BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Vulnerability Assessment for Network Devices – Now More Than Ever!

Post by Morey Haber May 19, 2010

Here is a startling statistic and article written by Dark Reading: More Than One-Third Of Network Devices Show Vulnerabilities when vulnerability data was compiled from 235 different enterprises during vulnerability assessment scans in 2009.

Think about this for a minute. One third of their devices had potential security vulnerabilities that could comprise their networks and these are enterprise clients that are supposed to be ahead of the curve when it comes to securing their networks.

So what are the small to medium sized businesses that do not regularly perform vulnerability assessment and do not have a dedicated security team to do? Are their statistics much worse?

The intuitive answer is probably yes. They statistically have more devices at risk, but I would also argue that they may not have as much IP enabled specialty equipment. So the question of whether the numbers are higher or lower for the small to medium size business does not really matter for this blog; however what does matter is that in every environment, devices that have vulnerabilities may be overlooked.

A case in point: how many environments have printer/copiers installed that are networked based? I am willing to bet most small businesses do. Has anyone ever changed the SNMP community string passwords on those devices from their defaults? If you do not know the answer to this, they are probably set to the manufacturer’s defaults and a program or user could reprogram the device, add email addresses as valid destinations, or just reprogram something as simple as the LCD.

The team at IronGeek has posted a nice blog about the hacks you can do to the most common printers using manufacturer defaults. I am making this point because most users do not think their devices could be leveraged against them or that it would take a geek with nothing better to do but cause some mischief.

If you are unfamiliar with risks associated with printer vulnerabilities, ask yourself a few basic questions about the devices in your organization. Do they provide copy and scan functions via email? Do they have internal hard drives? Do they have the ability to send faxes? If they do, then they can probably be reprogrammed using default settings to copy someone on every email sent from the device or allow a user to pull printed data from the internal hard disk. Imagine HR using the device and everything scanned, faxed, or sent via email being duplicated to a rogue email address.

Given that one third of devices have faults like these printers, it is only a matter of time before malware leverages one of these ubiquitous devices. Consider the recent 2010 CVE rash of vulnerabilities for devices like the Cisco ASA 5500 Security Appliance. While exploits do exist for these vulnerabilities, I strongly believe it is only a matter of time until one of them finds its way into malware and will ultimately cripple a business much worse than any worm or bot infestation.

So what is a business to do?

• Perform regular vulnerability assessments; just like locking your car door and making sure all the windows are closed when you leave your home.

• Keep the devices secure and change default passwords just like major regulatory compliance initiatives dictate; PCI DSS for example.

• All critical vulnerabilities should be fixed, regardless of the device.

Finally, if you need help securing your environment, ask an expert. People hire alarm companies all the time to secure their offices and homes. Businesses should consider hiring security experts to protect their systems and data in just the same way.

Could your business operate without your computers? Probably not. Vulnerabilities that can be exploited can take down a business just as badly as a physical theft of equipment and we all already pay for alarm systems today. Vulnerability assessment, mitigation, and protection only make sense to secure our dependency on these electronic systems.

Tags:
,

Leave a Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,