Protect your organization: Network infrastructure devices such as routers and switches may seem relatively secure however, there are many “hidden” security vulnerabilities that attackers can leverage to control your organization’s entire network if not identified and resolved.
For example, a large portion of the known router vulnerabilities involve remote administration services such as Telnet, SSH, TFTP, and HTTP. Of the three mentioned above, only SSH offers encrypted connections, while the others enable an attacker with a sniffer to capture information in the clear, and HTTP and Telnet enable the attacker to view user names and passwords sent over the network as well. The obvious solution to this type of attack is to only use services that enable high level encryption with algorithms that meet standards such as those in the U.S. Federal Government’s FIPS 140-2 documentation. So with routers, enabling only SSH and/or HTTPS while disabling all other services unless necessary and only for a specific activity before disabling again (such as TFTP used for updating firmware) is essential to ensuring that routers are not susceptible to sniffing attacks.
Another attack that also involves remote administration services is CSRF or Cross Site Request Forgery. What happens in this attack is that someone logs in to a router then leaves the session open (does not close the session) when finished working with the router. The router is susceptible to accepting commands from unauthorized persons if the session is not closed after use. To prevent CSRF attacks, configure routers (if supported) with a timeout on remote administration sessions (such as 2 to 5 minutes) when there is no activity detected. IPS/IDS systems and firewalls with CSRF prevention features detect and mitigate or alert administrators to an attack when configured to do so by inspecting HTTP header referer and cookie fields.
If your organization’s network needs a security check up, contact us to learn how our managed security services can identify and correct vulnerable configurations and maintain a high level security posture for your network and organization.
In the next post, SQL injection attack techniques and what you can do to protect your organization and valuable information from SQL injection vulnerabilities.