½Ã½ºÄÚ ASA ¼ÒÇÁÆ®¿þ¾î Ãë¾àÁ¡, º¸¾È ¾÷µ¥ÀÌÆ® ¾ÆÁ÷ ¹ßÇ¥ ¾ÈµÅ
[º¸¾È´º½º ±ÇÁØ] ¼Îµµ¿ì ºê·ÎÄ¿½º(Shadows Brokers)¶ó´Â ÇØÅ· ´Üü°¡ Ú¸ ±¹°¡¾Èº¸±¹(NSA)¸¦ ÇØÅ·Çß´Ù°í ÁÖÀåÇϸç, °ø°³ÇÑ ÇØÅ· Åøµé·Î ÀÎÇØ ½Ã½ºÄÚ¿Í Æ÷Ƽ³ÝÀ» ºñ·ÔÇÑ ³×Æ®¿öÅ©¡¤º¸¾È ¾÷°è´Â ¹°·Ð °ü·Ã Á¦Ç°±º »ç¿ëÀڵ鿡°Ôµµ ºÒ¶ËÀÌ Æ¢°í ÀÖ´Ù.
¡ã NSA ÇØÅ· ÀÇȤ »ç°ÇÀÇ ºÒ¶Ë, ¾îµð±îÁö Æ¥ °ÍÀΰ¡?
°ø°³µÈ ÀÚ·á¿Í ÇØÅ· ÅøµéÀ» ºÐ¼®ÇÑ º¸¾ÈÀü¹®°¡µéÀº ÇØ´ç ÀÚ·áµéÀÇ ¿ø Ãâó°¡ ´ë´ÜÇÑ ±â¼ú·ÂÀ» º¸À¯ÇÑ ÇØÄ¿Á¶Á÷ÀÎ ÀÌÄùÀÌÁ¯ ±×·ìÀÏ °¡´É¼ºÀÌ ³ô´Ù°í ¹àÈ÷°í ÀÖ°í, ÀÌÄùÀÌÀü ±×·ìÀº NSA°¡ ¿î¿µ ¶Ç´Â Áö¿øÇÏ´Â ÇØÄ¿Á¶Á÷À̶ó´Â °Ô ´ëüÀûÀÎ °üÃøÀÌ´Ù.
´õ¿íÀÌ °ø°³µÈ Åøµé·Î ½Ã½ºÄÚ, Æ÷Ƽ³Ý. ÁÖ´ÏÆÛ µî ³×Æ®¿öÅ© ¹× º¸¾È Á¦Ç°±ºµéÀÇ ÇØÅ·ÀÌ °¡´ÉÇÑ °ÍÀ¸·Î ¾Ë·ÁÁö¸é¼ ÇØ´ç ¾÷üµéÀÇ Ãë¾àÁ¡ ÆÐÄ¡ ¼Ò½Äµµ À̾îÁö°í ÀÖ´Ù.
¸ÕÀú Æ÷Ƽ³ÝÀÇ Æ÷Ƽ°¡µå ·¦Àº ÇØÄ¿Á¶Á÷ ¼Îµµ¿ì ºê·ÎÄ¿½º°¡ °ø°³ÇÑ Æ÷Ƽ³Ý ³×Æ®¿öÅ© ÀåºñÀÇ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù.
À̹ø Ãë¾àÁ¡Àº °ø°ÝÀÚ°¡ Cookie Parser Buffer Over Flow Ãë¾àÁ¡À» ÀÌ¿ëÇØ Á¶ÀÛµÈ HTTP¸¦ ¿äûÇÔÀ¸·Î½á ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡À¸·Î, FortGate(FOS) 4.3.8 ¹× ÀÌÀü ¹öÀü, 4.2.12 ¹× ÀÌÀü ¹öÀü, 4.1.10 ¹× ÀÌÀü ¹öÀü µî ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾îÀÇ »ç¿ëÀÚ´Â ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®°¡ ÇÊ¿äÇÏ´Ù.
ÀÌ¿¡ µû¶ó ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î¸¦ »ç¿ëÇÏ´Â °æ¿ì 5.x ¹öÀüÀ» ¼³Ä¡ÇÏ°í, 5.x°¡ ȣȯµÇÁö ¾Ê´Â Àåºñ´Â 4.3.9 ¹öÀüÀ» ¼³Ä¡ÇØ¾ß Çϸç, À¥ ÀÎÅÍÆäÀ̽º¿¡ Àΰ¡µÈ IP¸¸ Á¢±ÙÇϵµ·Ï Á¢±ÙÅëÁ¦°¡ ÇÊ¿äÇÏ´Ù. º¸´Ù ÀÚ¼¼ÇÑ »çÇ×Àº http://fortiguard.com/advisory/FG-IR-16-023¸¦ Âü°íÇÏ¸é µÈ´Ù.
