Backup software is supposed to be a safety net, a form of digital data insurance for when things go wrong, but this year, the technology has become a favorite target of hackers.
The SANS 2005 Institute’s top 20 list of the most critical internet security vulnerabilities has placed backup software in the number one spot on the “Vulnerabilities in Cross-Platform Applications” listing.
The report mentions several popular backup products affected by vulnerabilities — and also lists steps that users can take to protect themselves, such as using vulnerability scanners to detect problems, updating products, firewalling affected ports, encrypting data and segregating backup networks.
At least one analyst isn’t surprised by the SANS ranking.
“Most hackers aren’t looking for intellectual challenges, they are looking for the easiest way to commit a crime,” said Jon Oltsik, senior analyst for information security at Enterprise Strategy Group. “Since storage security is notoriously weak, backup software that lives on a Windows server on an IP network is an easy mark.”
The SANS report lists Symantec’s Veritas NetBackup/Backup Exec, Storage Exec, Computer Associates BrightStor ARCServe, EMC Legato Networker, Sun StorEdge Enterprise Backup Software (formerly Solstice Backup Software), Arkeia Network Backup Software and BakBone Netvault Backup Software application as applications “known to be affected by vulnerabilities.”
Vendors appeared somewhat reluctant to discuss the report’s findings.
“We were aware of SANS’ findings,” a Symantec spokesperson said. “Symantec takes the security and proper functionality of its products very seriously. At Symantec, vulnerability management begins in product development, where Symantec uses a variety of secure coding methods and analysis tools for vulnerability reduction.”
The spokesperson declined to comment directly about whether the company has noticed more hackers targeting its backup products.
“In Symantec’s most recent edition of the Symantec Internet Security Threat Report released in September, there is a significant shift in the threat landscape,” the spokesperson commented. “Attackers are moving away from large, multi-purpose attacks on network perimeters and towards smaller, more focused attacks on client-side targets.”
A Computer Associates spokesperson agreed that SANS was correct in pointing out that backup software is a particularly important area of concern for enterprise customers.
“That’s why CA takes great pains to secure its own backup solutions and provide tools for managing vulnerabilities in third-party backup applications,” the spokesperson said.
The spokesperson said there are probably more hacker attempts targeting CA’s backup and recovery solutions, but added that could be because the numbers of hackers and attacks is growing in general.
“That’s a tough thing to measure objectively,” the spokesperson said. “What is clear is that the attacks are getting more sophisticated and are easier to replicate.”
It’s unclear whether the hacking of backup applications is occurring because of the value of the data or just because there have been reported vulnerabilities, but Oltsik, for one, thinks it’s all about the money.
“All the data I review says that security attacks for profit are growing rapidly,” Oltsik said. “The bad guys are simply using the backup software as a gateway to confidential data.”
Back To Enterprise Storage Forum