Tuesday, January 12, 2016

Should we be loosing faith in Fortinet

The latest news is really sad,  and a big disappointment from Fortinet. A backdoor access has been noted and a simple  python script has been published that shows howto exploit the access

Here's a snapshot from the  FTNT blog

http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios



So if a security company can't get it right,  that makes one wonder what else they are doing that we don't know about.

To mitigate this, we need to disable allowaccess for ssh or upgrade. If you must run ssh then use a non-Standard port  or deploy a 2  tier access by deploying a sslvpn access 1st and then  ssh allow on the ssl interface.


http://socpuppet.blogspot.com/2014/12/hardening-your-unix-ssh-server-access.html

http://socpuppet.blogspot.com/2015/03/sslvpn-sslroot-management-access.html

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \


2 comments:

  1. There is no reason here to lose faith in Fortinet. They discovered this authentication vulnerability in their SSH (it's not a backdoor) over 18 months ago and corrected it.

    Different SSH implementations have had a variety of different vulnerabilities over time. OpenSSH just announced one: http://www.eweek.com/security/openssh-flaw-exposes-linux-servers-to-roaming-risk.html

    If you want to lose faith in a "security company" then lose faith in Juniper. They allowed a REAL backdoor to sit in their code for over three years!

    http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/

    ReplyDelete
  2. I want to correct you. Fortinet didn't find this, a 3rd party found this backdoor from the hashed password and challenge.

    It should make all wonder who else has backdoor, or as fortinet states "management vulnerability".

    ReplyDelete