News By Tag
News By Place
Calyptix Reports Impact of Russian Cyber Attack on AccessEnforcer® UTM Firewall
By: Calyptix Security Corp
The Russian attack aims to exploit network infrastructure devices – including routers, switches, and firewalls – at businesses and governments worldwide, according to technical alert TA18-106A, published last week by the U.S. Department of Homeland Security (DHS), the U.S. Federal Bureau of Investigation (FBI), and the U.K. National Cyber Security Centre (NCSC).
The attack methods described affect devices with one or more of the following services enabled: Cisco Smart Install (SMI), Generic Routing Encapsulation (GRE), and Simple Network Management Protocol (SNMP).
"The most significant attacks described in the alert – those that leverage SMI – do not apply to AccessEnforcer,"
The technical report from Calyptix, Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall (https://www.calyptix.com/
In the report, Calyptix notes AccessEnforcer does not support SMI or GRE tunneling and provides only a limited SNMP service.
The SNMP agent (version 2) in AccessEnforcer is disabled by default. Once enabled, it makes available AccessEnforcer system data to SNMP monitoring tools. The agent is read-only and cannot initiate management actions or configuration changes, according to the Calyptix report.
"SNMP agents should never be enabled on a public WAN or other untrusted network. Also, SNMP community strings should follow best practices for password complexity,"
Authorities attribute the cyber attack to Russian state-sponsored actors and say they are targeting government organizations, private sector organizations, critical infrastructure providers, and internet service providers (ISPs). Attackers typically establish a man-in-the-middle position after compromising a device, allowing them to extract or modify device configurations, create GRE tunnels, or redirect network traffic.
For more information on the Russian cyber attack and the impact on AccessEnforcer, click the link above to download your free copy of the report.
About Calyptix Security
Calyptix Security (https://www.calyptix.com) is dedicated to helping small and medium-size businesses secure their networks so they can raise profits, protect investments, and control technology. The company's flagship product, AccessEnforcer UTM Firewall, makes it easy to protect SMB networks so companies can forget about network security and focus on winning. Developed, built, and serviced in the U.S., AccessEnforcer is a flexible solution for MSPs and VARs to provide security that fits their needs and business models.