Did your cybersecurity leave by a backdoor?

Heitor Faroni

January 21, 2020

Did your cybersecurity leave by a backdoor?

You wouldn’t leave the back door to your house unlocked or unsecured when you head in to work, so why would you leave a backdoor open into your network allowing intruders to disrupt your business or steal your data?

Organizations and cybersecurity experts around the world are continuously discovering and trying to address and prevent attacks on their networks and devices. The best way to address cybersecurity issues is through a proactive approach.

First, let’s look at the challenges.

Cybersecurity in perspective

For years, IT has developed ways to protect personal computers and the data they contain. However, network switches that support the infrastructure these PCs use and the access points used to reach the network, are often overlooked. These switches and APs have operating systems that are as susceptible as the ones on PCs, yet many businesses overlook this potential vulnerability.

Adding to the challenge is a growth in mobile devices, personal devices and most importantly, new IoT (internet of things) devices that lack built-in security. They dramatically increase the odds of a security breach. With this growth in devices, there is an uptick in the volume of cyberattacks, an increase in their complexity and recovery costs are climbing sharply. This problem exists across many industries and fields such as higher education, and in healthcare alone, cyberattacks have cost $6B in a single year.

We can classify successful cybersecurity incidents in two distinct types: A cyberattack and a data breach.

A cyberattack attempts to create physical effects or to manipulate, disrupt or delete data. In other words, it interferes with the normal functioning of a business. DDoS attacks, cyber-enabled data and equipment destruction, and data-encryption attacks fall into the category of cyberattacks. Cyberattacks sometimes manifest as ransomware – where a hacker extorts money from its victim by demanding they pay a ransom, or severely compromising a victim’s operations or, in many cases, preventing access to important data.

In the case of a data breach, the incident may not necessarily interfere with normal business operations but involves disclosure or movement of private data to a party that is not authorized to have or see the information. In other words, it is a cyber theft. This theft could cost the data owner their identity, or even hundreds of thousands of dollars in damages.

These thieves and hackers gain access through backdoors that were left open; in some cases, through default standard manufacturer passwords.

IoT Security Considerations

The Internet of Things (IoT) changes everything when it comes to network security.

The growing number of Internet-connected devices is transforming business in significant ways. On the positive side, IoT promises to make business smarter and better at what they do. From automatically monitoring and managing equipment and physical environments to identifying needed products or business processes that might never have become apparent, IoT delivers efficiency, cost savings and other numerous benefits.

As physical objects become digital objects significant business opportunities are present. However, this comes with a price as IoT devices are disruptive, driving new business models, ecosystems and risks.

The Internet of Things brings together other unstoppable trends: Automation, AI, virtual/augmented reality and an endless thirst for data. The promise of a universe of connected devices automatically feeding business systems with data-driven insights is limitless. The IoT will keep companies informed about everything – from how customers are using products to when a piece of vital equipment needs replacing.

It’s not all good though

With the good comes the bad. IoT increases considerably the exposure to cybersecurity incidents. One IoT device that is in widespread use are security cameras. However, it is one of the most targeted devices by hackers. Although you may think your camera is of no interest to a hacker, it might be the gateway device that breaks your network wide open. In fact, research has discovered that security cameras represent 47 percent of vulnerable devices installed on home networks.

Best practices for addressing the IoT security threat includes a set of steps:

• Know what devices are connecting

• Classify the devices

• Virtually segment them

• Create specific security policies and continually monitor these devices

When a device connects, it must first pass through an authentication process that is enforced by the network. The network then classifies the device and assigns it to a virtual segment that is totally independent from other segments of the network. Devices in a network segment cannot see or talk to devices on another segment unless explicitly authorized by routing rules. Devices within a segment are auto provisioned using predefined security and QoS (quality of service) rules for flawless operation. These security policies can be fine-tuned to provide security without hampering the devices’ performance.

The virtual segmentation of the network also prevents a security breach in one part of the network, for example the one containing the surveillance cameras, from spreading to other parts of the network, such as one with a point-of-sales system. This virtual segmentation can be achieved with techniques like VLAN or service creation using SPB (Shortest Path Bridging).

Network equipment security considerations

Network IT typically deploys solutions to ensure that laptops are secure, but, they also need to ensure network switches and access points (APs) are secure as well. Since switches and APs have operating systems, they are vulnerable to attacks as well.

Network switches and APs often come with “secret” hardwired names and passwords to enable easy access to manufacturer support and R&D engineers. Unfortunately, it also makes it easy for hackers to access the network through these backdoors. Hackers can embed malware, exploit vulnerabilities or expose proprietary and or classified information.

A good practice is to choose network equipment that uses independent, third-party verification and validation (IV&V) to analyze the operating system (OS) source code, ensuring best security practices are followed and white box/black box tests are performed to expose vulnerabilities.

Another exploitation technique used by hackers is to identify the memory address where certain open source codes functions reside or where some data is stored so they can create buffer-overflows. A best practice to prevent these unwanted intrusions is to do software diversification. This is a method where you make it difficult or virtually impossible to find the locations to enter by shuffling the operating system’s memory map of the binary images. This address space layout randomization (ASLR) is done by compiling and redistributing the information making it unpredictable and impossible to hack the system.

Do your switch and access point vendors protect their OS?

You might be doing everything you can to protect your network and business assets, but you also need to rely on your network vendors to be doing the same.

Cyberattacks are increasing in number and complexity and they deserve your attention. Alcatel-Lucent Enterprise, just like you, needs to address this problem as well for their own business. Given the importance to their customers’ business and their own, a multilayer approach was developed by ALE.

For IoT, ALE’s network solutions automatically recognize and classify all devices. It then segments the network for an additional layer of security by providing a way to prevent or contain attacks and then monitors the network continuously.

For ALE’s network infrastructure devices, independent verification and validation (IV&V) as well as software diversification have been implemented in the operating system. ALE has also been independently certified by many international and U.S. organizations, offering JITC, NIST, FIPS, NATO and Common Criteria security certifications. For customers concerned with the origin of the solution, ALE offers TAA (Trade Agreement Act) compliant switches, which includes a majority of U.S. content.

Security is in ALE’s DNA, which includes many other aspects not even discussed in this article. Take it from the experts…don’t leave any backdoors or other vulnerabilities open to your business through unprotected network switches or poorly secured IoT devices!

Speak with one of our local experts and learn how you too can increase your cybersecurity today.