ÀÌ¿Í ÇÔ²² ½Ã½ºÄÚ »çµµ ¼Îµµ¿ì ºê·ÎÄ¿½º°¡ °ø°³ÇÑ ASA ¼ÒÇÁÆ®¿þ¾îÀÇ Ãë¾àÁ¡¿¡ ´ëÇÑ °¢º°ÇÑ ÁÖÀǸ¦ ±Ç°íÇß´Ù. ASA(Adaptive Security Appliance) ¼ÒÇÁÆ®¿þ¾î´Â ½Ã½ºÄÚ¿¡¼ Á¦ÀÛÇÑ ³×Æ®¿öÅ© º¸¾È Ç÷§ÆûÀÌ´Ù.
À̹ø Ãë¾àÁ¡Àº Cisco ASA ¼ÒÇÁÆ®¿þ¾îÀÇ SNMP¿¡¼ ¹ß»ýµÇ´Â ¹öÆÛ ¿À¹öÇ÷ο츦 ÅëÇØ ¿ø°ÝÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡(CVE-2016-6366)À¸·Î, °ø°ÝÀÚ´Â Ãë¾àÁ¡¿¡ ¿µÇâ ¹Þ´Â ³×Æ®¿öÅ© Àåºñ¿¡ ¿ø°ÝÄÚµå ½ÇÇà ¹× ¼ºñ½º °ÅºÎ µîÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖ´Ù.
ÇØ´ç Ãë¾àÁ¡¿¡ ¿µÇâÀ» ¹Þ´Â Á¦Ç°Àº ´ÙÀ½°ú °°´Ù.
- Cisco ASA 5500 Series Adaptive Security Appliances
- Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Cisco ASA 1000V Cloud Firewall
- Cisco Adaptive Security Virtual Appliance(ASAv)
- Cisco Firepower 9300 ASA Security Module
- Cisco PIX Firewalls
- Cisco Firewall Services Module(FWSM)
´õ¿í Å« ¹®Á¦´Â ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¾ÆÁ÷ ¹ßÇ¥µÇÁö ¾Ê¾Ò´Ù´Â Á¡ÀÌ´Ù. ÀÌ·Î ÀÎÇØ ÆÐÄ¡°¡ ¹ßÇ¥µÉ ¶§±îÁö´Â SNMP ¼ºñ½º°¡ ºÒÇÊ¿äÇÒ °æ¿ì ¼ºñ½º¸¦ ÁßÁöÇÏ´Â °ÍÀÌ ÁÁ°í, Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇظ¦ ÁÙÀ̱â À§Çؼ´Â SNMP Community stringÀ» À¯ÃßÇϱ⠾î·Æ°Ô º¯°æÇØ »ç¿ëÇÒ °ÍÀ» ±Ç°íÇß´Ù.
ƯÈ÷, public, private µî ±âº»°ª »ç¿ëÀ» ±ÝÁöÇÏ°í, Àΰ¡µÈ IP¿¡¼¸¸ SNMP ¼ºñ½º¸¦ ÀÌ¿ëÇÒ ¼ö ÀÖµµ·Ï Á¢±ÙÅëÁ¦(ACL) ¼³Á¤ÀÌ ¿ä±¸µÈ´Ù´Â ¼³¸íÀÌ´Ù. °ü·Ã ³»¿ëÀº https://blogs.cisco.com/security/shadow-brokers¸¦ ÂüÁ¶ÇÏ¸é µÇ¸ç, ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È ¾÷µ¥ÀÌÆ®°¡ ³ª¿À´Â ´ë·Î Ãß°¡ °øÁöµÉ ¿¹Á¤ÀÌ´Ù.
À̹ø Æ÷Ƽ³Ý°ú ½Ã½ºÄÚ »çÀÇ º¸¾È ¾÷µ¥ÀÌÆ®¿Í °ü·ÃÇÑ º¸´Ù ±¸Ã¼ÀûÀÎ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø ¾øÀÌ 118)·Î ¹®ÀÇÇÏ¸é µÈ´Ù.
[±Ç ÁØ ±âÀÚ(editor@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>