At Protek Support we like to keep our clients informed about any security breaches that could affect their network. As a SonicWall partner, the majority of our clients use SonicWall appliances for their firewall.
Today, SonicWall announced a major security breach that affects their SMA 100 series products. The breach involved a coordinated attack on SonicWall’s internal systems by “highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products,”
Protek Support has looked at the networks of all of our clients and have found no compromised products. Additionally, according to SonicWall, “All generations of SonicWall firewalls are not affected by the vulnerability impacting the SMA 100 series. No action is required from customers or partners.”
If you do happen to have an SMA 100 Series appliance from SonicWall, make sure you follow their recommendations to secure the device, which include:
- Enable two-faction authentication (2FA) on SMA 100 series appliances
- Enable Geo-IP/botnet filtering and create a policy blocking web traffic from countries that do not need to access your applications.
- Enable and configure End Point Control (EPC) to verify a user’s device before establishing a connection.
- Restrict access to the portal by enabling Scheduled Logins/Logoffs
As evidenced by this targeted attack, MSP vendors like SonicWall are big targets for threat actors. When an attacker hits an MSP they can affect many companies at once instead of targeting other companies and just getting the single company. These vendors need to be even more diligent, and take additional measures to protect themselves like using security awareness training.
If this breach ends up extending to products that Protek Support clients utilize we will be sure to let you know.