BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Vulnerability Assessment for Network Devices – Now More Than Ever!

Posted May 19, 2010    Morey Haber

Here is a startling statistic and article written by Dark Reading: More Than One-Third Of Network Devices Show Vulnerabilities when vulnerability data was compiled from 235 different enterprises during vulnerability assessment scans in 2009.

Think about this for a minute. One third of their devices had potential security vulnerabilities that could comprise their networks and these are enterprise clients that are supposed to be ahead of the curve when it comes to securing their networks.

So what are the small to medium sized businesses that do not regularly perform vulnerability assessment and do not have a dedicated security team to do? Are their statistics much worse?

The intuitive answer is probably yes. They statistically have more devices at risk, but I would also argue that they may not have as much IP enabled specialty equipment. So the question of whether the numbers are higher or lower for the small to medium size business does not really matter for this blog; however what does matter is that in every environment, devices that have vulnerabilities may be overlooked.

A case in point: how many environments have printer/copiers installed that are networked based? I am willing to bet most small businesses do. Has anyone ever changed the SNMP community string passwords on those devices from their defaults? If you do not know the answer to this, they are probably set to the manufacturer’s defaults and a program or user could reprogram the device, add email addresses as valid destinations, or just reprogram something as simple as the LCD.

The team at IronGeek has posted a nice blog about the hacks you can do to the most common printers using manufacturer defaults. I am making this point because most users do not think their devices could be leveraged against them or that it would take a geek with nothing better to do but cause some mischief.

If you are unfamiliar with risks associated with printer vulnerabilities, ask yourself a few basic questions about the devices in your organization. Do they provide copy and scan functions via email? Do they have internal hard drives? Do they have the ability to send faxes? If they do, then they can probably be reprogrammed using default settings to copy someone on every email sent from the device or allow a user to pull printed data from the internal hard disk. Imagine HR using the device and everything scanned, faxed, or sent via email being duplicated to a rogue email address.

Given that one third of devices have faults like these printers, it is only a matter of time before malware leverages one of these ubiquitous devices. Consider the recent 2010 CVE rash of vulnerabilities for devices like the Cisco ASA 5500 Security Appliance. While exploits do exist for these vulnerabilities, I strongly believe it is only a matter of time until one of them finds its way into malware and will ultimately cripple a business much worse than any worm or bot infestation.

So what is a business to do?

• Perform regular vulnerability assessments; just like locking your car door and making sure all the windows are closed when you leave your home.

• Keep the devices secure and change default passwords just like major regulatory compliance initiatives dictate; PCI DSS for example.

• All critical vulnerabilities should be fixed, regardless of the device.

Finally, if you need help securing your environment, ask an expert. People hire alarm companies all the time to secure their offices and homes. Businesses should consider hiring security experts to protect their systems and data in just the same way.

Could your business operate without your computers? Probably not. Vulnerabilities that can be exploited can take down a business just as badly as a physical theft of equipment and we all already pay for alarm systems today. Vulnerability assessment, mitigation, and protection only make sense to secure our dependency on these electronic systems.

Tags:
,

Leave a Reply

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,