Preguntas frecuentes de búsqueda

APC Security Advisory - Vulnerabilities in TCP

Issue

Fundamental weaknesses in TCP/IP can allow an attacker to corrupt data, hijack sessions, or cause a denial-of-service condition (DOS or DDOS). This advisory is in response to Technical Cyber Security Alert TA04-111A. System administrators who use the APC TCP/IP-based network products should read this advisory.

Product Line

All APC products that connect to a TCP/IP network

Environment

Utilizing an APC product that connects to a TCP/IP network

Cause

Unlike the Border Gateway Protocol (BGP) used by routers, TCP connections used with APC products are typically transient. This means that an attack would have to be performed while the product was being actively accessed by a user. Furthermore, TCP window sizes for APC applications are typically very small and make it more difficult for an attacker.

Resolution

If available, deploy and use cryptographically secure protocols like SSL/TLS and SSH. These protocols prevent attackers from corrupting data and hijacking sessions. However, they do not prevent denial-of-service since authentication is performed above the transport layer (TCP).

To reduce the possibility of a denial-of-service condition it is recommended that APC products be protected by a firewall that can detect and respond to that class of attacks. In general, US-CERT recommends utilizing network security tactics such as Deploying and Use Cryptographically Secure Protocols, Ingress filtering, Network Isolation, and Egress filtering.

Status of this notice: INTERIM

THIS IS AN INTERIM ADVISORY. ALTHOUGH APC CANNOT GUARANTEE THE ACCURACY OF ALL STATEMENTS IN THIS NOTICE, ALL OF THE FACTS HAVE BEEN CHECKED TO THE BEST OF OUR ABILITY. APC DOES NOT ANTICIPATE ISSUING UPDATED VERSIONS OF THIS ADVISORY UNLESS THERE IS SOME MATERIAL CHANGE IN THE FACTS. SHOULD THERE BE A SIGNIFICANT CHANGE IN THE FACTS, APC MAY UPDATE THIS ADVISORY. A STAND-ALONE COPY OR PARAPHRASE OF THE TEXT OF THIS SECURITY ADVISORY THAT OMITS THE DISTRIBUTION URL IN THE FOLLOWING SECTION IS AN UNCONTROLLED COPY, AND MAY LACK IMPORTANT INFORMATION OR CONTAIN FACTUAL ERRORS.

IN NO EVENT SHALL EITHER APC, ITS OFFICERS, DIRECTORS, AFFILIATES OR EMPLOYEES, BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND INCLUDING, BUT NO LIMITED TO, LOSS OF PROFITS ARISING OUT OF THE USE OR IMPLEMENTATION OF THE INFORMATION CONTAINED HEREIN HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN AN ACTION FOR CONTRACT, STRICT LIABILITY OR TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, WHETHER OR NOT APC HAS BEEN ADVISED OR THE POSSIBILITY OF SUCH DAMAGE AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY.

References

http://codeverge.com/grc.security.software/us-cert-technical-cyber-security-alert/1649925

Publicado para:APC Spain

Fecha de publicación:10/8/2012Última fecha de modificación:29/9/2021

Rango:

UPS Network Management Cards

Rango:

UPS Network Management Cards

¿Necesitas ayuda?

Centro de asistencia

Obtén respuestas por tu cuenta probando nuestras herramientas de soporte digital.

Buscar preguntas frecuentes

Obtén las respuestas que necesitas examinando las preguntas frecuentes (FAQ) relacionadas con los temas.

¿Cómo comprar?

Encuentra fácilmente el distribuidor de APC más cercano a tu ubicación.

Encuentra la batería de repuesto

Encuentra la batería de repuesto original de APC para tu SAI.

Ponte en contacto con nosotros

Ponte en contacto con nosotros para obtener ayuda para elegir el producto adecuado o para solucionar problemas e instalar tus equipos. Lunes - Jueves : 8:30 to 18:00 Viernes: 8:30 to 14:45