I understand there recently was a Barracuda vulnerability in which the network devices had back doors that were vulnerable to attack. What do these back doors expose on the network, and what can we do to secure them?
Ask the Expert!
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
According to Barracuda Networks, the affected appliances were Barracuda Spam & Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda SSL VPN, Barracuda Web Application Firewall version 7.6.4 and earlier, and CudaTel.
In a nutshell, Barracuda enabled remote management functionality on those devices as a way of providing support to customers. When a security administrator at Company X runs into problems with his or her device, the admin simply places a call to Barracuda's support desk, and the technician can access the device over the Internet. This is fairly standard practice in the world of IT, right? Microsoft, Cisco and all of the other big boys do business this way all of the time. However, security researchers discovered that attackers could potentially gain access to some of the preconfigured management accounts by bypassing the preconfigured access control lists, giving them full access to the device. What was most disturbing is that Barracuda specializes in firewalls, so one would think that the vendor would have a better handle on the importance of allowing undocumented administrator accounts in its products.
In response to this vulnerability, Barracuda released a series of security definitions that helped to lock down the vulnerable devices better. The company also issued an apology for hardcoding back-door access into its products. As a security best practice, Barracuda recommends that end users place their Barracuda network device behind another firewall that places heavy restrictions on who and what can access the management side of the affected devices, which is something that I wholeheartedly agree with.
This was first published in July 2013