ITC Security Threat of the Week – Week 7: Security appliances riddled with serious vulnerabilities

There is an assumption that when we purchase security systems, such as firewalls, remote access servers and web gateways, that what we are paying for is a programme that will provide comprehensive protection from the threat of hackers, cyber criminals and other web ne’er do wells. However, a speech by penetration tester Ben Williams at the Black Hat Europe 2013 security conference in Amsterdam this month has thrown considerable doubt on whether this is really the case.

In his talk, ‘Ironic Exploitation of Security Products,’ Williams exposed some serious vulnerabilities in security products from very well known names such as Symantec, McAfee and Citrix. He highlighted that most of these security appliances are run on badly maintained Linux systems, rather than the ‘hardened’ Linux that many vendors claim, and he found that more than 80% of the products he tested had serious issues that were easy to uncover, mostly in the web based user interfaces. In particular, Williams found that the Linux systems were outdated, with no integrity checking or SELinux or AppArmour kernel security, and that most were writeable and executable file systems.

The result of these issues was that there was little protection against brute force password cracking and thanks to cross-site scripting issues sessions could be hijacked. This would potentially leave authenticated administrators open to the threat of being deceived into visiting malicious websites, opening up the opportunity for attackers to access administrative operations. Williams found that a large percentage of these security applications left exposed information, such as the model and version, which could be accessed by attackers and would highlight a vulnerable appliance, as well as allowing privilege escalation and command injection.

In addition to highlighting vulnerabilities in security products, Williams also pointed out that the situation with non-security products is probably far more serious. Whilst he dismissed the possibility of such flaws opening up the possibility of a mass attack, he did highlight that they would make vulnerable those companies using them if a third party decided to launch a targeted attack.

For those worried about vulnerabilities with their security purchases, the advice is to update products to the latest versions as soon as required. These issues are another example of the kinds of IT security risks that make SIEM solutions, Intrusion Prevention systems and next generation firewalls a must have in today`s computing world. ITC offer a selection of vulnerability management solutions that can help you and your organisation to detect and mitigate possible vulnerabilities, including Palo Alto Threat Prevention, HP ArcSight SIEM, Cisco and Checkpoint IPS and QualysGuard Vulnerability Scanner. To learn more about ITC Secure Networking and the services we offer, please visit our website.