When IT departments work at securing their environment, they set about installing firewalls, implementing email gateways and web filtering, securing their computers and servers, and some go the extra distance to secure their networking equipment, such as routers and switches. At the end, they feel pretty secure, but there may be a threat hidden in the very products that they hope may protect them – the security appliances.
A recent report by NCC Group found that many security appliances such as email gateways, firewalls, web content filters, terminal services, unified threat management (UTM) systems and other appliances were filled with vulnerabilities.
The report highlighted products from Sophos, Citrix, Pfsense, Symantec and Trend Micro showing that many had vulnerabilities such as:
- Cross-Site Scripting (XSS)
- SSH or WebUI susceptible to brute-force attacks
- Unpatched operating systems
- Privilege Escalation
- Command-Injection via the WebUI
Many users may feel that because these are security appliances that they must be inherently secure, but the report clearly shows that this is not the case.
Security appliances are not just a cause of concern, many other services now come in an appliance form-factor. Services such as IP Telephony PBXs, environmental management and network management come as appliances that you just drop and configure within your network. Also consider the many network devices that have mini operating systems within them such as environmental monitors, network printers or security systems. All of these are applications that need to be managed and secured.
While the risk that those vulnerabilities may be exploited by outside attackers may be small, simply because an appliance or device is not directly connected to the Internet does not mean that it is not at risk and that you should not make all attempts to secure it. Attacks can originate from the inside of the network, or in the case where a user PC may be compromised, allow a way for the attacker to gain even more control of your network.
To reduce the risks of these appliances and devices consider implementing the following:
- Change the non-default usernames and passwords on all appliances and devices. Use a strong password.
- Avoid exposing the management interfaces of these appliances and devices to the internet or other unprotected networks.
- Consider placing the management interfaces in a protected network behind a firewall within your internal network.
- Keep the operating systems and firmware of the appliances and devices updated.
- Ensure that logging is enabled on all the devices, and if possible, set up alerts to be sent for any login attempt.
- Disable unnecessary or insecure services on appliances such as telnet, http and ftp. Use encrypted protocols such as SSH, SFTP and HTTPS.
Here’s to a more secure future.