Network protection - the things we forget
Good afternoon, dear Khabravchians.
Let’s think with you what actions we take to protect the network from external threats?
If we are talking about a large organization, then of course a separate proxy server (sometimes more than one) is allocated, on which filters and a firewall are configured, rules for incoming and outgoing traffic are registered, and its accounting is configured. On client computers running Windows, a constantly updated antivirus is installed with the possibility of proactive protection, client firewalls and other “goodies”.
In smaller organizations, everything is built in approximately the same way, and many of us have antiviruses and firewalls (which are constantly updated and monitored) on home computers. It would seem that the defense is configured, if not for one BUT, which many forget.
What have we missed? Network hardware! But honestly, which of you was worried about protecting network equipment? Every year it becomes more accessible, now almost every user, every housewife who has access to the Internet has a “box with small tips” next to the system unit, and the common people are an ADSL modem. Also, many people buy Wi-Fi access points and other equipment that is controlled through a web console. Every day, this equipment is becoming more user friendly, and therefore requires less configuration effort. Most people, after they have been connected to the Internet, never again look at the settings of network equipment. But in vain.
Attacks on MIPS devices have appeared quite recently, and the vast majority of network equipment is subject to them. Such attacks can pursue several goals:
I think no one will have to explain why such attacks are dangerous. I can only say that usually the purpose of such attacks is the user's wallet, less often, his reputation.
A few simple tips:
In conclusion, I want to note that attacks on network devices are a very serious problem, including due to the prevalence of these same devices. It is also worth considering the fact that such devices almost never turn off — few people turning off the PC turn off all peripheral equipment, and anti-virus companies have not created any security software for such equipment.
Let’s think with you what actions we take to protect the network from external threats?
If we are talking about a large organization, then of course a separate proxy server (sometimes more than one) is allocated, on which filters and a firewall are configured, rules for incoming and outgoing traffic are registered, and its accounting is configured. On client computers running Windows, a constantly updated antivirus is installed with the possibility of proactive protection, client firewalls and other “goodies”.
In smaller organizations, everything is built in approximately the same way, and many of us have antiviruses and firewalls (which are constantly updated and monitored) on home computers. It would seem that the defense is configured, if not for one BUT, which many forget.
What have we missed? Network hardware! But honestly, which of you was worried about protecting network equipment? Every year it becomes more accessible, now almost every user, every housewife who has access to the Internet has a “box with small tips” next to the system unit, and the common people are an ADSL modem. Also, many people buy Wi-Fi access points and other equipment that is controlled through a web console. Every day, this equipment is becoming more user friendly, and therefore requires less configuration effort. Most people, after they have been connected to the Internet, never again look at the settings of network equipment. But in vain.
Attacks on MIPS devices have appeared quite recently, and the vast majority of network equipment is subject to them. Such attacks can pursue several goals:
- Network monitoring;
- Request redirection;
- Forwarding and port forwarding;
- Data theft;
- Theft of WEP / WPA encryption keys;
- DNS settings spoofing;
I think no one will have to explain why such attacks are dangerous. I can only say that usually the purpose of such attacks is the user's wallet, less often, his reputation.
Why can attacks on network devices be successful?
- Very often, communications service providers also provide customized and ready-to-use equipment. Most likely, the technical support service has remote access to it;
- Using default passwords - it is rare that any home user purposefully gets into changing security settings in a home modem. Many do not even know how to do this;
- Use of UPnP technologies. Usually enabled by default. Allows the device to independently connect to other network devices without requiring user participation, while it does not require any authentication;
- Problems with the firmware. Many web forms contain XSS vulnerabilities, and also allow forging cross-site CSRF requests;
- Difficulty updating firmware. A rare user will be engaged in updating the firmware of the device if it already works normally;
How to protect yourself?
A few simple tips:
- Use strong complex passwords to access equipment settings; never use default passwords;
- You should regularly update the firmware of the equipment;
- It is advisable to disable all unused services, also limit the use of UPnP;
In conclusion, I want to note that attacks on network devices are a very serious problem, including due to the prevalence of these same devices. It is also worth considering the fact that such devices almost never turn off — few people turning off the PC turn off all peripheral equipment, and anti-virus companies have not created any security software for such equipment.