Air-Gap

7 devices your probably forgetting to update

Home »  Security »  7 devices your probably forgetting to update

7 devices your probably forgetting to update

On November 7, 2018, Posted by , In Security, By ,,, , With No Comments

7 devices your probably forgetting to update

When most organisations think of keeping their infrastructure updated, their response is usually keeping the operating systems of their desktops and servers current, as-well as updating their firewalls firmware on an occasional basis. Very frequently these 7 network devices slip through the gaps creating potential security vulnerabilities.

Network Printers
Every organisation has them and quite often they are the nemesis of the IT department who are just happy to keep them working! As these printers become more complex and perform more tasks such as directly saving scanned documents into computers, the need to keep them updated is vital. Recently HP was forced to patch its OfficeJet range of printers after it was discovered a maliciously crafted fax sent to the printer could allow an attacker to completely take control of it.

Cameras
This is a device that slips the minds of most administrators and can pose a critical threat depending on how its configured, particularly if they are directly exposed to the internet. Threats can range from an intruder viewing the camera stream live without a password to being completely controlled by a hacker and used to gain access to the internal network.

IP Phones
They sit on our desk often without any thought of exactly how they work. No longer are they straightforward devices that only activate when picked up, but rather full fledged computers with always on microphones and now even cameras. In 2015 it was reported that Cisco Small Business IP Phones had a bug where remote attackers could eavesdropped in on which reinforces the need for organisations to have a proactive approach to security.

Wireless Access Points
Due to the nature of broadcasting access to your organisation, its critical. From time to time Wireless Access Points receive patch’s to improve performance and patch security issues such as KRACK which was discovered in late 2017 compromising WPA2.

Network Switches
Like with Wireless Access Points, managed network switches are at the heart of the network and often the first piece of infrastructure a device will communicate with. Due to their ability to run unhindered for years and inconvenience in updating rarely are the kept upto date. Despite their reliability they do have flaws, such as was discovered in early 2018 when automated bots searched the internet looking for vulnerable Cisco switch’s and deleted their configurations.

Motherboard BIOS
While most organisations do a good job keeping operating systems and software upto date, rarely is the BIOS which controls the underlying hardware ever update on desktops, laptops and servers. Very few machines will notify the administrator a update is available unless the motherboard vendors software is installed. Many manufacturers have released updates to patch against the recently identified Meltdown and Spectre CPU vulnerabilities affecting most Intel machines all the way back to 1995!

Emerging IoT Devices
As time goes on, the importance and difficulty of ensuring infrastructure up-to date will become more complex due to the Internet of Things turning unconventional devices into full fledged computers. One of such is the growing uptake of ‘Smart’ products including TV’s, lightbulbs, doorbells and automation products which are network enabled.

Keeping track of all the devices in your organisation needing to be updated can be challenging. Our suggestion at the minimum is that if your device has a network IP-address it should be documented in ideally an asset register and checked at-least once a year. If you register the device with the manufacture when you purchase it, you may receive notification if an update is ever available.

Does your business need assistance or advice keeping everything ticking away?
Give us a call on 1300 733 240 or send us a message to see how we can help

Have you come across any unusual products requiring an update, let us know in the comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *