Backdoors in Foreign Cyber Security Products
There are many firms that have implemented or planning to implement cyber security strategies in near future to safeguard their resources against cyber attacks and to forestall revenue losses. But are they really using a robust cyber-security solution that’s serving them to chop back damages to their product?
There are many firms that have implemented or planning to implement cyber-security strategies in near future to safeguard their resources against cyber-attacks and to forestall revenue losses. But are they really using a robust cyber-security solution that’s serving them to chop back damages to their product?
Most of the Network managers place confidence in foreign technology to safeguard their networks without understanding the spying risks. Of course, Globalization has reduced competitive barriers between both multinational corporations and nation states. However, the increasingly flat world isn’t to everyone’s taste.
Have you read the book - “The Alchemist” authored by Paulo Coelho? - where he writes about a shepherd boy named ‘Santiago’ who sees a recurring dream about a child who tells him that he’ll find a hidden treasure if he travels to the Egyptian pyramids. Then Santiago decides to sell his sheep and travels in search of the hidden treasure that he dreamt of. But at the end of his journey, Santiago returns to his home without any hope and digs exactly where he had slept, and finally finds the treasure there.
Believe it or not but the story of The Alchemist precisely replicates the behaviour of Network Manager of an organization, where he initially dreams of a robust cyber-security solution for his company, and then he asks for his budget and starts his search for a foreign product that he dreamt of considering. But in the end - what he actually finds is nothing but a spying and broken foreign technology -- the product that has a Backdoor or a solution that's easily hackable by the cyber attackers.
A Backdoor is basically a remote administration utility that allows a user to gain access and control of a system — remotely over a network or the internet. A Backdoor can easily get the access & control of a system — because it exploits the undocumented processes within the system’s code. And a backdoor can be enforced for two reasons – either for gaining the complete access of a system by the system admin himself or as an unauthorized access by the attackers who wants to take control of user’s system/device without their authorization.
By taking the control of victim’s system, an attacker can issue commands and make unauthorized changes such as Changing date/time settings, File transfer, getting system information and so on...
While the backdoors aren't limited to software, they can also be exploited in the hardware as well as embedded RFID chips and memory. The most common backdoors in hardware embrace such features as, the creation of new Backdoors by bypassing the victim's computer authentication, causing interruption to the normal functioning system processes, hardware modification tampering with quickly spreading operations, etc.
Recently, we have seen a lot of Backdoor attacks such as:
• A hidden Backdoor attack on Dell’s Sonicwall Global Management System (GMS),
• A Backdoor in Juniper Network’s Netscreen Firewall,
• SSH Backdoor in Fortinet Firewall package FortiOS,
• Backdoor in Cisco Routers, etc
In this incredibly risky cyber security environment, usage of a domestic technology is one of the smartest moves companies or Network Managers can make. As we all know by now, breaches and data theft can cause major legal, financial and reputational harm – or even ruin both human beings and businesses.
It is very important to understand the consequences of a backdoor-present in the network devices you use within your organization. Be proactive and minimize the likelihood of a backdoor situation so that your business can stay online all the time without any interruption.
Choosing a foreign security product that has intentional vulnerabilities will be detrimental to all parties involved. Hopefully, with some education, we can ultimately increase awareness of how a domestic product plays an important role in protecting the network perimeter of a company.