FOR IMMEDIATE RELEASE
CONTACT:

WESTLAKE VILLAGE, Calif. – Feb. 12, 2003 – Symark today announced that its PowerBroker and PowerPassword security solutions address the latest SANS/FBI Top 10 UNIX Vulnerabilities. PowerBroker privilege management software and PowerPassword login and password management software provide flexible, cost-effective remediation of the most commonly exploited UNIX services, thereby protecting heterogeneous UNIX environments from attack through holes in targeted software.

The SANS/FBI Top 10 UNIX Vulnerabilities list is a prioritized list of vulnerabilities that require immediate remediation. The Top 10 UNIX Vulnerabilities list together with the SANS/FBI Top 10 Windows Vulnerabilities list make up the SANS/FBI Top Twenty. The SANS Institute reports that although there are thousands of security incidents each year affecting Windows and UNIX systems, the overwhelming majority of successful attacks target one or more of the services listed in the Top Twenty.

“Thousands of attacks on UNIX systems are successfully launched every year, and the majority of them stem from just a few known software vulnerabilities,” said Suzanne Dickson, Vice President of Product Marketing at Symark. “By offering granular privilege delegation and administration as well as comprehensive password management, PowerBroker and PowerPassword along with the recommendations in the SANS/FBI report supplement a system administrators ability to keep their critical UNIX environments secure today and tomorrow.”

PowerBroker is security software that enhances native UNIX authorization by providing selective delegation of UNIX administrative privileges for trusted users without providing full root access, reducing the risk of accidental damage or malicious activity. PowerBroker also manages privileges and access to third-party applications and accounts, including generic accounts, and extends traditional UNIX logging capabilities by offering an indelible audit trail of all accepted and rejected user requests and session I/O.

PowerPassword is a flexible, powerful password management and login control system that allows system administrators to centrally manage login and password policies across heterogeneous UNIX networks. PowerPassword provides stronger passwords, aging and history, reset and synchronization, and comprehensive logging.

No Passwords, Weak Passwords

According to the SANS report, accounts with no passwords or weak passwords represent one of the most commonly exploited vulnerabilities to UNIX systems. In addition to nonexistent or weak user and administrative account passwords, UNIX vulnerabilities also include the failure to protect passwords and the use of known password hashing algorithms or poor hash storage. PowerPassword addresses these vulnerabilities by requiring strong login and password management. PowerPassword prohibits null passwords, ensures that passwords are changed regularly, forces users to reset passwords, and provides a history component to reduce the risk of reusing old passwords. Further, PowerPassword can encrypt all database, policy, and encryption files, and network traffic.

To tightly control user and administrative accounts, PowerBroker ensures that only specific administrators perform password and login management tasks and restricts access to password files. PowerBroker further strengthens security by managing special administrative account privileges such as default or built-in generic accounts. PowerPassword, in turn, restricts access to specific hosts and durations, enabling administrators to identify possible inactive and orphan accounts by enforcing password resets. PowerPassword also helps maintain strong password policy for the enterprise through its central administration of password policy, which prevents users from choosing weak passwords, as well through its comprehensive logs, which track who accessed a system as well as when and how they accessed it.

Other Top UNIX Vulnerabilities

PowerBroker and Password also effectively address other common UNIX vulnerabilities on the Top 10 list. According to the SAN/FBI list, one of the first steps in protecting against any vulnerability is to install the latest patches for the vulnerable software. PowerBroker helps ensure proper software patching by ensuring that only specified administrators are allowed to install patches and upgrades.

According to the SANS report, the most exploited UNIX vulnerability is a flaw in Remote Procedure Calls (RPC). PowerBroker addresses this problem by restricting who can execute root privileges on a remote machine, then logging all activity. PowerPassword adds additional protection by providing secure access to remote machines.

