Networks left unprotected by SonicWall server glitch
Published: 04 Dec 2008 11:28 GMT
An outage affecting SonicWall's licensing server disabled subscription-based security services for customers for at least several hours on Tuesday, according to the company.
Beginning at around 2am PST, "some SonicWall products contacting a particular SonicWall licensing server began receiving erroneous responses", the company said in an email notice to customers, sent at around 5:40pm PST on Tuesday.
"You are receiving this mail because our monitoring systems indicate that your SonicWall product(s) may have been affected. This may have caused the product licence key to be reset and, in some cases, may have affected the products' operation," the notice states. "The issue has been corrected and all servers and licensing functions have been restored."
The notice listed affected products as SonicWall UTM Firewall Appliances PRO series, TZ series and NSA series; all SonicWall Email Security Appliances and Email Security software; SonicWall Content Security Manager Appliances; all Continuous Data Protection Appliances; and SGMS managed appliances.
It is unclear how long the outage lasted and how many customers were affected.
SonicWall spokeswoman Colleen Nichols sent ZDNet UK sister site CNET News.com this statement on Wednesday afternoon: "Very early yesterday, one server in SonicWall's licensing server pool that handles distribution of signatures and licence keys malfunctioned. This malfunction caused some customers' licence keys to be reset, requiring them to be resynchronised."
"SonicWall shut off this server shortly after it began malfunctioning and, at the same time, proactively stopped automatic licence key updates while we verified the integrity of the rest of our licensing servers. During this period, customers were still able to manually download updates and resynchronise their licences through mysonicwall.com. As of noon yesterday, our licence server pool is online and available, and affected customers can resynchronise their licences through their product user interface," Nichols added.
Read this
Tackling the threat from compromised websites
Most web-based malware now comes from genuine sites that have been compromised, but security expert Mary Landesman wonders: are site owners and visitors are addressing the problem?
Customers who believe they are affected can go to SonicWall's website to get more information about resynchronising their licence keys, she said.
At least one customer was wondering why the operation of vital services would be tied to a server used for validating licences.
"I was shocked this would happen," John Wilson, president of Avalon Technology Consultants, told CNET News.com. "It's like buying a car and, because General Motors' servers go down, your car stops working."
Avalon, which manages about 50 SonicWall firewalls for its customers, noticed at about 10am PST on Tuesday that the firewalls were reporting that the antivirus, anti-spyware and intrusion-prevention services were not longer functioning, he said.
SonicWall advised customers to check all devices to be sure they were functioning, which "is not an insignificant task", Wilson added.
"We have been recommending and installing SonicWall firewalls for our clients for several years, and we had no idea that the devices would stop working when SonicWall's servers went offline," Wilson wrote in an email to CNET News.com.
"We believe that this is a serious security flaw with the potential to compromise security for tens of thousands or even millions of networks, and we believe this should be brought to the industry's attention," he wrote.
Credit: SonicWall server glitch leaves networks unprotected from CNET News
Did you find this article useful?
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
