Security infrastructure technologies, like firewalls, antivirus apps and management consoles, do a lot to keep hackers off of corporate networks — but they also open up their own holes for attackers.
Those tools are just as prone to vulnerabilities as other types of software, said the security experts at SecureWorks in a presentation at the recent Black Hat security conference in Las Vegas. And they could cause even more serious problems, because of the level of network access those tools are given.
The presenters gave examples of real-world security holes they discovered, including
- an ACL bypass vulnerability in Cisco’s Adaptive Security Appliance firewall
- a problem in Cisco’s Adaptive Security Device Manager that can allow a Cross-site Request forgery, and
- a Cross-site Scripting vulnerability in the web-based interface of McAfee’s Network Security Manager.
The lesson? Security tools shouldn’t be trusted just because they’re security tools. Hackers could have a lot to gain by finding and exploiting vulnerabilities in this type of software.
To help keep your network safe, SecureWorks recommends:
- Include security infrastructure in the scope of your penetration testing
- Monitor device behavior
- Reduce the chances of attack by disabling unnecessary features
- When possible, test the security of tools before you buy them and factor security into buying decisions, and
- Review security advisories closely and patch immediately, as you would with any other software.