Keeping your network devices secure

Despite constituting the lifeline of

every corporate IT infrastructure,
network devices happen to be the
most notoriously insecure, making
them favorite targets of both
sophisticated hackers and script
kiddies.
In the thick of mounting pressure
from political groups in favor of
government surveillance through backdoors in encrypted devices to combat terrorism, the likes of
Junipers ScreenOS vulnerability have taught us how, to an experienced attacker, it can turn out to
be a master-key not just to the organizations data, but the governments as well. The most valuable
lesson we learned from the past years device hacks is that cyber criminals will never ignore an
opportunity to exploit a gaping hole in discrepant security policies, mandates and protocols.
Turning the tables on evasive device attacks
Enterprise network devices shipped and installed with default insecurities and IP address spoofing
possibilities unchecked by ISPs can be simultaneously leveraged by a number of extortion groups
and individual threat actors.
A colleague who correlates threat signatures pointed out an upsetting hike in sophistication of
emerging exploit malcodes written for embedded devices. These next-generation Malware writers
are challenging virtual machine sandboxes, proprietary operating system artifacts, and obfuscating
internal data.
In the wake of waning certainty, an organizations last line of defense undoubtedly rests on how
well an anomalous activity is tracked, observed and interpreted.
Your security monitoring system needs functionality that extends beyond mere alerting of suspicious
traffic. A combination of active network scanning and passive monitoring will give you through
information about the origin of malicious packets, intent and what gaps to fill. The result is an up-tothe-minute inventory of assets, addressing, traffic and header analysis in addition to system
information of entities on your network.
For instance, a threat actor might advertise a forged Autonomous Systems Number and trick an ISP
gateway into redirecting to him, all traffic destined for the victimized route.
The best way to deal with this at your perimeter is to monitor the routes of incoming packets and
look for anomaly. Do the packets appear to be coming from Autonomous Systems Numbers that
your ISP does not accept routes from? What are they targeting and what could be their motives?
Such questions are inescapable and can only be answered with help from a threat data platform that
documents known bad actors.

Dig deep for vulnerabilities

Embedded systems configured for remote administration must be protected from emerging
malware families that employ custom-built rootkits in password-guessing brute force attacks,
especially those that can self-update once inside your network. Deep-level scanning of file integrity,
registry settings and rootkits can help you detect it when abnormal infiltration attempts are
underway.
Fix baselines for acceptable network activities and assess suspicious behavior with reference to
asset databases and your inventory of active software and services.
Tools that analyze network breach malware are limited to predefined detection signatures. Intrusion
detection systems on the other hand, are designed to keep the entire attack lifecycle in perspective.
Most importantly, align network security policy management with your enterprise threat
information. An organization that is well-aware of its security posture is one that uses a welldocumented evaluation process to manage policies, appraise effectiveness and identify where to
make amends.
Integrating your firewalls configuration rule sets, secure shell server authentication policies and
cryptographic key management tools with your incident response workflow can facilitate automated
analysis of device-level policy compliance. Make sure that policy changes for all elements of
perimeter defense are run through a streamlined risk assessment process to avoid risky changes.

At Aleph Tav Technologies, we dont just share insights. We show you how its done for free.
Visit alephtavtech.com to know more about the 15-day no-obligations trial period for our 247
Managed Security Operations Suite.