Sign in / up

back to article Crims bust through SonicWall to grab sensitive config data

SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data. The network security vendor confirmed the breach in an updated knowledge base article and in a statement to The Register, saying that it recently detected suspicious activity …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

  1. This post has been deleted by its author

  2. Homo.Sapien.Floridanus Silver badge

    First Little Pig: My business, Straw, Inc. is moving all its data to the cloud.

    Second Little Pig: The organization I am working for, Sticks Data, has a cloud first strategy.

    Third Little Pig: Come by Bricks and Mortar Private Cloud, Inc. when you want to repatriate.

    6 0 Reply
  3. VoiceOfTruth Silver badge

    Here we go again

    A company supposedly or actually in the business of selling computer security products can't keep itself secure.

    >> We are not presently aware of these files being leaked online by threat actors

    Er yeah. Cos maybe the crims are going through it to see how useful it is.

    7 1 Reply

    1. This post has been deleted by its author

  4. Nate Amsden Silver badge

    Maybe too paranoid

    But I'd never trust a cloud managed network connected device(exception would be if that device is in the cloud as well). I do/have run Sonicwalls since 2012 for site to site VPNs and layer 4 firewalls they work fine for that. Never enabled cloud backup(wrote my own script to back them up), never enabled SSL VPN(SSL VPN on Sonicwall firewalls was always crap IMO, though if your needs were SUPER basic I suppose it could work fine from a functionality standpoint - of course Sonicwall has a dedicated SSL VPN product line if you want more features, I evaluated that once for about 30mins many years ago but immediately ruled it out as at least at the time it could not fully integrate with Duo Security with inline enrollment etc.

    Duo has since gone to hell with their SAML requirements so it may very well work fine now(with SAML) - I personally spent more than 40 hours over the span of several weeks getting SAML with Duo working early this year(without ever using email address as a form of identification something they thought was impossible), and in one case had a support case open for 50 days for one of my SSL VPN products to get integration right as Duo's docs were fairly useless). But it's been flawless since, and my Lemonldap-ng SAML system is integrated with Ubuntu 24 and is pretty simple system so I don't expect much pain for the next few years as long as I'm on Ubuntu 24 the version shouldn't change much.

    6 0 Reply
  5. Gene Cash Silver badge

    "fewer than 5 percent"

    So is that just the percentage of people stupid enough to allow their firewalls to be backed up in the cloud?

    Would there be anybody here that wouldn't instantly turn that off?

    4 0 Reply
  6. DS999 Silver badge
    Facepalm

    So they encrypted the login/password

    But kept all the other configuration information plain text? Why would you ever trust a company that stupid with securing your network? That's "have a default password in firmware so our techs can get access if a customer needs support" levels of stupid.

    5 0 Reply
  7. John Klos

    SonicWall - should not be trusted with security

    When a company prioritizes money over security, they should not be trusted with security.

    They have a long history of security issues, and we all know they don't provide updates to anyone who isn't paying for support. But what do you get even when you do pay for support? You get to be their beta tester, because many of their "features" and many of the bugs that they're finally getting around to trying to fix haven't really been tested. You get their own staff being unable to make their own "features" work. You get told that you get nothing for not being able to use those "features" for months while they try to fix them.

    Even when you report issues while having support, and they finally claim to have fixed them, you still need to have active support to get those fixes. A company that I worked with had taken SonicWalls out of service because of broken "features" and wasn't going tp pay until assured that those "features" were fixed, and SonicWall would neither offer the fixes that caused the company to stop using their products, nor would they assure that the "features" were fixed, nor offer any additional support if they weren't.

    Much of their support don't even understand basic networking. It's like calling Comcast or AT&T - they know terms, but the first half hour of any call is dealing with someone who doesn't know what a NAT state table is, but pretends that the thing they've condescendingly read out of a script disproves everything you've said. One of their higher tiered support people told me, completely seriously, that NAT timeouts HAD to happen and said it's impossible (his word) to keep a NAT state open indefinitely (I said I didn't want ridiculous amounts of time - a year is fine - but apparently it's not possible in SonicWalls to turn off the timeouts).

    If that weren't bad enough, they will tell you that a device is "obsolete", then sell you a new device that has LITERALLY THE EXACT SAME HARDWARE INSIDE.

    They're a shady company that should never be trusted with anything related to security.

    Thank you for attending my rant.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like