“Protect the Gray Areas of the Corporate Network.” (From our Forums.)
Text originally published by Saroj Kumar on the Cyber Secure Central Forums.
The weakest link in our IT system is represented by the most stupid and often forgotten devices in building defense systems against intrusions. A real “gray area” that risks turning into a nightmare for security.
Some call it the Internet of Things (IoT) but, rather than a new technological dimension, it is the result of a process that started some time ago and that in recent years has been showing its real aspects.
Everything starts from the increasingly strong tendency to network devices that, initially, were not considered as part of computer networks. Network printers, surveillance cameras, router, VoIP switchboards and specialized tools (such as those for industrial or medical use) are now a risk factor for the security of the entire network.
Recent reports found striking cases involving the so-called IoT, including an incident in which hackers managed to compromise thousands of surveillance cameras and use them to conduct a DDoS attack against Internet sites.
With a view to defining security policies and the control architecture of the network, the real risk is that all these devices are likely to be forgotten merely and computer hackers can have an easy game to exploit them to access the corporate network.
The factors to be taken into account are numerous and, from the point of view of safety management, they require careful planning.
The first element of risk is related to the maintenance and updating of the software that manages this type of device. While the policies for updating operating systems and software used in the company is a well-established practice, the timely verification of firmware updates is an aspect that is too often overlooked.
On the other hand, who cares to verify the presence of a new version of the firmware of a printer enclosed in a closet? As the discovery of a Windows vulnerability in the print driver management system has shown in recent times, such a forgetfulness can be very expensive.
Especially since in many cases IT administrators do not even bother to change the login credentials (username and password) once the devices are installed on the network, allowing anyone to use the default ones to access them.
A printer, as well as an attack vehicle, can also be a target. What we tend to forget is that devices like these keep the documents that have been printed in memory. Access to the memory of a multi-function printer can be as valuable for an attacker as a breach of an e-mail box.
Furthermore, patch management systems are not able to solve the problem. In many cases, updates cannot be installed remotely and require a physical intervention on the device.
The only solution is to adopt a strict policy and maintain a communication channel with the manufacturer that allows for timely notification of the presence of updates or the discovery of vulnerabilities that can put systems integrity at risk.
The content of this article does not reflect the official opinion of Cyber Secure Central. Responsibility for the information and views expressed in the article lies entirely with the author(s).