Network infrastructure devices – the routers, switchers, servers, firewalls and other devices that facilitate communications on yor network – can be prime targets for hackers. Almost all network traffic crosses these crucial devices, and if one of them is compromised a hacker can do serious damage.
For example, an attacker with access to your organization’s gateway router can control traffic going in and out. He can monitor, modify or deny traffic in any direction. An attacker with access to an internal switcher can control traffic within your organization. As the U.S. Department of Homeland Security’s Computer Emergency Readiness Team puts it succinctly: Whoever controls the routing infrastructure of a network essentially controls the data flowing through the network.
That is a huge danger to your business or organization.
Why are these devices often vulnerable to hacks? According to the National Cybersecurity and Communications Integration Center:
• Few network devices — especially small office/home office and residential-class routers — run antivirus software and other security tools that help protect general-purpose hosts.
• Manufacturers build and distribute network devices with exploitable services, which are enabled for ease of installation, operation and maintenance.
• Owners and operators of network devices often don’t change vendor default settings, harden them for operations or perform regular patching.
• Internet service providers may not replace equipment on a customer’s property once the equipment is no longer supported by the manufacturer or vendor.
• Owners and operators often overlook network devices when they look for intruders and restore general-purpose hosts after cyber intrusions.
What can you do to protect your network?
The NCCIC recommends the following steps:
• Segment and segregate networks and functions: On a poorly segmented network, intruders are able to extend their impact to control critical devices or gain access to sensitive data and intellectual property. Segregation separates network segments based on role and functionality. A securely segregated network can contain malicious occurrences, reducing the impact from intruders.
• Limit unnecessary lateral communications: Allowing unfiltered peer-to-peer communications, including workstation-to-workstation, creates serious vulnerabilities and can allow a network intruder’s access to spread easily once he’s in. Unfiltered lateral communications allow the intruder to create backdoors throughout the network. Organizations can place routers between networks to create boundaries, increase the number of broadcast domains and effectively filter users’ broadcast traffic. Organizations can use these boundaries to contain security breaches by restricting traffic to separate segments.
• Harden network devices: Government agencies, organizations, and vendors supply a wide range of guidance to administrators on how to harden network devices: disable unencrypted remote admin protocols; disable unnecessary services; use Simple Network Management Protocol version 3 or higher; implement robust password policies; control access for remote administration of routers and switchers; back up configurations and store them offline; keep network device operating systems up to date,
• Secure access to infrastructure devices: Limiting administrative privileges for infrastructure devices is crucial to security because intruders can exploit administrative privileges that are improperly authorized, granted widely, or not closely audited. Organizations can mitigate unauthorized infrastructure access by implementing secure access policies and procedures.
• Employ Out-of-Band network management: Out-of-Band (OoB) management uses alternate communication paths to remotely manage network infrastructure devices. These dedicated communication paths can vary in configuration to include anything from virtual tunneling to physical separation. Using OoB access to manage the network infrastructure will strengthen security by limiting access and separating user traffic from network management traffic.
• Validate integrity of hardware and software: There are a lot of counterfeit, secondary or gray market devices out there, and they carry risks. They have not been thoroughly tested to meet quality standards, and potentially could introduce malicious software or backdoor access to your network.
Previously on the DFC Blog
FBI Says Online Blackmail is on the Rise
Is Data Recovery Possible After Ransomware?
DISCLAIMER: This blog is designed for informational and educational purposes only. It does not constitute legal advice and is not intended to create an attorney-client relationship. Further, your use of this blog does not create an attorney-client relationship. Online readers should not act upon any information presented on this blog without first seeking professional legal counsel. Legal advice cannot be provided without full consideration of all relevant information relating to one’s individual situation. For specific, technical, or legal advice on the information provided and related topics, please contact the author. The author apologizes for any factual or other errors in this blog. If you believe that some content is inaccurate, false, disparaging, slanderous, libelous, or defamatory, please contact the author directly at (StevenG.@digitalforensics.com). Information herein is provided on an “as is” or “as available” basis; we make no warranty of any kind to you regarding the information provided and disclaim any liability for damages from use of the blog or its content.