Security Issue with pcAnywhere

in Information Security, News
January 30th, 2012

Security AlertDue to a security issue with pcAnywhere, we plan to create a new rule to block in bound traffic to ports: 5631/TCP, 5632/UDP.  This rule will go into effect on Sunday, 2/5.

If you are using pcAnywhere, please read this message in its entirety.

In a white paper released on 1/23, Symantec revealed that  proprietary source code for current versions of its pcAnywhere software were stolen in 2006 and that all users are at risk of attack and should disable the product.

Symantec, in their official report on this event, provides this statement:  “Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks.“

What you should do:

  • For any system that contains Restricted Use information, pcAnywhere must be disabled and alternatives sought.  (For a definition of Restricted Use information, please see the Data Classification Guide, part of the Data Protection Standards: http://www.bu.edu/infosec/policies/data-protection-standards/)
  • For any other system where you are using pcAnywhere and where an alternative solution will work, you should switch to the alternate solutions.  Some possible solutions include:
    1. Windows Remote Desktop (see http://www.bu.edu/tech/security/protect/bestpractice/remote-desktop/ for details)
    2. GotomyPC (security has not evaluated this product and it does have a price tag, so this is not a specific recommendation of this product, but simply an alternative if Remote Desktop will not work)
    3. Avoid RealVNC.  It is known to have significant security issues.
  • Where you (1) have a business critical function (2) on a system not containing Restricted Use information and (3) pcAnywhere is the only solution that will work for that function, you may continue to use it provided you do the following:
    1. Upgrade to the latest version
    2. Update your pcAnywhere configuration as recommended in the white paper from Symantec in the “pcAnywhere Security Best Practices” section, beginning on page 5
    3. Set up your pcAnywhere connection to use different authentication credentials than you use for any other BU system
    4. If you are outside of BU, Connect to BU via VPN prior to establishing the pcAnywhere connection
    5. Monitor Symantec’s site for further security information and updates

What we will be doing:

  • As recommended by the vendor, we will be writing a new rule to block traffic coming in to BU using the standard pcAnywhere communication ports: 5631/TCP, 5632/UDP.  This rule will go into effect on Sunday, 2/5.

References: