EXPERT ADVICE

Spring Cleaning Your Network Security

Spring may be my favorite time of year. The snow is melting, the sun is shining, and the air smells just a little bit fresher. It’s as though the world is setting an example for the rest of us, letting us know that it’s time to start fresh. It’s time for spring cleaning — and in the security world, spring cleaning means more than just wiping down countertops and lighting a few scented candles. Spring is the perfect time to dust off your network security policies, reevaluate them, and gauge whether they are still effective.

Today’s world is increasingly interconnected, and with the growing web of Internet-enabled devices — like smartphones, IP cameras, routers and others — come new security concerns. Each new endpoint represents a potential inroad for would-be intruders. While monitoring schools or hospitals with IP surveillance cameras can provide a major security benefit, it’s important to be sure those same devices don’t become a vulnerability.

Just as you would test the smoke detector in your bedroom or the lock on your front door to ensure that they remain in good working order, so too must you test the protections and alerts that keep your network safe.

The Rise of Data Collection (and What It Means for Security)

Today, every business collects increasing amounts of data, whether it comes in the form of a client database, plans for new products in development, or surveillance video collected from connected cameras.

All of this data has value, and the rise of data collection among businesses of all sizes means that major, multinational corporations are no longer the primary focus of today’s new breed of cybercriminals. Everyone is a potential target now, making cybersecurity a top priority for businesses both large and small, whether private or public.

The unfortunate truth is that it is impossible to build a network that is 100 percent safe from intrusion. Networks have grown increasingly complex — the Internet of Things has caused the number of endpoints to skyrocket. While new tools and devices may provide increased convenience to the user, they also represent new points of entry for intruders to exploit. Devices like IP surveillance cameras are designed to keep organizations safe and secure, but they can wind up being the weak point in a network if not carefully maintained and safeguarded.

That doesn’t mean that organizations should stop using these technologies. IP cameras and other connected solutions are important resources in a wide range of industries, helping protect not only the business, but also the customer. Still, recognizing and addressing the vulnerabilities inherent to those devices and others is a critical aspect of safely and effectively deploying them.

There are steps that organizations can take to address some of the most basic vulnerabilities. Think of it like your front door. Sure, a determined criminal could break down the doorbut a strong lock and an effective monitoring system can ensure that it isn’t worth anyone’s while to do so.

Just as you spring clean your home, dusting the bookshelves, mopping the floors, and making sure that everything is still functional, following are the steps you can take to spring clean your network, as well.

1. Take Simple Preventative Measures Against Breaches

This may seem like stating the obvious, but even something as simple as password protection is important — and it means a lot more than forcing users to use a number and a symbol in their passwords. Password-related breaches happen more often than you might expect, and the most common of these actually have very nothing to do with individual user passwords. Instead, they occur when organizations fail to change the default passwords on their devices.

Not long ago, the Mirai Botnet ran rampant by exploiting known/default passwords used on millions of connected devices. Whether the device in question is a router or an IP camera, if it is being connected to an organization’s network, it is important to assign it a unique password — one compliant with a strong and consistent password policy.

It’s important to be adaptive. The Mirai Botnet shed light on a previously little-known security vulnerability, and organizations were forced to incorporate that new knowledge into their security procedures quickly. However, Mirai was not the first piece of malware to exploit an overlooked security issue, nor will it be the last.

Organizations must constantly be aware of new developments in the threat landscape, and they must be prepared to take the appropriate steps to mitigate new risks. Be aware. Be ready to adapt.

2. Keep IoT Devices Secure

A lot of doors and windows might make a house more convenient, but it also means there are a lot more potential entry points for intruders. The same holds true for networks as IP video cameras, routers, smartphones and other devices join IoT and the broader connected ecosystem.

You might think that only devices like servers or computers need strong cybersecurity, but the truth is that every device connected to the network represents a potential access point that needs to be properly secured.

If there are existing cybersecurity policies, ensure that your IoT devices adhere to those policies and safety requirements. This helps your cybersecurity team by ensuring that they don’t have to reinvent the wheel — they can simply follow the guidelines already outlined by IT security personnel.

All it takes is one vulnerable device to compromise the rest, and understanding the vulnerabilities in your connected devices means more than establishing your own cybersecurity policies. It also means talking to your technology partners, installers and integrators to understand fully the security measures that they have in place — and any potential pitfalls for new or existing items within your network. It’s important to work with a good partner, committed to educating both the industry and clients about existing threats and effective countermeasures.

3. Make Sure Your Technology Partners Have Firmware, Tools and Hardening Guides

We’ve all been here: Your operating system needs an update, but you don’t feel like restarting your computer. So, you put it off. For days. For weeks. It’s understandable: After all, why bother updating to version 3.0 if version 2.0 is still running smoothly?

Unfortunately, this mindset is a great way to put an entire network at risk. Updates exist for a reason, and that reason isn’t to frustrate users — it’s often to patch vulnerabilities that the developer or manufacturers have discovered.

Most weaknesses are uncovered by manufacturers (rather than users), who run vulnerability scans and penetration tests in order to locate them. They then issue patches to correct any issues they discover, making the software more secure. Putting off a recommended update risks leaving a known vulnerability open for attackers to exploit.

While the computer might spring to mind first, there are countless other devices that require regular updates to patch vulnerabilities. Devices like IP security cameras may live on the edge of your network, but they too represent a potential inroad for an attacker if not properly secured.

There might be hundreds (or even thousands) of IoT devices that need to be managed. When selecting a security partner, it’s important to choose one that takes this seriously, with strong hardening guides in place to protect their products and easy-to-use device management tools. Organizations certainly don’t want an intruder stealing data or hacking into a surveillance feed — and failing to update any connected devices provides them with the opportunity to do just that.

4. Effectively Manage Product Lifecycles

On a similar note, remember that nothing lasts forever. The functional lifetime of a product sometimes can outlive its economic lifetime, which means a product may work even after it no longer makes sense to manufacture or support it.

While having a product with a long lifespan may seem like a good thing, it may present serious security concerns if it is no longer being updated by the manufacturer. For instance, a camera or router with a known security vulnerability could represent a dangerous entry point to a network if the manufacturer no longer has plans to correct the issue.

It is important for network administrators to remain abreast of known vulnerabilities and security threats, particularly with regard to older products. Keep track of the devices connected to your network and be sure to know if the manufacturer stops providing patches and other support.

As potential vulnerabilities pile up, it is important to know when a product has reached the end of its viable lifecycle, becoming more of a liability than an asset. For surveillance devices like IP cameras, one unpatched vulnerability could provide access to your entire video management system and wider network.

Regulatory compliance is another reason it is important to have a lifecycle management plan in place. Both the federal and state governments have begun to adopt stricter IoT laws, and many manufacturers will have to make significant hardware and software changes to remain compliant.

It may not always be possible to upgrade older devices to comply, and a lifecycle replacement plan enacted by the end user will ensure that newer devices will be compliant in this ever-evolving legislative landscape.

Be Mindful of the Little Things

What is the most effective way to protect a network? Put simply, don’t make it easy for the attacker. Most organizations have strict rules in place for major network access points, but it’s important to remember that any connected device requires similar protections.

Locking the front door is important, but so is locking the back door, the windows and the garage — and keeping the access to your security system secure. You may not be able to prevent every breach, but implementing these simple steps can ensure that your network will never be an easy target, and prevent the very systems in place to protect your organization from helping to compromise it.

Fredrik Nilsson

Fredrik Nilsson is vice president of the Americas at Axis Communications, Inc.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels