Dear forumers, I would like to seek your opinion whether it is exploitable using kali linux to window machine behind OPNSense firewall.
Because I saw a lot of youtubers show that how easy to exploit MS Window OS.
I know that OPNSENSE is a L3 firewall and have Sensei armor as well.
Please voice out your opinion.
It does not really matter, which firewall are we talking about IMO. Are you exposing Windows servers publically to the internet without any source acl firewall rules, or web application proxy, vpn etc?
If some threat actor can get access inside the network, there are some many ways to exploit servers. In a production network you should separate servers into separate vlan, put some propers rules in place.
Of course, windows is very exploitable in general. This is not news. The issue is how you protect it. Your internal machines should never be reachable from the internet. That's something any firewall can accomplish, when properly configured, including opnsense, like codera said. You need to set up the correct rules to prevent inbound connections and avoid using technologies that bypass them like port forwarding, pinholes, upnp, cloud based remote access, etc.
Let me repharse my questions again.
I have OPNSense firewall who protect the MS Window OS. No upnp, open port to SSH. Does it secure in this sense?
If the SSH implementation on your Windows OS is safe and properly configured, and you are using public key authentication, yes it is safe.
Any service you expose to the internet needs to be safe, a firewall can only accept or deny access to that service. Higher OSI Layer features that intercept traffic to apply virtual patches (WAF) or just drop traffic they find suspicious (DPI or IDS/IPS) can only mitigate risks.
The exposed application needs to be hard to exploit and always patched up to date.
I don't believe SSH implementation. There is back door created by....
Quote from: peterwkc on January 16, 2024, 09:32:26 AM
I don't believe SSH implementation. There is back door created by....
Then do not open SSH to the Internet.
How to do pen test against the OPNSense firewall using Kali Linux? Any direction/guide should be good..
If you don't open any ports on WAN there isn't much to test ... closed is closed.