Post on 21-Jan-2018
transcript
WHAT’S THE PROBLEM?
• Continous exploitation of American firewalls and security products
• Backdoors are built into all major manufacturer’s products
• But they have no “loyalty” to the US government
• Backdoors are stolen by nation states and cybercrime groups
• Anyone can exploit US backdoors & catastrophic when published
• SYNful Knock + hardcoded password activates
• Modular setup, customizable for exploitation needs
• Unrestricted access of American firewalls
BACKDOOR IN CISCO PRODUCTS
• Hardcoded password: <<< %s(un='%s') = %u works with any username
• Root access and passively decrypt VPN
• No way to know when the backdoor was used
BACKDOOR IN JUNIPER PRODUCTS
FIXING ONLY MAKES IT WORSE
• Recover the password in just 6 hours
• Countless exploitable devices are left without firmware updates (for good)
• Hardcoded, easily guessable password
• Full control of all Sonicwall devices managed by GMS
BACKDOOR IN SONICWALL PRODUCTS
• Hardcoded SSH password (FGTAbc11*xy+Qqz27)
• No logging when this root user accesses the Fortigate
BACKDOOR IN FORTINET PRODUCTS
THE BACKDOOR RISK
Backdoor inserted
• Built-in password or hidden activation
• Vulnerability by design
Exploit created
• Automates the backdoor for easy exploitation
• Only for the “good guys”
Exploit is stolen and/or sold
• Now the “bad guys” use it too
• Anyone who gets it can develop it further
Published and/or fixed
• The fix uncovers the backdoor
• Widely available for criminals, hackers, terrorists, …
• Many units are never updated
WHY BUY A BACKDOOR?
• Vulnerability by design is always a risk
• Developers must obey their local government’s and laws
• UK-USA (five eyes) vendors will always be affected
• Chinese vendors will always be affected
• European vendors?
• Single national ownership: possible backdoor
• Multinational ownership: security against vulnerability is the mutual interest
THE ONLY EU-CERTIFIED VENDOR
VendorBackdoor
uncoveredOrigin*
CC certified
NATOcertified
EU certified
Astaro [Sophos] - UK EAL4+ - -
Check Point - Israel EAL4+ Yes -
Cisco (ASA) Yes USA EAL4+ Yes -
Cyberoam [Sophos] - UK EAL4+ - -
Fortinet Yes USA EAL4+ - -
Juniper SSG Yes USA EAL2+ Yes -
Stormshield - France EAL4+ Yes Yes
Netgear Yes USA - - -
Palo Alto - USA EAL4+ Yes -
Stonesoft [McAfee] - USA EAL4+ - -
Sonicwall [Dell] Yes USA EAL4+ - -
Watchguard - USA EAL4+ - -
* Origin of the controllingowner of vendor
United Statesand allies interest
SECURE BY DESIGN
By trust
• Trustworthy vendor
• Independent background
• Certified product
By design
• Hardware-enforced security
• “Hacker-proof” design
• On-premise & offline operation: disconnected from the network
Security can come from two sources: trust and design
SECURE VENDORSFROM YELLOW CUBE
Vendor Solution type Source of trust
Stormshield(Airbus Cybersecurity)
FirewallIdependent, multi-national vendorEuropean Union certificationSource code available for EU national security agencies
Waterfall Unidirectional gateway Hardware-enforced security with “hacker-proof” design
Vectra Networks Threat-hunting AI On-premise, offline solution
Wallix Priviledged access manager On-premise solution, no external connections
Teramind User behavior analysis On-premise, offline solution
STEALTHbits Data access governance On-premise, offline solution
Varonis Systems Advanced DAG On-premise, offline solution