The increasing threat to network infrastructure devices and recommended mitigations
- Details
- Published: Wednesday, 05 October 2016 08:35
The US-CERT has issued guidance on how to protect network infrastructure devices from increasing threats from organized hacker groups and ‘cyber adversaries’. US-CERT provides information on recent vectors of attack that advanced persistent threat (APT) actors are targeting, along with prevention and mitigation recommendations.
The US-CERT guidance states that:
“For several years now, vulnerable network devices have been the attack-vector of choice and one of the most effective techniques for sophisticated hackers and advanced threat actors. In this environment, there has never been a greater need to improve network infrastructure security. Unlike hosts that receive significant administrative security attention and for which security tools such as anti-malware exist, network devices are often working in the background with little oversight—until network connectivity is broken or diminished. Malicious cyber actors take advantage of this fact and often target network devices. Once on the device, they can remain there undetected for long periods. After an incident, where administrators and security professionals perform forensic analysis and recover control, a malicious cyber actor with persistent access on network devices can reattack the recently cleaned hosts. For this reason, administrators need to ensure proper configuration and control of network devices.”
The guidance looks at the following mitigation methods:
- Segregate networks and functions
- Limit unnecessary lateral communications
- Harden network devices
- Secure access to infrastructure devices
- Perform out-of-band management
- Validate integrity of hardware and software
