This Content Component encountered an error

I understand there recently was a Barracuda vulnerability in which the network devices had back doors that were vulnerable to attack. What do these back doors expose on the network, and what can we do to secure them?

Ask the Expert!

Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

According to Barracuda Networks, the affected appliances were Barracuda Spam & Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda SSL VPN, Barracuda Web Application Firewall version 7.6.4 and earlier, and CudaTel.

In a nutshell, Barracuda enabled remote management functionality on those devices as a way of providing support to customers. When a security administrator at Company X runs into problems with his or her device, the admin simply places a call to Barracuda's support desk, and the technician can access the device over the Internet. This is fairly standard practice in the world of IT, right? Microsoft, Cisco and all of the other big boys do business this way all of the time. However, security researchers discovered that attackers could potentially gain access to some of the preconfigured management accounts by bypassing the preconfigured access control lists, giving them full access to the device. What was most disturbing is that Barracuda specializes in firewalls, so one would think that the vendor would have a better handle on the importance of allowing undocumented administrator accounts in its products.

In response to this vulnerability, Barracuda released a series of security definitions that helped to lock down the vulnerable devices better. The company also issued an apology for hardcoding back-door access into its products. As a security best practice, Barracuda recommends that end users place their Barracuda network device behind another firewall that places heavy restrictions on who and what can access the management side of the affected devices, which is something that I wholeheartedly agree with.

This was first published in July 2013
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close