New SMA Release Updates OpenSSL Library, Includes Key Security Features

By

As part of SonicWall’s commitment to performance, security and usability, we are introducing SMA 100 Series release 10.2.1.7.

SonicWall Secure Mobile Access (SMA) 100 Series is a unified secure access gateway that allows organizations to offer remote users virtual private network (VPN) access to their corporate applications. SMA 100 Series release 10.2.1.7 includes several key security features that protect the operating system from potential attack as well as updates to the OpenSSL Library.

SonicWall has taken the approach of incorporating security enhancements in their products, such as the SMA 100 series, which helps identify potentially compromised devices by performing several checks at the operating system level and baselining normal operating system state. In addition, SonicWall sends anonymous encrypted data to backend servers, including device health data, to detect and confirm security events and release new software to correct the issue.

SMA 100 Security Enhancements with NIST 800-61

SMA 100 10.2.1.7 follows the NIST incident response playbook of detection and analysis, containment, eradication, and recovery.

Detection & Analysis: The SMA 100 10.2.1.7 continuously monitors the operating system (also called firmware) for any anomalous behavior and deviations from normal operations. Further analysis is done to determine if these aberrations represent actual security incidents. If a security incident is discovered on the local system, additional diagnostic metadata is collected from the operating system to determine the root cause of the incident.

Containment: After detecting a potentially malicious event, it is important to contain the intrusion before an adversary can access more resources and cause further damage. If the SMA 100 is deemed to have deviated from normal behavior, short-term containment is performed. This involves restricting specific network communications from the SMA 100 to avoid communications to malicious servers.

Figure: SMA 100 Incident Response Methodology
Eradication: If SMA 100 has been deemed to be compromised, eradication is the process of trying to eliminate the root cause of the incident and either evict the adversary or mitigate the vulnerability that may have enabled the adversary to enter the environment. To achieve this, suspicious processes are terminated, and unauthorized files are removed from the operating system.

Recovery: This phase involves bringing an affected SMA 100 back to normal operations to avoid future incidents. When the SMA 100 has a confirmed security incident after our internal analysis, customers are notified by SonicWall support. SonicWall will work with the affected customers to upgrade them to newer firmware.

Hygiene: While not part of the incident response playbook, good security hygiene and following industry security practices is important in staying proactive against cyber threats. SMA 100 10.2.1.7 also checks to see if the end customer is following security best practices, such as ensuring password expiration and multi-factor authentication and enabling web application firewalling to secure the SMA 100. If these have not been enabled, the customer is prompted to do so using proactive messages on the administrative user interface.

SMA 100 gets updated OpenSSL library

SMA 100 leverages the OpenSSL Library to offer SSL-VPN connection security. We are updating the OpenSSL Library to the 1.1.1t version to patch third-party OpenSSL vulnerability documented in ‘CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation.

SonicWall recommends all SMA 100 customers upgrade to 10.2.1.7 by logging in to MySonicWall or by following the guidance in the following resources.

  1. Knowledge Base
  2. Upgrade Guide
  3. Administrative Guide
  4. Release Notes

This post is also available in: Japanese

Jai Balasubramaniyan
Director of Product Management | SonicWall
Jai Balasubramaniyan is the Director of Product Management at SonicWall. He has been instrumental in creating award-winning enterprise security products at Cisco, Trend Micro, Check Point, Zscaler, Gigamon, CrowdStrike and ColorTokens. Jai was the architect and developer of the Cisco Router Firewall, and he led the creation and launch of DMVPN solution — which earned the Pioneer Award, Cisco’s highest technology award. Jai also led product management for the Trend Micro Deep Discovery Solution (rated highest efficacy in NSS Labs tests), the Gigamon Security Delivery Platform and the ColorTokens Zero Trust Platform. Jai has a master’s in Computer Science from Purdue University and an MBA from the Kellogg School of Management, and holds several patents and publications in the security field.