Today, our networks have handy firewalls, our desktop machines have private firewalls, and we're learning that you can design a network that gives the public access to your Web site without giving them access to data on the Web server.
By all accounts, we're getting better at this security stuff. This must be really annoying to the bad guys, because cracking a system, or even implanting a worm, has become inconvenient and, in some cases, impossible.
But just because you've done a good job so far, don't think you're off the hook. In fact, you might be getting yourself into more trouble than ever before. Why? All of those appliances and peripherals that have been added to your network. How secure are they?
That's an important question, because the same bad guys who are finding it hard to break into your workstations and servers are now looking for new targets, and they're drawing a bead on other devices. Self-contained peripherals and appliances are much more prevalent than they used to be. So, now, through all your efforts, you've simply shifted your exposure and created new targets.
The first place to look is at your routers. The problem with routers, especially the core routers that actually connect to the Internet, is that they have to be exposed, at least to some extent.
Fortunately, when set up properly and outfitted with the latest OS, routers are actually pretty secure. But notice that I said "properly." Hackers are looking for new ways to break into routers every day, and because these devices get relatively little attention, the hackers are finding their way in. Fortunately, there are solutions. For example, you can set up Check Point Firewall-1 in a transparent mode so it can be installed between your routers and the Internet.
But there's still everything else. When was the last time you worried about securing your printers, for example? Or how about your network-attached storage devices? Printers have long been vulnerable to a class of worms that would use them as a base for launching DDoS attacks. Because printers in large companies are usually stand-alone network devices that get little attention beyond adding paper, they can be loaded down with worms that no one will notice, as long as they continue to print.
Adding to vulnerabilities are the many new, low-cost servers. Those devices are frequently just Windows 2000 servers. Because the devices are managed via a Web page rather than the familiar Windows interface, many administrators don't really think about it. Windows servers running Web server software--which is what these appliances are--are one of the top security threats out there. Unfortunately, you probably can't protect such devices as well as other Windows servers on your network because chances are you can't fully access the underlying operating system.
So what can you do? To start with, make sure your firewalls don't let such appliances communicate with the Internet. That eliminates the possibility of these appliances or your printers being used in a DDoS attack. Make sure you keep their OSes up to date, just as you would with any other server. And, finally, pay attention. There's nothing a hacker likes better than an IT staff that ignores appliances unless they're broken. If the worm doesn't break them, you could be infested and never know.