Return to list of client alerts

Not a Good Time for Firewall Vendors

Sophos announced that thousands of firewalls exposed to the Internet are vulnerable to a remote code execution (RCE) attack that would allow an attacker, using a specially targeted attack, to execute arbitrary code. They announced the bugs in September and fixed them in December. Note that this is only a problem if you allow access to the admin panel from the Internet side, which many companies do. Credit: Bleeping Computer

Cisco announced that there are critical authentication bypass bugs in a number of their small business routers that have reached end of life, meaning that Cisco is not going to patch them and hackers are going to attack them. The bugs allow hackers to take full control of the device and run arbitrary code. They also said that proof of concept code is now available and there are no workarounds. Cisco says that even though these routers are end of life, there are still a lot of them in service. Credit: Dark Reading

Fortinet says that they just patched a high severity bug that allows a remote, unauthenticated hacker to execute arbitrary code. While they said the attacks against this were targeted, they also said they saw attacks in the wild and now that it is getting more press, the attacks will likely be more widespread. Credit: Security Week

So what does all of this mean?

• Inventory your network hardware. What you don’t know you have will become a problem
• Patch your routers and firewalls. We remember to patch workstations and laptops, but forget about the network.
• End of life means stop using it. It doesn’t mean “it seems to be working, so we will just ignore that”. Do you even know what pieces of your network hardware are end of life?
• Some vendors won’t give you security patches if you don’t have some form of maintenance agreement. You may have to buy one or replace the hardware.
• If you can find network hardware that just patches itself, buy it. It will save you pain. If it is automatic, you don’t have to worry about it.
• Don’t assume you can ignore this advice. That only works for ostriches.
• And finally, don’t make your firewall admin access public to the entire world. Hackers love banging on these interfaces just to see if they can get lucky.

ONE LAST THOUGHT. DON’T FORGET ABOUT THAT OTHER PART OF YOUR NETWORK – THE ROUTERS AND FIREWALLS AT YOUR REMOTE WORKERS’ HOMES. THAT IS LIKELY THE EASIEST WAY INTO YOUR NETWORK AND HACKERS KNOW THAT. One thing that is likely sure. Your employee’s home ISP is probably a lot less security sensitive than you are and likely never patches their routers. There are exceptions, but, they are exceptions.

As always, if you need help, please contact us.