This past November, we shared an interview with Cyberaโs security analyst, Andrew Klaus, in which he talked about the new Security Information and Event Management (SIEM) initiative being carried out through Canadaโs 13 provincial, territorial and federal partners in the National Research and Education Network (NREN). As Andrew noted, the biggest benefit of a collaborative cybersecurity project like this is the ability to quickly and easily share information on security risks.
As reported this week by ZDNet, this collaborative effort has already paid off, through the identification by Andrew and his NREN partners of a major vulnerability on FortiSIEM, Fortinetโs SIEM product. This product is used by the NREN to monitor Canadaโs vital research and education infrastructure, and is widely utilized by other research networks around the globe.
In December 2019, Andrew noticed a reference to an SSH key in one of FortiSIEMโs configuration files on Cyberaโs network monitoring appliance. Working with the NREN security analyst team, he found the same key on several other appliances.
โAn SSH key, or Secure Shell key, is a safer way to authenticate a user than through a simple password, as it is much longer โ too long to memorize,โ explains Andrew. โPeople who know how SSH works know the importance of keeping this key confidential, because if someone has access to it, they can then impersonate you.โ
As the ZDNet article noted: โDue to the sensitive nature of the data processed by a SIEM product and its central role in a company’s cyber-security defenses, any backdoor mechanism in these systems is considered a dangerous and highly critical vulnerability.โ
Thanks to the quick identification of the exposed SSH key on the NREN infrastructure, Andrew and his fellow analysts were able to notify Fortinet of the vulnerability, and create a work-around solution as they waited on new, unique SSH keys to be generated by FortiSIEM for all its users.
โThe collaborative nature of the NREN SIEM project has been a great benefit for Cybera, as it allows us to openly share issues or questions with other groups, and work together to implement solutions,โ says Andrew.
The NREN initiative represents an unprecedented pan-Canadian effort to coordinate network threat monitoring. In Alberta, Cybera is currently working with post-secondary partners to bring them on-board, to further add to the collective monitoring capabilities of the group.
For further information on Cyberaโs security initiatives, visit cybera.ca/services/cybersecurity.