Reflare Weekly Security Briefing 2016-03 - Vendor Security Breaches
Most companies rely on their security vendors implicitly. However, we are seeing more unreliable security defenses in vendors who we are supposed to trust to protect our data. This week saw two vulnerabilities in systems that were meant to keep data secure.
OpenSSH is an implementation of the secured SSH connection protocol used by most administrators to securely connect to their servers. It is widely trusted as the preferred way to remotely manage servers. OpenSSH was found to have a critical bug that allowed a server administrator to take a copy of a userâ€™s private key and expose it for future use.
To illustrate what makes this exploit dangerous, consider a house with a locked door. The house represents the server, and the lock represents OpenSSH. Your private key unlocks each house that you own, so you would use this key to open several doors. When you authenticate to a server, it should only verify that you are authenticated. It should never take a copy of your key, because this now gives anyone who controls that server access to other servers you own. Using the house and lock metaphor, opening the door to one house would allow an attacker to take a copy of your key and open the doors to other houses you own.
Unfortunately, there is no patch if your private key is already exposed. You should patch your system, but recreate private keys to ensure that hackers can no longer use them.
Shortly after Juniperâ€™s backdoor revelation, Fortinetâ€™s FortiOS firewall system was also shown to have a backdoor that allowed remote authentication into servers using a hard-coded password. It is unknown if this backdoor was maliciously added to the firewallâ€™s code, or if it was a critical error made by the softwareâ€™s engineers. Whatever the reason, it is imperative that any client with FortiOS versions 4.3 to 5.0.7 patch their systems immediately.
Both of these security bulletins illustrate how critical it is for companies to create several layers of protection. It also shows current trends in backdoor activity even from trusted vendors. If your system has only one line of defense, current trends in security vulnerabilities call for added layers of protection to ensure reliability and defense against current threats.