Security

Even Plug-and-Play Switches and Routers Must Be Properly Configured for Security

Plug-and-play routers and switches are easy to use but may leave security gaps.

Twitter

Banks, co-host of the Packet Pushers Podcast, has been managing networks for higher ed, government, financial services and tech organizations since 1995.

When you plug in an out-of-the-box network switch or internet router, most of the time it just works. Enterprise-grade gear requires a bit more effort, but even then, the minimum configuration usually isn’t complex. Manufacturers want the device to work for you.

That’s wonderful, but the downside of a network device “just working” is that it may not be properly configured for security. Compromised network devices can impact network stability and data privacy. Here’s what you should know about protecting this crucial network hardware.

Click the banner below to receive exclusive security content when you register as an Insider.

Firewalls Help but Don’t Address Internal Vulnerabilities

A well-configured internet firewall will prevent many attacks, but attacks from within your business’s network can easily exploit vulnerable network devices.

Common vulnerabilities and exposures include denial of service, which prevents the device from functioning properly; privilege escalation, which occurs when an attacker gains improper access to the network device; and remote code execution, which a criminal can use to turn your network device into a platform for launching attacks.

Regularly Assess Your Network to Determine Risk

A simple way to discover active vulnerabilities is to scan your network with a vulnerability assessment tool. Armed with this information, you can assess risk and begin patching. Your technology partner will recommend software versions that have resolved some of the vulnerabilities you find.

Even better than a simple vulnerability scan is to bring in a security partner who can assess the network, rank vulnerability severity and recommend a mitigation strategy.

EXPLORE: How to choose the right router for your business.

Prioritize Patching Network Devices with the Most Risk

New vulnerabilities are discovered constantly, and even dedicated security professionals can have trouble keeping up.

However, not all vulnerabilities represent the same level of risk. Some are critical, while others are ranked high, medium or low. Critical vulnerabilities represent serious risk and should be patched immediately.

Additional Configuration Steps Can Help Tech Survive Attacks

No amount of scanning and patching can replace proper configuration. However, the IT team should ensure your business is using authentication, authorization and accounting schemes to limit and log what administrators do. Vendor security hardening guides can help make a device resistant to attacks.

Monitoring network devices and collecting their logs can detect unusual behavior that might indicate an attack. Periodic auditing of a device’s configuration and operating state can help ensure it is functioning in compliance with policy.

Sebastian Gorczowski/Getty Images