Posts

New SMA Release Updates OpenSSL Library, Includes Key Security Features

As part of SonicWall’s commitment to performance, security and usability, we are introducing SMA 100 Series release 10.2.1.7.

SonicWall Secure Mobile Access (SMA) 100 Series is a unified secure access gateway that allows organizations to offer remote users virtual private network (VPN) access to their corporate applications. SMA 100 Series release 10.2.1.7 includes several key security features that protect the operating system from potential attack as well as updates to the OpenSSL Library.

SonicWall has taken the approach of incorporating security enhancements in their products, such as the SMA 100 series, which helps identify potentially compromised devices by performing several checks at the operating system level and baselining normal operating system state. In addition, SonicWall sends anonymous encrypted data to backend servers, including device health data, to detect and confirm security events and release new software to correct the issue.

SMA 100 Security Enhancements with NIST 800-61

SMA 100 10.2.1.7 follows the NIST incident response playbook of detection and analysis, containment, eradication, and recovery.

Detection & Analysis: The SMA 100 10.2.1.7 continuously monitors the operating system (also called firmware) for any anomalous behavior and deviations from normal operations. Further analysis is done to determine if these aberrations represent actual security incidents. If a security incident is discovered on the local system, additional diagnostic metadata is collected from the operating system to determine the root cause of the incident.

Containment: After detecting a potentially malicious event, it is important to contain the intrusion before an adversary can access more resources and cause further damage. If the SMA 100 is deemed to have deviated from normal behavior, short-term containment is performed. This involves restricting specific network communications from the SMA 100 to avoid communications to malicious servers.

Figure: SMA 100 Incident Response Methodology
Eradication: If SMA 100 has been deemed to be compromised, eradication is the process of trying to eliminate the root cause of the incident and either evict the adversary or mitigate the vulnerability that may have enabled the adversary to enter the environment. To achieve this, suspicious processes are terminated, and unauthorized files are removed from the operating system.

Recovery: This phase involves bringing an affected SMA 100 back to normal operations to avoid future incidents. When the SMA 100 has a confirmed security incident after our internal analysis, customers are notified by SonicWall support. SonicWall will work with the affected customers to upgrade them to newer firmware.

Hygiene: While not part of the incident response playbook, good security hygiene and following industry security practices is important in staying proactive against cyber threats. SMA 100 10.2.1.7 also checks to see if the end customer is following security best practices, such as ensuring password expiration and multi-factor authentication and enabling web application firewalling to secure the SMA 100. If these have not been enabled, the customer is prompted to do so using proactive messages on the administrative user interface.

SMA 100 gets updated OpenSSL library

SMA 100 leverages the OpenSSL Library to offer SSL-VPN connection security. We are updating the OpenSSL Library to the 1.1.1t version to patch third-party OpenSSL vulnerability documented in ‘CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation.

SonicWall recommends all SMA 100 customers upgrade to 10.2.1.7 by logging in to MySonicWall or by following the guidance in the following resources.

  1. Knowledge Base
  2. Upgrade Guide
  3. Administrative Guide
  4. Release Notes

Mobile Workers and BYOD are Here to Stay: Is Your Data Secure

The way business professionals work has changed dramatically over the last several years, and continues to at an ever-growing rate. They are on the go and working from different locations across all hours using many devices to allow for a work/life balance. We have become an “always-on” society.

Workers are also doing more work remotely, whether it be at a coffee shop, on the train to work, or on a business trip from a hotel room. People want to stay in touch wherever they are and whenever they need to. They also want to use the device they like, whether it is a smartphone, tablet or laptop. In addition, they also need access to the applications they choose to use, some from their work, others of their own. And most importantly, they need access to the data required to do their jobs, whether it is online through the Internet or behind their company’s firewall on the intranet.

Companies clearly need to find a way to provide their mobile workers secure access to any data from any device at any time. That said, companies’ IT organizations need to understand the risks they are opening themselves up to if they don’t take necessary precautions including data loss, malware, device proliferation, rogue applications, lost and stolen devices with data onboard, credential theft, etc.

Today, IT can implement a number of solid mobile workforce management and mobile security management tools to help secure mobile data and devices, such as:

  • Mobile Device Management (MDM)
  • Mobile Application Management (MAM)
  • Secure Sockets Layer Virtual Private Network (SSL VPN)
  • Network Access Control (NAC)

Learn more about what the industry is seeing around providing secure mobile access over BYOD by reading our executive brief, “Ready or not, mobile workers and BYOD are here to stay.”