Open-source Apache Web Server code represents another common UNIX vulnerability, allowing unauthorized access for attackers. PowerBroker and PowerPassword mitigate the risk of software flaws in these systems by enabling administrators to prohibit running Apache as root and, instead, assigning the privilege of creating user accounts to specific administrators while restricting other administrative privileges. In addition, PowerPassword restricts Apache host access to only those administrators who require access; if an Apache host is compromised, PowerPassword restricts and isolates the attacker, preventing him or her from using telnet, rlogin, or rsh to connect to other machines.

Also among the Top 10 UNIX Vulnerabilities are Secure Shell (SSH) and Simple Network Management Protocol (SNMP). Although more secure than telnet, FTP, and r-commands, SSH includes vulnerabilities that can allow attackers to obtain root access. When used in combination with SSH, PowerPassword significantly strengthens login and password controls. Vulnerabilities in SNMP allow attackers to reconfigure or shut down devices remotely. PowerPassword and PowerBroker facilitate the employment of host-based access control to help protect against this vulnerability. PowerPassword restricts access to specific hosts while PowerBroker restricts privileges and controls access to files and directories.

File Transfer Protocol (FTP) enables users to distribute files to anonymous or authenticated users; however, anonymous FTP does not require a unique password and the username and password of authenticated users is easily discovered. As a result, FTP is one of today’s most commonly exploited UNIX services, according to the SANS/FBI Top 10. PowerPassword and PowerBroker help address these vulnerabilities by restricting access to the FTP server and ensuring restricted access to specific files and directories, respectively.

Another widely exploited UNIX vulnerability is trust relationships, or r-commands. A trust relationship enables a user to assume the identity of a valid user and access trusted systems without requiring authentication. For organizations that are prohibited from disabling such r-services on all systems, PowerBroker enables them to restrict the use of these services and logs all connection attempts. PowerPassword, in turn, can be used to disable the trust relationship by providing more secure login and access to hosts.

The line printer daemon (LPD), the most commonly used print server across UNIX and Linux distributions, and Sendmail represent two of the top vulnerabilities to UNIX as reported in the SANS/FBI list. Many implementations of LPD and Sendmail contain flaws that lead to buffer overflows, allowing attackers to run arbitrary code with root privileges. To guard against these vulnerabilities, administrators can use PowerPassword to restrict or isolate an attacker, prohibiting him or her from connecting to another system. In addition, PowerBroker enables administrators to restrict which hosts connect to the printer server.

Also included on the SANS/FBI Top 10 UNIX Vulnerabilities list is the Berkeley Internet Name Domain (BIND) package, the most widely used implementation of the Domain Name Service (DNS). Improper configurations make BIND/DNS vulnerable to buffer overflows. PowerBroker helps guard against these vulnerabilities by assigning configuration privileges to experienced or senior administrators, thereby reducing the likelihood of misconfiguration. PowerBroker further protects by restricting BIND so that it runs as a non-privileged user, limiting BIND privileges to specific administrators.

PowerBroker and PowerPassword support Sun, HP, IBM, Digital, Compaq, SGI, Motorola, Linux, Sequent, and SCO, as well as AIX 5, Solaris 9, Debian Linux, and IBM S390 Linux.

Symark services and support complement the company’s powerful product offerings. Symark offers onsite training, rapid deployment assistance, and 24x7 support by highly specialized technicians and staff.

About Symark

Founded in 1985, Symark is the leading provider of security solutions for Global 2000 businesses that protect UNIX and Linux resources with superior access control and privilege management. Symark PowerBroker® enables granular delegation of administrative privileges while restricting root account access. Symark PowerPassword® provides login and password policy management with stronger passwords, aging, and history. Both products offer the broadest range of UNIX flavors, central administration, and detailed audit logs. Symark’s products strike the perfect balance between protection and productivity by preventing damage or abuse by trusted users, whether intentional or not. Symark offers extensive expertise in enterprise computing security and its products are backed by unmatched technical support. For more information, visit us at www.symark.com.