Do you remember when “Billie Jean”, “We are the World” and “Don’t Worry, Be Happy” were Number #1 hits? Those were the same year’s that management protocols ICMP (1983), NTP and FTP (1985), and SNMP (1988) were invented. Don’t forget about other management protocols like TACACS+ (1993), NetFlow (1996), and Syslog (2001). All of these protocols, among others, are still used today as the bedrock for the management of network devices. Although the 1980’s and 1990’s were a great time for music, it was not a time that we worried much about network security or cyber hacking.
In our previous blog, we introduced our blog series addressing the concerns identified in US Cert Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. In case you missed it, you can click here to see it.
Alert (TA18-106A) indicates that “Russian cyber actors leverage a number of legacy or weak protocols and service ports associated with network administration activities. Cyber actors use these weaknesses to identify vulnerable devices; extract device configurations; map internal network architectures; harvest login credentials; masquerade as privileged users; modify device firmware, operating systems, configurations; and copy or redirect victim traffic through Russian cyber-actor-controlled infrastructure.”
Sure, these management protocols are fine within the confines of a protected corporate network. However, their lack of security leaves them as prime targets for hackers in the less secure network areas of your corporate DMZs. DMZs, those firewalled areas which reside between the corporate network and the Internet, are vital in today’s eCommerce, banking, social media, etc applications.
So how do corporate Network Operations Centers (NOCs) manage some of the most important devices to their business operations with insecure management protocols in the hacker-friendly DMZ? Deep packet inspection, protocol proxy, and restricting access are a few of the tools available to today’s network engineers. Contact us directly to find out how the ZoneRanger can leverage these tools to help secure your insecure network management protocols.