Exploiting Security Devices? Oh, the Irony

Security devices are supposed to protect us, but what happens when they don’t?

In a Black Hat webcast this week, Ben Williams, consultant with NCC Group, detailed his investigation into security devices. Williams found that many of the network security gateway devices he tested had security shortcomings that could potentially enable an attacker to perform all manner of malicious activities on a vulnerable network.

“The ironic thing about these vulnerabilities is that they are well known types of issues and misconfigurations,” Williams said. “There is an implicit trust with security appliances and people think they have been hardened, but that’s not always the case.”