Thursday, May 24, 2007

How secure are security appliances?

We've started focusing on the security of appliances that are installed in corporate and government networks. To our amazement most of these appliances are more insecure than the operating systems and software that we've (being the security industry) been picking on so aggressively. In fact, we are looking at one appliance right now that is made up of software, that is unpatched, and dates back as far as 5 years. This particular appliance is vulnerable to at least 28 critical known security issues, and god knows how many other "unique" issues. Expect to see advisories from us in the future specifically focused on security appliances.


  1. I think a lot of this mentality goes back to the fact that the Appliance owner doesn't necessarily think the customer is going to look at the OS. It's an appliance right? "Set it and forget it?" I've seen some nasty issues with appliances, so this should be interesting to see what you guys turn up.

  2. I think that you're 100% on the money. Most people think that appliances aren't vulnerable to the same issues that other systems are vulnerable to. The thing that they are forgetting is that appliances are computers too. As such, they need updates.