The dark side of backup

Security experts say flaws in data backup products could signal a troublesome new trend.

Vulnerabilities in Veritas Backup Exec for Windows and NetWare servers and Computer Associates BrightStor ARCserve Backup on Windows were some problems cited as most serious in a recent update to the SANS Institute's critical list.

The flaws could allow an attacker to take control of a backup server, which typically stores sensitive enterprise data, and then access other systems in the network, according to Rohit Dhamankar, manager of the Digital Vaccine security research team at 3Com's Tipping Point division and editor of the SANS report.

"People are not just exploiting the Windows platform," he said. "Now they're trying to find programs that are very high value running on Windows," he said.

In fact, vulnerabilities in "auxiliary software" such as backup products have been rare, said Marcus Sachs, director of the SANS Internet Storm Center. System administrators are not accustomed to updating their backup software very frequently, and might often defer it to a quarterly or biannual activity, which would leave them open to attack, he added.

Exploit code for the backup flaws is publicly available as plug-ins to the Metasploit penetration testing framework, which makes it easy for someone to launch an attack, said Sachs.

Gary Miliefsky, president and CTO of security supplier NetClarity, said he would not be surprised if he saw automated attacks that target backup systems coming up in the near future.

"This might be the start of a trend," he warned.

The SANS report also cited vulnerabilities in Microsoft products, Oracle, Apple iTunes, and Firefox.

The report, an update to the SANS Top 20 list of critical vulnerabilities published annually in the fall, was culled from 422 new flaws that were discovered in the second quarter of this year. That number represents nearly a 20 percent increase from the number of flaws found in the year-ago quarter.

Experts advised companies to deploy patches for the vulnerabilities as well as tune firewalls and intrusion-prevention devices to block potential attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.