SCIENCE
Secure Computing's Sidewinder Impervious to Critical UNIX Vulnerability
SAN JOSE, CA -- Secure Computing Corporation (NASDAQ: SCUR), a leading provider of enterprise access control solutions, today announced that its Sidewinder(TM) firewall and VPN gateway is not susceptible to the serious vulnerability that was reported in the recent CERT Advisory, CERT-2001-21. The Advisory reported that systems running versions of telnetd derived from BSD source code are vulnerable to an attack allowing unauthorized, complete, system access. Telnetd is an application commonly used for remote administration and is generally included in commercial UNIX operating systems. The telnetd vulnerability referenced is not applicable to Sidewinder as a result of disciplined security software design practices in combination with Secure Computing's patented Type Enforcement(TM) technology. Sidewinder's telnetd services are greatly restricted due to both known and theoretical vulnerabilities. This least privilege design renders the attack described in the CERT-2001-21 Advisory useless. In addition, Sidewinder's operating system, SecureOS(TM), built on Secure's Type Enforcement technology, has further defenses against this attack that would trigger multiple security violations. Specifically, the attack first attempts to start a shell process. Sidewinder's embedded Type Enforcement security rules prevent telnetd from replicating itself and accessing the system shell programs. Even without this embedded, tamper proof rule in place, other Type Enforcement rules also defend against this attack. As an example, the new shell would need administrative privileges and those privileges are not available to the telnetd services. "Our competitors are rushing to develop and issue patches to address this vulnerability. Because Sidewinder integrates a secure operating system, SecureOS, there's nothing to patch," said Mike Gallagher, vice president and general manager of the Network Security Division at Secure Computing. "Most firewalls can protect you against known vulnerabilities. Only Sidewinder, with its fundamental defense-in-depth architecture, can protect you against tomorrow's vulnerabilities, today." Sidewinder's fundamental defense-in-depth architecture was first released to the market in 1995. Since that time, Sidewinder has demonstrated its superiority over competitors' react-and-patch security solutions, which have continuously exposed mission critical networks to the attack du jour. Sidewinder is the world's strongest firewall, and with its powerful VPN gateway delivers an impenetrable network shield without sacrificing ease of use, reliability and scalability. The strength of Sidewinder was further demonstrated recently when it was the first firewall accepted into evaluation against Common Criteria's highest Evaluation Assurance Level available for firewalls, EAL4+ which included EAL5 components. Sidewinder's hybrid architecture combines stateful inspection, application filtering, IPSec-certified VPN and real-time intrusion alerts into one simple software package that runs on low-cost Intel(R) hardware. At the hardened core of Sidewinder is SecureOS, a performance-optimized, highly secure operating system built with Secure Computing's patented Type Enforcement technology. The result is uncompromised perimeter defense that is easy to deploy and manage across any enterprise. For additional information visit www.securecomputing.com