Risk R-004 - Exposure of internal services due to firewall misconfiguration
| Field | Value |
|---|---|
| Risk ID | R-004 |
| Asset | OPNsense Firewall (Platform – Owner: Sec) |
| Scenario | S-003 - Exploitation of firewall misconfiguration |
| Likelihood | 🟨 Medium - misconfigurations are common, especially after updates or manual rule changes |
| Impact | 🟥 High - unauthorized external access may allow compromise of sensitive internal services and lateral movement |
| Risk Level | 🟥 High |
| Owner | Sec |
| Last Review | 2026-03-08 |
| Next Review | 2026-09-08 |
Associated Controls:
- Review and enforce firewall rule set regularly.
- Apply principle of least privilege for all inbound/outbound traffic.
- Conduct firewall change management with peer review.
- Monitor and alert on anomalous traffic patterns.
- Implement network segmentation to contain potential lateral movement.
References:
- ISO 27001 - Control 5.1 Policies for information security.
- ISO 27001 - Control 8.20 Network security.
- ISO 27001 - Control 8.22 Segregation of networks.
- NIST CSF - PR.AC Identity Management, Authentication and Access Control.
- NIST CSF - PR.PT Protective Technology.
- NIST CSF - ID.AM Asset Management.
- EBIOS RM - Analysis of risks related to network exposure and misconfiguration.
Response Actions:
- Containment - Temporarily restrict exposed ports or quarantine affected subnet.
- Eradication - Correct misconfigured rules and remove any unauthorized access points.
- Recovery - Verify internal systems and restore secure connectivity.
- Post-incident - Review firewall change logs, update configuration standards, and conduct training if misconfiguration was human error.