{"id":1737,"date":"2012-01-30T13:53:26","date_gmt":"2012-01-30T17:53:26","guid":{"rendered":"https:\/\/www.bumc.bu.edu\/it\/?p=1737"},"modified":"2012-09-25T09:04:37","modified_gmt":"2012-09-25T13:04:37","slug":"security-issue-with-pcanywhere","status":"publish","type":"post","link":"https:\/\/www.bumc.bu.edu\/it\/2012\/01\/30\/security-issue-with-pcanywhere\/","title":{"rendered":"Security Issue with pcAnywhere"},"content":{"rendered":"<p><strong>Security Alert<\/strong><strong> \u2013 <\/strong>Due to a security issue with pcAnywhere, we plan to create a new rule to block in bound traffic to ports: 5631\/TCP, 5632\/UDP.\u00a0\u00a0<strong>This rule will go into effect on Sunday, 2\/5<\/strong>.<\/p>\n<p><strong> <\/strong><\/p>\n<p><strong>If you are using pcAnywhere, please read this message in its entirety<\/strong><strong>.<\/strong><\/p>\n<p>In a white paper released on 1\/23, Symantec revealed that \u00a0proprietary source code for current versions of its pcAnywhere software were stolen in 2006 and that all users are at risk of attack and should disable the product.<\/p>\n<p>Symantec, in their official report on this event, provides this statement:\u00a0 \u201cSymantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks.\u201c<\/p>\n<p><strong>What you should do:<\/strong><\/p>\n<ul>\n<li>For any system that contains\u00a0<em>Restricted Use<\/em> information, pcAnywhere must be disabled and alternatives sought.\u00a0 (For a definition of Restricted Use information, please see the Data Classification Guide, part of the Data Protection Standards:\u00a0<a href=\"http:\/\/www.bu.edu\/infosec\/policies\/data-protection-standards\/\">http:\/\/www.bu.edu\/infosec\/policies\/data-protection-standards\/<\/a>)<\/li>\n<li>For any other system where you are using pcAnywhere and where an alternative solution will work, you should switch to the alternate solutions.\u00a0 Some possible solutions include:\n<ol>\n<li>Windows Remote Desktop (see\u00a0<a href=\"http:\/\/www.bu.edu\/tech\/security\/protect\/bestpractice\/remote-desktop\/\">http:\/\/www.bu.edu\/tech\/security\/protect\/bestpractice\/remote-desktop\/<\/a> for details)<\/li>\n<li>GotomyPC (security has not evaluated this product and it does have a price tag, so this is not a specific recommendation of this product, but simply an alternative if Remote Desktop will not work)<\/li>\n<li>Avoid RealVNC.\u00a0 It is known to have significant security issues.<\/li>\n<\/ol>\n<\/li>\n<li>Where you (1) have a business critical function (2) on a system\u00a0<em>not<\/em> containing\u00a0<em>Restricted Use<\/em> information and (3) pcAnywhere is the only solution that will work for that function, you may continue to use it provided you do the following:\n<ol>\n<li>Upgrade to the latest version<\/li>\n<li>Update your pcAnywhere configuration as recommended in the\u00a0<a href=\"http:\/\/www.symantec.com\/connect\/sites\/default\/files\/pcAnywhere%20Security%20Recommendations%20WP_01_23_Final.pdf\">white paper from Symantec<\/a> in the \u201cpcAnywhere Security Best Practices\u201d section, beginning on page 5<\/li>\n<li>Set up your pcAnywhere connection to use\u00a0<em>different<\/em> authentication credentials than you use for any other BU system<\/li>\n<li>If you are outside of BU,<strong> Connect to BU via VPN <\/strong><em>prior<\/em> to establishing the pcAnywhere connection<\/li>\n<li>Monitor Symantec\u2019s site for further security information and updates<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n<p><strong>What we will be doing:<\/strong><\/p>\n<p><strong> <\/strong><\/p>\n<ul>\n<li>As recommended by the vendor, we will be writing a new rule to block traffic coming in to BU using the standard pcAnywhere communication ports: 5631\/TCP, 5632\/UDP.\u00a0\u00a0<strong>This rule will go into effect on Sunday, 2\/5<\/strong>.<\/li>\n<\/ul>\n<p><strong>References:<\/strong><\/p>\n<ul>\n<li>The\u00a0<a href=\"http:\/\/nakedsecurity.sophos.com\/2012\/01\/25\/symantec-stop-pcanywhere\/?utm_source=Naked+Security+-+Sophos+List&amp;utm_medium=email&amp;utm_campaign=f2702580f3-naked%252Bsecurity\">story as told by Sophos<\/a><\/li>\n<li>The\u00a0<a href=\"http:\/\/www.techspot.com\/news\/47204-symantec-recommends-disabling-pcanywhere-after-source-code-leak.html\">story as told by Techspot<\/a><\/li>\n<li>The\u00a0<a href=\"http:\/\/www.symantec.com\/connect\/sites\/default\/files\/pcAnywhere%20Security%20Recommendations%20WP_01_23_Final.pdf\">white paper from Symantec<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Security Alert \u2013 Due to a security issue with pcAnywhere, we plan to create a new rule to block in bound traffic to ports: 5631\/TCP, 5632\/UDP.\u00a0\u00a0This rule will go into effect on Sunday, 2\/5. If you are using pcAnywhere, please read this message in its entirety. In a white paper released on 1\/23, Symantec revealed [&hellip;]<\/p>\n","protected":false},"author":5559,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[14,4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/posts\/1737"}],"collection":[{"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/users\/5559"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/comments?post=1737"}],"version-history":[{"count":5,"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/posts\/1737\/revisions"}],"predecessor-version":[{"id":1748,"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/posts\/1737\/revisions\/1748"}],"wp:attachment":[{"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/media?parent=1737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/categories?post=1737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bumc.bu.edu\/it\/wp-json\/wp\/v2\/tags?post=1737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}