BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Vulnerability Assessment for Network Devices – Now More Than Ever!

Posted May 19, 2010    Morey Haber

Here is a startling statistic and article written by Dark Reading: More Than One-Third Of Network Devices Show Vulnerabilities when vulnerability data was compiled from 235 different enterprises during vulnerability assessment scans in 2009.

Think about this for a minute. One third of their devices had potential security vulnerabilities that could comprise their networks and these are enterprise clients that are supposed to be ahead of the curve when it comes to securing their networks.

So what are the small to medium sized businesses that do not regularly perform vulnerability assessment and do not have a dedicated security team to do? Are their statistics much worse?

The intuitive answer is probably yes. They statistically have more devices at risk, but I would also argue that they may not have as much IP enabled specialty equipment. So the question of whether the numbers are higher or lower for the small to medium size business does not really matter for this blog; however what does matter is that in every environment, devices that have vulnerabilities may be overlooked.

A case in point: how many environments have printer/copiers installed that are networked based? I am willing to bet most small businesses do. Has anyone ever changed the SNMP community string passwords on those devices from their defaults? If you do not know the answer to this, they are probably set to the manufacturer’s defaults and a program or user could reprogram the device, add email addresses as valid destinations, or just reprogram something as simple as the LCD.

The team at IronGeek has posted a nice blog about the hacks you can do to the most common printers using manufacturer defaults. I am making this point because most users do not think their devices could be leveraged against them or that it would take a geek with nothing better to do but cause some mischief.

If you are unfamiliar with risks associated with printer vulnerabilities, ask yourself a few basic questions about the devices in your organization. Do they provide copy and scan functions via email? Do they have internal hard drives? Do they have the ability to send faxes? If they do, then they can probably be reprogrammed using default settings to copy someone on every email sent from the device or allow a user to pull printed data from the internal hard disk. Imagine HR using the device and everything scanned, faxed, or sent via email being duplicated to a rogue email address.

Given that one third of devices have faults like these printers, it is only a matter of time before malware leverages one of these ubiquitous devices. Consider the recent 2010 CVE rash of vulnerabilities for devices like the Cisco ASA 5500 Security Appliance. While exploits do exist for these vulnerabilities, I strongly believe it is only a matter of time until one of them finds its way into malware and will ultimately cripple a business much worse than any worm or bot infestation.

So what is a business to do?

• Perform regular vulnerability assessments; just like locking your car door and making sure all the windows are closed when you leave your home.

• Keep the devices secure and change default passwords just like major regulatory compliance initiatives dictate; PCI DSS for example.

• All critical vulnerabilities should be fixed, regardless of the device.

Finally, if you need help securing your environment, ask an expert. People hire alarm companies all the time to secure their offices and homes. Businesses should consider hiring security experts to protect their systems and data in just the same way.

Could your business operate without your computers? Probably not. Vulnerabilities that can be exploited can take down a business just as badly as a physical theft of equipment and we all already pay for alarm systems today. Vulnerability assessment, mitigation, and protection only make sense to secure our dependency on these electronic systems.

Tags:
,

Leave a Reply

Additional articles

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,
PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,