So what’s a Network Operations Center of a major enterprise to do? You’re responsible for managing thousands or tens of thousands of devices inside the corporate network using “classic”, not built for security, protocols while at the same time needing to manage a small (or maybe not so small!) subset of devices in the unsecure DMZ, which are vital to the business. And let’s not forget that management protocols are generally blocked by the enterprise firewalls due to Corporate Security Policies. It is enough to make the NOC Manager feel they are fighting “Against All Odds”!
As described in the US-CERT Alert (TA18-106A), “Russian cyber actors do not need to leverage zero-day vulnerabilities or install malware to exploit these devices. Instead, cyber actors take advantage of the following vulnerabilities: devices with legacy unencrypted protocols or unauthenticated services…”
Tavve’s ZoneRanger provides a unique solution as an Application Proxy Firewall that allows the same NOC tools to manage devices in the DMZ as if they resided in the corporate network while, at the same time, maintaining their security posture. All management traffic between the NOC tools and the DMZ devices is routed through a single TCP port on the ZoneRanger. This allows the ZoneRanger to do deep packet analysis on all of the management protocols to verify their authenticity before allowing the traffic to pass. Since the ZoneRanger provides this capability through a single TCP port, your firewall configuration for management protocols is reduced to a single firewall rule. You not only reduce your attack surface but you can add or remove devices in the DMZ or even change management applications without any firewall rule changes. “Do You Believe In Magic?” Be sure to check back for our next post on deep packet inspection and why it’s critical for your network’s security.