now customers come to hunt us down. It's been ad very bad year for Sophos with network devices, first broken RED's, CVE's and a multi-bug firewall's...management have forced me to look others ways like Fortinet. A FW need s to be reliable!

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Architect

Children
No Data