Backup Poses Risk, SANS Warns

Hackers are targeting vulnerabilities in backup and recovery software

November 23, 2005

3 Min Read
Network Computing logo

Users run the risk of losing critical data as hackers increasingly target weaknesses in backup and recovery applications, warns the SANS Institute.

The latest report from the cybersecurity think tank is based on research from the U.S. Computer Emergency Response Team (US-CERT), the U.S Department of Homeland Security, the British Governments National Infrastructure Coordination Center (NISCC), and Canada’s Cyber Incident Response Center. It cites backup and recovery as the soft underbelly of users’ security strategies.

No one, it appears, is safe. All operating systems running backup software are potentially vulnerable to exploitation, warns the Institute, with Microsoft Windows and Unix the most commonly affected operating systems.

In the worst-case scenario, the vulnerabilities could be exploited to attack systems running backup servers and clients. This opens up the possibility of an attacker gaining access to sensitive backed-up data.

A number of storage backup products have been affected by vulnerabilities, the Institute reports. These include Symantec’s NetBackup, Backup Exec, and Storage Exec offerings, as well as Computer Associates’ BrightStor ARCServe.The CEO of a U.K.-based technology retailer, who asked not to be named, says users themselves pose a threat, regardless of software. “We still see people making the most fundamental mistakes regarding backups," he notes.

While the CEO thinks people are starting to understand that backup is a major issue, he is still shocked by the laissez-faire attitude to backup that many users adopt. “We have even seen, in the finance sector, people just doing the rudiments of encryption, and they haven’t got security policies in place,” he says.

This may have to change if users want to lock down their systems. In the SANS Institute's statement this morning, Jerry Dixon, director of US-CERT, warned that backup software is now being targeted by criminals, “We received reports of important system compromises using vulnerabilities in backup products within a few days of the public disclosure to vulnerabilities in those products."

The Institute has several tips for users looking to avoid an unpleasant security breach based on backup software:

  • Use a software vulnerability scanner to detect any gaps in backup software. An example includes Microsoft's Baseline Security Analyzer. There is also open source software available from a company called Nessus.

  • Deploy firewalls on any ports used by backup software.

  • Segregate the network. The network that is used for backups should occupy its own virtual local-area network (VLAN).

  • Use encryption and set policies about it. Organizations must not only use encryption regularly, but make it company policy to do so.

Of the items above, encryption is among the most vital. Last week, research from DisUK Ltd. warned that few firms are taking this encryption message seriously, despite a spate of recent incidents involving lost media. (See Disuk Issues Warning .)The U.K.-based CEO cited earlier says he's not surprised by the survey results, particularly given the budget constraints of recent years. “I think a lot of it is that people have been cutting corners, so they don’t actually make the investment.”

The latest SANS Institute report doesn't dwell only on backup. Researchers also highlighted anti-virus software as a potential Achilles heel. During the past year, according to the Institute, hackers have shifted their focus toward weaknesses in anti-virus and anti-firewall software. These vulnerabilities can be used to take over a user's system.

Anti-virus software is also vulnerable to what are known as "evasion" attacks, which can increase a system’s virus infection rate. By specially crafting a malicious file -- for example, an HTML file with an "exe" header -- an attacker could completely bypass anti-virus scanning, warn SANS Institute experts.

Any user running any release of anti-virus software that has not been updated to incorporate the latest protection schemes is potentially open to attack, warns the report.

— James Rogers, Senior Editor, Byte and SwitchOrganizations mentioned in this article:

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights