Keeping your network devices secure

1
Keeping your network devices secure
Despite constituting the lifeline of every
corporate IT infrastructure, network devices
happen to be the most notoriously insecure,
making them favorite targets of both
sophisticated hackers and script kiddies. In the
thick of mounting pressure from political groups
in favor of government surveillance through
backdoors in encrypted devices to combat
terrorism, the likes of Junipers ScreenOS
vulnerability have taught us how, to an
experienced attacker, it can turn out to be a
master-key not just to the organizations data,
but the governments as well. The most valuable
lesson we learned from the past years device
hacks is that cyber criminals will never ignore
an opportunity to exploit a gaping hole in
discrepant security policies, mandates and
protocols.
Turning the tables on evasive device
attacks Enterprise network devices shipped and
installed with default insecurities and IP
address spoofing possibilities unchecked by ISPs
can be simultaneously leveraged by a number of
extortion groups and individual threat actors. A
colleague who correlates threat signatures
pointed out an upsetting hike in sophistication
of emerging exploit malcodes written for embedded
devices. These next-generation Malware writers
are challenging virtual machine sandboxes,
proprietary operating system artifacts, and
obfuscating internal data. In the wake of
waning certainty, an organizations last line of
defense undoubtedly rests on how well an
anomalous activity is tracked, observed and
interpreted.
2
Keeping your network devices secure
Your security monitoring system needs
functionality that extends beyond mere alerting
of suspicious traffic. A combination of active
network scanning and passive monitoring will give
you through information about the origin of
malicious packets, intent and what gaps to fill.
The result is an up-to-the-minute inventory of
assets, addressing, traffic and header analysis
in addition to system information of entities on
your network. For instance, a threat actor might
advertise a forged Autonomous Systems Number and
trick an ISP gateway into redirecting to him, all
traffic destined for the victimized route. The
best way to deal with this at your perimeter is
to monitor the routes of incoming packets and
look for anomaly. Do the packets appear to be
coming from Autonomous Systems Numbers that your
ISP does not accept routes from? What are they
targeting and what could be their motives? Such
questions are inescapable and can only be
answered with help from a threat data platform
that documents known bad actors. Dig deep for
vulnerabilities Embedded systems configured for
remote administration must be protected from
emerging malware families that employ
custom-built rootkits in password-guessing brute
force attacks, especially those that can
self-update once inside your network. Deep-level
scanning of file integrity, registry settings and
rootkits can help you detect it when abnormal
infiltration attempts are underway. Fix
baselines for acceptable network activities and
assess suspicious behavior with reference to
asset databases and your inventory of active
software and services. Tools that analyze network
breach malware are limited to predefined
detection signatures. Intrusion detection systems
on the other hand, are designed to keep the
entire attack lifecycle in perspective. Most
importantly, align network security policy
management with your enterprise threat
information. An organization that is well-aware
of its security posture is one that uses a
well-documented evaluation process to manage
policies, appraise effectiveness and identify
where to make amends.
3
Keeping your network devices secure
Integrating your firewalls configuration rule
sets, secure shell server authentication policies
and cryptographic key management tools with your
incident response workflow can facilitate
automated analysis of device-level policy
compliance. Make sure that policy changes for all
elements of perimeter defense are run through a
streamlined risk assessment process to avoid
risky changes. At Aleph Tav Technologies, we
dont just share insights. We show you how its
done for free. Visit alephtavtech.com to know
more about the 15-day no-obligations trial period
for our 247 Managed Security Operations Suite.