Let’s start with your takeaway from this story.
You need to include your network infrastructure/hardware in your cyber security plan and updating. Check with your IT and/or Cyber Security Support that this is being done.
(Our team has just completed a complete Wi-Fi infrastructure upgrade for a complex site that took two people a day and disrupted the operation of the site – but it had to be done. There was a flaw in the firmware which could be exploited – it cannot be compromised now. Until next time!)
Fortinet issued a patch for a flaw in their firewall firmware last month – and promoted it through all the usual channels. I expect registered sysadmins also got emails. But on scanning the net for vulnerable firewalls researchers discovered over 340,000 unpatched units.
340,000+ Fortinet firewalls wide open to flaw – report • The Register
So you ask what does that mean?
It means that thousands of organisations have an entry in their cyber security plan, that says their network and assets are protected by Fortinet firewalls – but this is not true.
Clive Catton MSc (Cyber Security) – by-line and other articles
