Security

SonicWall Firewalls Found Insecure

Small business owners should immediately talk to their IT providers or staff regarding a recent security issue found in the base operating system of all SonicWall Firewalls.  Firewalls are devices used to protect a private network from the Internet.  In this instance, these systems pose a liability to their organizations due to a SonicWall VxWorks vulnerability making firewalls insecure.

Billions of devices have been exposed as insecure after a July finding from security firm Armis Labs.  The issues are regarding the RTOS (Real Time Operating System) which is owned by Wind River and is commonly referred to as VxWorks.  The RTOS is installed on almost every type of device imaginable including the Mars Rover, SonicWall Firewalls, SCADA networks, VoIP phone solutions, printers and a large portion of IoT devices use VxWorks.

VxWorks has almost a dozen issues exposed in what is being called URGENT/11.  The ability to bypass security using the flaws in the RTOS and gain access to network systems has been confirmed and demonstrated by Armis on their blog post.

SonicWall Firewall

SonicWall has issued a patch and “STRONGLY advises to apply the SonicOS patch immediately. Patches are available for all recent SonicOS versions.” 

IronEdge reminds all technology professionals to backup their current configuration to a secure location before applying patches as well as confirming there is a current support agreement in place with the hardware manufacturer in the event there are issues with the update. The ability to access cloud systems, the Internet or WAN resources will be impacted during the update.

Continued vigilance is required by all Small Business (SMB) owners and executives regarding IT security.  The threat landscape changes daily and it is critical to work with a team who are actively staying informed.  Creating a multi-layered defense to IT security is essential to businesses as outlined in this post

Ensure your company data remains secure with help from our IT specialists at IronEdge. Contact us to discover how we can help you take control of your business’s technology!  

Andrew Moore

Andrew Moore has a history of building great operational systems. He has worked in the IT arena for over 17 years and has been instrumental in the successful building of several businesses into multi-million dollar companies. Andrew’s fusion of process development, data analysis and mentoring talented employees has provided the foundation for building strong and profitable organizations.