After a recent network review, I noticed that on our firewall the underlying operating system is initiating direct connections to our antivirus vendor and Microsoft for signature updates and patches respectively. From a security perspective, is it a good practice to initiate automated updates from the firewall operating system and thereby communicating under the radar of the firewall application? What are the chances of the target vendor site being spoofed and the session initiated being hijacked to launch an attack on the underlying firewall OS?
There are several issues with your question that concern me.
First and foremost, critical systems such as firewalls and other critical networking devices should NEVER be updated in an automated fashion no matter the reason(s). Automatic patches from Microsoft concern me in that they are sometimes (most of the time) never tested by the vendor and cause issues when say the first version is released. I've seen networks come to a screeching halt due to issues such as these. Manual is always best for any server device. Desktops are cool in an automated fashion. It's a well known fact Microsoft doesn't have a good testing methodology for its releases or service packs. As for antivirus, although they do not have the same quality issue, the process should be controlled to ensure network connectivity is NOT impacted.
Spoofing and hijacked sessions are only minor concerned with my comments above. Although not as common today, I'm sure the future holds great promise in these types of situations, thus your comments are correct.
For more info on this topic, visit these SearchSecurity.com resources:
Dig Deeper on Information security policies, procedures and guidelines
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.