In a Black Hat webcast last week, Ben Williams, consultant with NCC Group, detailed his investigation into security devices. Williams found that many of the network security gateway devices he tested had security shortcomings that could potentially enable an attacker to perform all manner of malicious activities on a vulnerable network.
“The ironic thing about these vulnerabilities is that they are well known types of issues and misconfigurations,” Williams said. “There is an implicit trust with security appliances and people think they have been hardened, but that’s not always the case.”
Simply Insecure
Williams said many security appliances are simply poorly configured and maintained Linux systems with insecure Web applications. He found vulnerabilities in four out of five security gateway products from major vendors including Sophos, Trend Micro, Citrix and Symantec. Those vulnerabilities have all since been responsibly disclosed to the relevant vendors.
Read the full story at eSecurity Planet:
Exploiting Security Devices? Oh, the Irony
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.