BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Vulnerability Assessment for Network Devices – Now More Than Ever!

Posted May 19, 2010    Morey Haber

Here is a startling statistic and article written by Dark Reading: More Than One-Third Of Network Devices Show Vulnerabilities when vulnerability data was compiled from 235 different enterprises during vulnerability assessment scans in 2009.

Think about this for a minute. One third of their devices had potential security vulnerabilities that could comprise their networks and these are enterprise clients that are supposed to be ahead of the curve when it comes to securing their networks.

So what are the small to medium sized businesses that do not regularly perform vulnerability assessment and do not have a dedicated security team to do? Are their statistics much worse?

The intuitive answer is probably yes. They statistically have more devices at risk, but I would also argue that they may not have as much IP enabled specialty equipment. So the question of whether the numbers are higher or lower for the small to medium size business does not really matter for this blog; however what does matter is that in every environment, devices that have vulnerabilities may be overlooked.

A case in point: how many environments have printer/copiers installed that are networked based? I am willing to bet most small businesses do. Has anyone ever changed the SNMP community string passwords on those devices from their defaults? If you do not know the answer to this, they are probably set to the manufacturer’s defaults and a program or user could reprogram the device, add email addresses as valid destinations, or just reprogram something as simple as the LCD.

The team at IronGeek has posted a nice blog about the hacks you can do to the most common printers using manufacturer defaults. I am making this point because most users do not think their devices could be leveraged against them or that it would take a geek with nothing better to do but cause some mischief.

If you are unfamiliar with risks associated with printer vulnerabilities, ask yourself a few basic questions about the devices in your organization. Do they provide copy and scan functions via email? Do they have internal hard drives? Do they have the ability to send faxes? If they do, then they can probably be reprogrammed using default settings to copy someone on every email sent from the device or allow a user to pull printed data from the internal hard disk. Imagine HR using the device and everything scanned, faxed, or sent via email being duplicated to a rogue email address.

Given that one third of devices have faults like these printers, it is only a matter of time before malware leverages one of these ubiquitous devices. Consider the recent 2010 CVE rash of vulnerabilities for devices like the Cisco ASA 5500 Security Appliance. While exploits do exist for these vulnerabilities, I strongly believe it is only a matter of time until one of them finds its way into malware and will ultimately cripple a business much worse than any worm or bot infestation.

So what is a business to do?

• Perform regular vulnerability assessments; just like locking your car door and making sure all the windows are closed when you leave your home.

• Keep the devices secure and change default passwords just like major regulatory compliance initiatives dictate; PCI DSS for example.

• All critical vulnerabilities should be fixed, regardless of the device.

Finally, if you need help securing your environment, ask an expert. People hire alarm companies all the time to secure their offices and homes. Businesses should consider hiring security experts to protect their systems and data in just the same way.

Could your business operate without your computers? Probably not. Vulnerabilities that can be exploited can take down a business just as badly as a physical theft of equipment and we all already pay for alarm systems today. Vulnerability assessment, mitigation, and protection only make sense to secure our dependency on these electronic systems.

Tags:
,

Leave a Reply

Additional articles

CyberResiliency

6 things I like about Gartner’s Cyber Resiliency Strategy

Posted August 27, 2015    Nigel Hedges

There were 6 key principles, or recommendations, that Gartner suggested were important drivers towards a great cyber resiliency posture. I commented more than once during the conference that many of these things were not new. They are all important recommendations that are best when placed together and given to senior management and the board – a critical element of organisations that desperately need to “get it”.

Tags:
,
powerbroker-difference-1

Why Customers Choose PowerBroker: Flexible Deployment Options

Posted August 26, 2015    Scott Lang

BeyondTrust commissioned a study of our customer base in early 2015 to determine how we are different from other alternatives in the market. What we learned was that there were six key differentiators that separate BeyondTrust from other solution providers in the market. We call it the PowerBroker difference,

Tags:
, ,
Mac-Security-Enterprise

On Demand Webinar: Security Risk of Mac OS X in the Enterprise

Posted August 20, 2015    BeyondTrust Software

In the last several years, Mac administrators have come to realize that they may be just as vulnerable to exploits and malware as most other operating systems. New malware and adware is released all the time, and there have been serious vulnerabilities patched by Apple in the past several years, some of which may afford attackers full control of your systems.

Tags:
, ,