Invisible security risk on networks


An often overlooked area when securing a network is device configuration scripts.

An invisible security weakness is lurking in most corporate networks in the form of millions of lines of code that represent the configuration scripts for all the devices on the network.

With corporate networks averaging 15 devices for every 100 users, ensuring accurate configurations has become a major challenge for network managers. Until now, manual processes or home-grown tools were the only options for configuration debugging.

Enter Telcordia, which is selling a new product called IP Assure that automatically debugs the configurations on IP devices including routers, switches, firewalls and load balancers. IP Assure checks configurations for 750 parameters to ensure accuracy, implementation of best practices and compliance with an organization’s security policies.

Rajesh Talpade, chief scientist with Telcordia, says misconfigured network gear is a universal problem. When Telcordia analyzed 1,500 multi-vendor routers, switches and firewalls on eight corporate networks, it found errors in all the devices.

“We’ll ask a company to give us 50 configuration files that we’ll analyze at no cost,” Talpade says. “We
always find something wrong.”

Misconfigured network gear represents a major security threat. Gartner estimates that 65% of cyberattacks exploit misconfigured systems.

Network performance and reliability also are affected by misconfigured gear, with Yankee Group estimating that 62% of IP network downtime is due to configuration errors.

The most common configuration mistakes are holes in firewalls, backup links that don’t work, VPN tunneling errors that expose data to the Internet, and inconsistent settings that impact quality of service for voice traffic. (Source: Hidden threats on corporate networks: Misconfigured gears – CIO)

The key to remember: an intruder needs only one way in.

Reblog this post [with Zemanta]
Advertisements

About brvanlanen

Just a thirty-something guy currently hanging it up in the greater Green Bay area. My post-high school educational background is mainly in the Information Technology field. Specifically I have an A.A.S. in Computer Network Systems and a B.S. in Information Systems Security, both from ITT Technical Institute, in addition to A and MCDST certifications. In my free time I enjoy spending time with my family, cooking and sports. My Christian faith is also important to me as a Missouri-Synod Lutheran and all my children attend a Lutheran grade school. When it comes to political leanings I am a conservative first and foremost which you will discover rather quickly. As for sports I am a huge fan of the Green Bay Packers.

Posted on June 10, 2009, in computer network, Cybersecurity, Security, Technology, vulnerability and tagged , , , , , , , . Bookmark the permalink. Comments Off on Invisible security risk on networks.

Comments are closed.

%d bloggers like this: