Invisible security risk on networks
An often overlooked area when securing a network is device configuration scripts.
An invisible security weakness is lurking in most corporate networks in the form of millions of lines of code that represent the configuration scripts for all the devices on the network.
With corporate networks averaging 15 devices for every 100 users, ensuring accurate configurations has become a major challenge for network managers. Until now, manual processes or home-grown tools were the only options for configuration debugging.
Enter Telcordia, which is selling a new product called IP Assure that automatically debugs the configurations on IP devices including routers, switches, firewalls and load balancers. IP Assure checks configurations for 750 parameters to ensure accuracy, implementation of best practices and compliance with an organization’s security policies.
Rajesh Talpade, chief scientist with Telcordia, says misconfigured network gear is a universal problem. When Telcordia analyzed 1,500 multi-vendor routers, switches and firewalls on eight corporate networks, it found errors in all the devices.
“We’ll ask a company to give us 50 configuration files that we’ll analyze at no cost,” Talpade says. “We
always find something wrong.”
Misconfigured network gear represents a major security threat. Gartner estimates that 65% of cyberattacks exploit misconfigured systems.
The most common configuration mistakes are holes in firewalls, backup links that don’t work, VPN tunneling errors that expose data to the Internet, and inconsistent settings that impact quality of service for voice traffic. (Source: Hidden threats on corporate networks: Misconfigured gears – CIO)
The key to remember: an intruder needs only one way in.
Related articles by Zemanta
- How to be a (safe) Wi-Fi warrior (money.cnn.com)
- Juniper introduces Adaptive Threat Management (infoworld.com)
- The Easy Guide To Computer Networks [PDF] (makeuseof.com)
- Enterprises cut costs with open-source routers (computerworld.com)
Posted on June 10, 2009, in computer network, Cybersecurity, Security, Technology, vulnerability and tagged Data Communications, Internet Protocol, network, Network performance, Quality of service, Security, Virtual private network, Yankee Group. Bookmark the permalink. Comments Off on Invisible security risk on networks.