Vista's tunnelling protocol poses risk
Windows Vista's implementation of a tunnelling protocol called Teredo can be added to the list of security problems posed by the operating system, according to recent research from Symantec Advanced Threat Research.
Teredo is one of the protocols introduced into Vista to support IPv6, but it also has unforeseen side-effects, Symantec said, among them that it could allow attackers to evade organizations' security measures.
"Tunnelling methods can be used to evade security controls, and that is what Teredo does (though that was not the intent)," wrote Symantec's researchers in the report. "Unless network firewalls and IDSs are specifically aware of this protocol, they will not be applying the appropriate filtering to the IPv6 packet and its contents; this reduces defense-in-depth, and may result in a failure to apply important security controls."
The report, called "Windows Vista Network Attack Surface Analysis," was prepared by Dr. James Hoagland, Matt Conover, Tim Newsham and Ollie Whitehouse. The researchers noted that Vista introduces a completely rewritten network stack, which means Vista will behave differently than Windows XP -- something network administrators need to be wary of, according to Symantec.
Teredo is designed as a temporary measure to allow devices with IPv6-unaware NAT devices to take advantage of IPv6 connectivity; it encapsulates IPv6 packets within IPv4 UDP datagrams.
One problem with this is that if administrators aren't aware Teredo is being used, it may help attackers gain access to targets on private internal networks, Symantec said. Many intrusion detection systems and firewalls are not currently aware of Teredo, researchers said.
"If left unhandled and unchecked, IPv6 and its accompanying transition technologies allow an attacker access to hosts on private internal networks without the administrator expecting this global accessibility," the report said.
They found that Teredo is enabled by default, though dormant, and "that it was readily used, despite Microsoft's apparently inaccurate statements that downplay its level of activity." The research found Vista in some cases switches on Teredo without any intervention from the user.
Vista requires a firewall to be running to activate Teredo, but this measure, while "sensible," "cannot compensate for all of Teredo's problematic security implications," Symantec said.
Microsoft has responded that the paper in fact validates Microsoft's design decisions in Vista, while acknowledging that improvements could be made.
» posted by abennett
Techworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
