DNC – What does “dropped the firewall” even mean?

In a CNN article that discusses Sander’s access to the Clinton campaign information, I found the following statement–

The breach occurred when the vendor, NGP VAN, which supplies access to the database of voter information for both campaigns dropped the firewall, and at least one Sanders campaign staffer accessed Clinton campaign voter data. The accused staffer, Josh Uretsky, Sanders’ national data director, was fired from the campaign.

I have to ask, what does that even mean? So NGP VAN is using a firewall to isolate data between candidates? Are there no controls in the application? And what does it mean to drop a firewall? 

I have to assume that this would indicate a “permit any” or maybe some other bypass. I’d love to know the technical details around this situation.

Firewalls aren’t magical boxes and this is a “dumbed down” if not inaccurate response.

I’d love to hear from you, so share your experiences by commenting below.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Other. Bookmark the permalink.

5 Responses to DNC – What does “dropped the firewall” even mean?

  1. Craig Rouse says:

    It’s political speak. Much like using a towel to wipe an email server ;-).

  2. Craig Rouse says:

    I cringe most everytime I hear a politician talk about technology and Internet. If they are that ignorant and obtuse on all matters tech what else don’t they know but feel obligated and qualified to legislate on.

  3. Arne says:

    not all firewalls are for network traffic

    • Arne,

      You are speaking to my heart with that comment. I couldn’t agree more and would even say that the most useful firewalls are not the L3/L4 firewalls that are the bare necessities we have all been installing for years. I would say NGFW/NGIPS, WAFs and load balancers qualify for that definition. Also there are likely robust tools that function as firewalls between execution processes, etc. However I still say that if you cannot (or do not) define logic in the application, someone far less familiar with the operation and testing would likely be doing it elsewhere. I just think it is illogical to say that this is because the firewall was dropped.

      I’m really curious to the technical details around “dropped the firewall” and how it lead to the exposure.

Comments are closed.