Missing Link in ENTERPRISE NETWORKING
By: John Brandon | 12 May 2016
Some of the most hackable devices in your network are also probably the most-overlooked.
What is a 'fringe device in IT?
For some, it's a gadget everyone has forgotten about - a printer in a corner office, an Android tablet in a public area used to schedule conference rooms. A fringe device can also be one that's common enough to be used in the office yet not so common that everyone is carrying one around or has one hooked up to the Wi-Fi every day.
As with any security concern, many of these devices are overlooked. There might be security policies and software used to track and monitor iPads and Dell laptops, but what about the old HP printer used at the receptionist's desk? In a hospital, it might be a patient monitoring device. In a more technical shop, it could be a new smartphone running an alternate operating system.
While fringe devices are often overlooked and therefore may be vulnerable to attacks, they're not extraordinarily difficult to lock down. The standard security practices still apply. Security experts say the fringe devices themselves aren't the problem. It's the fact that they're allowed to exist without any protection. Here are some tips for making sure your fringe devices are safe.
1. Ask tough questions when speaking to vendors
One of the best tips when dealing with fringe devices is to ask some hard questions when dealing with the companies that make and sell them. You may already know about best practices for securing laptops and mobile devices, but there are too many open variables with unusual gadgets, says Sinan Eren, a vice president at security vendor Avast Software, and you have to get tough with vendors to make sure all the bases are covered.
For example, the devices that monitor vital signs in hospitals aren't not normally considered attack vectors, but if a hacker did tamper with such a device remotely, the consequences could be dire, particularly for the patient. Nonetheless, many of these kinds of devices aren't included in system vulnerability checks and aren't updated properly or in a timely manner. Yet vendors should be able to answer basic questions about them - like whether the firmware is signed and updated regularly, and if the vendor does its own security reviews.2. Make sure policies cover every possible gadget
What happens when someone walks into the office with a personal media player - one that's brand new on the market. Maybe there's no possible threat, but what if there is? Michael Kemp, co-founder of security firm Xiphos Research, says the only answer is to make sure you have strict policies for every device, including any personal gadgets used at work.
"Specific policies - such as disabling the USB port activity - can provide an excellent mechanism for combating some of the threats that the use of personal devices pose," he says. "If individuals are using personal devices to interact with enterprise networks, such interaction should be limited. If such interaction is a regular occurrence, the devices should be managed, maintained, and bought within the auspices of the wider enterprise."
3. Know what you're dealing with
Identification is key when it comes to best security practices. And that can be difficult when you're dealing with, say, an outdated gadget that was discontinued by its maker (which could be a company that doesn't even exist anymore) or a less-common brand of network-attached storage device. Security software should be able to search for and identify even the most unusual devices connected to a network.
"The best strategy for dealing with unusual devices starts with identification," says Morey Haber, vice president of technology at security vendor BeyondTrust. "Whether this is a form of automated discovery or informal personnel survey, the only way to manage the problem first starts with quantifying the risk."
Part of the identification process involves determining how the devices connect and what access privileges they have. That job is harder if you're dealing with, say, a printer that doesn't even connect to Wi-Fi and has firmware that's hard-coded and can't be updated. That type of device is a target. Too often, hackers look for fringe devices like printers that use the default firmware, passwords and admin functions, so Haber says you may want to block the use of any outdated devices you find as part of the identification process. The integrity of your network and IT systems takes priority over any usefulness that an unusual fringe device might have.
4. Perform regular security audits
It's common for larger companies to perform regular security audits. Unfortunately, it can also be common for audits to overlook fringe devices like printers, network drives and cameras.
Leon Glover, senior director of product management and project management at security vendor ThreatSTOP, says failure to do a thorough audit is one of the most common causes of breaches. He says every audit should involve an assessment of the risk of even allowing fringe devices to exist on the network. As part of that exercise, you should weigh the amount of damage an attack could cause against the benefit of using that device. If the device is extremely unusual - say, a new Ubuntu-powered smartphone - it may not have enough usefulness to merit approval "If a fringe network device only provides limited value while increasing security risk, then it should not be allowed on the network," Glover says. "It's very difficult to provide solid network protection, so why complicate that effort with a small number of odd devices?"
5. Put fringe devices on their own network
Another approach to preventing a catastrophic breach that starts with an attack on a one-of-a-kind device is to allow fringe devices to be used, but only on an isolated network that's reliably secured. Tony Anscombe, a senior security evangelist at security vendor AVG Technologies, says that might be difficult - IT would have to create a completely new network for devices that may have limited utility - but it would be worth the effort because fringe devices represent an ever-increasing security risk.
To illustrate the risk created by the use of fringe devices, Anscombe points to LIFX's line of smart LED light bulbs, which share Wi-Fi credentials from one model to the next. The "host" light bulb might connect through a main network gateway and expose a weakness that hackers could easily exploit. "Devices that we least expect to be connected have shown to create vulnerabilities," he says, adding that those vulnerabilities "can be exploited to gain access to networks and data that would have otherwise remained safe."