During late March of 2016, a vulnerability now called Badlock was found in the popular business network application Samba. Samba enables different kinds of computers to connect to files and printers on Microsoft Windows servers, the central platform for many businesses. Badlock is particularly serious, because it not only affects a whole range of different Samba versions, but, because of the manner in which it works with Windows computers, it makes them vulnerable to attack in other ways.
Badlock Creates Business Risks
The Samba software suite performs a variety of functions and is especially common on business networks. While Badlock could make home networks vulnerable, too, I believe attackers are much more likely to target businesses. Here are the types of attacks I believe Badlock enables against business networks.
Man in the Middle (MitM) Attacks
Samba works by connecting to your business’s central Windows server, the place in which your user account information is stored, called the Active Directory (AD) server. Badlock lets attackers perform what’s called a “Man in the Middle” attack, which lets the culprits see information moving between your AD user account server, your file server and your staff’s computers. Private business files and user information can be stolen this way.
Denial of Service (DoS) Attacks
If that weren’t bad enough, Badlock also makes businesses vulnerable to something called a Denial of Service attack. Here, instead of trying to access your business’s information, Badlock simply lets attackers punch a hole through IT security systems and overwhelm your Windows servers, preventing you from accessing your files or even logging into your computers.
What to Do
Technical information for IT staff can be found on the Badlock vulnerability awareness site. In general, all businesses affected by Badlock should take the following actions:
Prioritize the Application of Security Fixes
Updating your computer systems with the latest security fixes — patching — is the single most important step to take regarding Badlock. Patches are available now for affected versions of Samba. Badlock affects older versions of Samba, too, some of which are no longer supported by the developer. If your business is using Samba version 4.1, you should know that it will never receive a fix, and you should make upgrading to a newer, safer version a business priority.
Audit Computer Systems for Unnecessary Samba Connections
A general rule of IT security is that if you’re not using a particular feature, always turn it off. Leaving your network up and open when you don’t need it is akin to leaving a door to your business unlocked just because you think that someday you may need to use that door. If an audit hasn’t been performed in a while, work with IT staff to review your computer network for unnecessary, open network connections. These could be Samba connections or other types.
It is important to know that patching and auditing your computer systems against Badlock may require some downtime. This can be a tough pill to swallow for businesses that rely heavily on their computer systems, but Badlock is serious enough that you must make this a priority. The potential damage an attacker can wreak on your systems is just too great to delay taking action.
Get Further Advice on Badlock or Business IT Security
Do you want additional advice on how to handle Badlock or other IT security matters? Our team has years of experience to offer you. Give PACE Technical Services in Toronto a call at 905.763.7896 Ext. 214, or send an email to firstname.lastname@example.org today.