Be careful what you connect

Both private, institutional and corporate systems are being accessed by an increasing number of devices (1) that are not covered by any security protocols. According to many experts, this means that the traditional network security architecture is now completely in disarray. Be careful what you connect.

Systems designed to carry out multiple tasks and goals, but certainly not to control the deluge of constantly connected unauthorized wired and wireless devices, cannot manage the security of everything that appears in them. Globally, it is expected that the number of devices connected to the network will increase to over 27 billion within a year and will continue to grow (2). Unfortunately, most traditional security solutions cannot protect or even just detect these devices.

2. A network of connected devices now and in the future

Everyone who works or studies knows this phenomenon well. Hundreds and thousands of new hardware, including tons of private devices, appearing on hypothetically secure networks. Added to this is the expanding web of the Internet of Things. All of this increases the "surface area" that can be used to attack an organization's systems, making it easier for cybercriminals to penetrate first into the outer layers and then into these more heavily guarded resources.

Trouble with unmanaged hardware

Many organizations have had to learn that visibility of all devices on their networks is fundamental to any security strategy, which now needs to significantly strengthen their defense of key points. Therefore, an inventory of all devices, both managed and unmanaged, is necessary, which of course is an additional effort and resources. Needless to say, many companies do not do this. Meanwhile, the principle is this - each so-called an unmanaged device on the network must be considered a security critical risk.

This is easier said than done, given that the estimated numbers of the unmanaged are enormous and growing. American research shows that, on average, organizations do not know about 40 percent. devices in their environments. This is despite the fact that large organizations tend to use so-called visibility tools.

The list of ghost devices in most networks includes both desktop computers, laptops and smartphones, as well as the so-called smart electronic devices such as smart TV, web cameras, printers, air conditioning systems, industrial robots, portable medical devices and many more. It also includes hardware / software in the field of operational technologies designed to detect or cause changes to physical devices such as valves, pumps, etc.

Traditional tools detecting the visibility of devices on the network are very often no longer able to do this, given the changing threat landscape. For example, network scanners and network access control tools are generally unreliable and limited in scope, in particular in terms of their ability to provide relevant, in-depth security-related information.

There are several clear security risks posed by the multiple unmanaged devices mentioned here. One of the more serious ones is the use of unauthenticated management servers, which can be compromised remotely by using DNS Rebinding. This type of attack allows any party to establish a connection between an external server and a local service running within the internal address system of the victims' computers. In this way, the attacker can perform almost any action that threatens the computer, e.g. downloading and executing any file, installing a DLL library, data transfer .

3. One of the more serious threats is the use of unauthenticated management servers that can be remotely compromised through the use of DNS Rebinding

What's lurking in the Internet of Things?

In addition, operating systems (Linux, Windows, Android) in unmanaged or IoT-based hardware pose a security risk as they are rarely updated. Over time, they accumulate a lot of software vulnerabilities that create opportunities for hackers, leading to corporate data leakage and intellectual property infringement. Unmanaged or IoT-based devices are often installed on a network without the consent of the network manager and without proper configuration - including updating default passwords. These devices can be so-called virtual machines created for malicious purposes.

Must Read: Passions that can be developed at home

Gaining control over IoT devices can also have very unpleasant consequences for individual users. Devices such as webcams, DVRs can be connected, for example, to a home Wi-Fi network, which will allow you to create a gate to steal users' private data. Cybercriminals could also, for example, start controlling the alarm system in the apartment, or the electricity management system.

The Internet of Things (IoT) also means such equipment as washing machines, refrigerators and other everyday devices will exchange data with each other. The surveillance and observation system protects houses by automatically closing entrance doors and windows or monitoring the surroundings with cameras. Thanks to the Internet connection, all these devices can be remotely controlled by their owners, as well as by cybercriminals. The possibility of using tools connected to the Internet of Things as weapons is worrying. The best examples would be smart cars that, if hacked, can deliberately cause accidents, refrigerators that specifically change the temperature so that food breaks down, or smart devices in the power industry that can be used to carry out large-scale sabotage (see also: Intelligent Everything).

Mitigating the security risks of unmanaged devices - physical or virtual - is a multi-faceted process that starts with end-to-end device management and a security policy that includes appropriate network access control and mobile device management tools capable of tracking known and unknown devices. The IT industry is working hard to overcome the shortcomings of traditional unauthorized device detection tools by filling the gaps with next-generation device discovery tools. Some of these tools use deep machine learning to identify anomalous or unusual devices.

The challenge faced by each new security solution is to ensure the current and possibly extensive amount of information about every device appearing on the network, both legal and unauthorized or fraudulent, as well as about devices operating outside the network communicating via Wi-Fi Bluetooth and other peer-to-peer IOT protocols.

Of course, simply knowing that a device or devices exist is not enough. The next step is to calculate the level of risk they pose. The latest generation solutions use cloud computing techniques to compare observed device characteristics and behavior patterns with a knowledge base that provides a benchmark for normal and acceptable behavior for each type of device.

Importantly, the success rate of 99 percent. in terms of awareness or protection of devices, it is assessed by specialists as definitely insufficient. To penetrate the entire corporate network, a hacker only needs one device. Data collected in the event of serious breaches proves that skilled attackers, once connected to the network, can move sideways to access any amount of sensitive business and business-critical data - often with catastrophic consequences.