Over the weekend, Sophos announce it had released a hotfix for Sophos XG firewalls. This hotfix patched an SQL injection attack which allowed attackers to download payloads to the device.
It looks like the hashed usernames and passwords have been stolen from the XG devices. This means all XG owners should reset the passwords for administration and any local VPN users as well.
It appears the attack was done either on the admin portal (port 4444) or the user portal (port 443). Normally the administration portal is closed on the WAN, however, it is normal practice to have the user portal exposed on the WAN.
If your firewall has been compromised, Sophos recommends these steps
Ubiquiti make great wireless access points and controllers for the enterprise. We have been looking to condense all our controllers in to a single controller for all of our clients. This makes management far easier, as well as providing additional revenue streams.
This is a step by step guide on how to configure your own cloud controller for unifi products on Ubuntu.
Grab a vps from somewhere like AWS, Rackspace, our download the free VMWare ESXi and host it yourself
Log in to Ubuntu and edit your source files and add (/etc/apt/sources.list)
deb http://www.ubnt.com/downloads/unifi/distros/deb/precise precise ubiquiti
Type apt-get update
Type apt-get install unifi-beta
Once this has finished installing, go to the web address @ https://hostname:8443
You should see the following information. Fill it in, then login with your username and password
Now you need to point your APs to your hostname and publish it externally. That’s a bit too hard to go in this article, but leave a comment if you get stuck here. Follow this Youtube link on how to configure your APs to an external address.
In part two, I will show you how to connect the clients and create client groups.