by Ian Trump, Security Lead at LogicNow
Any business leader knows security is a top priority. MSPs or IT departments looking to research and provide security services and solutions should seriously consider a cyber warfare research lab – which virtually replicates a small business servers and workstations, to then “virtually” break workstations, infect servers and experiment with configuration, vulnerabilities and features. It’s an undertaking, but is invaluable in understanding all the complex layers of the modern network and provides the MSP or IT department the opportunity to plan and document security best practices.
Interactions between malware and network activity gains the edge in incident response – you can prepare for the worst! The value of providing a hands-on environment to simulate a variety of cyber attacks provides great learning opportunities at zero risk to vital business activities.
Through a recent cyber lab I ran, I discovered some interesting details about some of the latest SMB hardware. Obviously not every MSP can dedicate the resources to a study like this, but take a look at some of the insights I uncovered this time around.
Uncovering Vulnerabilities
During the research phase, it is important to replicate the environment that most small and medium business work and operate in when your doing research. It is only in this replicated environment that you can observe the consequences of dangerous configurations, hostile infections and malicious activity. The key here is to look at the mitigations against those threats and understand how easily and quickly an environment could be secured.
I’ve spent the past month assembling some “typical” SMB hardware such as:
- Cisco small and medium-sized business (SMB) RV042 firewall router
- Cisco SG300-10 as a core switch
- HP 400 network printer
- APC smart UPS 750 with management card
- Cisco wireless access point (WAP) 121
With customers and security professionals demanding more integrated solutions, security features are increasingly built into Network Printers, UPS, Wireless Access Points, Switches and, of course, actual firewalls. These features are switch “off” by default and have given rise to some interesting internal vulnerabilities — which can result in a lockout, brick, or denial of service your own devices and network. Through building these devices and examining their security features, I’ve found that not a single device demanded a change from the default password. As a basic Payment Card Industry (PCI)-compliance requirement, all of these devices fail out of the box unless you spend some time changing defaults. These features all “work,” but what they don’t do is “work” securely.
From a practical learning perspective the SMB network looks the same no matter what sort of business it is. Every business has some sort of server/file share setup, workstations and firewall/router and core switch – even if that switch is the four ports on the back of a router. Most SMB’s also have wireless of some sort, possibly built into the router or firewall. Today, it would also be a pretty rare scenario where the business did not have at least one network-attached printer.
SMB IT departments and MSPs are going to be successful if they can provide secure, predictable and reliable networks to their customers. Certainly the opportunity to experiment with configurations and system changes with no risk to production networks is huge value-add. Being able to test backup, disaster recovery, application updates or new applications and even new hardware becomes very easy to do with a small investment in a virtual business. Simply understanding what “typical” network activity looks like between a domain controller and workstations; can help troubleshoot the most difficult support calls for a customer.
About the Author
Ian Trump, CD, CPM, BA, is an ITIL certified Information Technology (IT) consultant with 20 years’ experience in IT security. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF MP Reserves and retired as a Public Affairs Officer in 2013. His previous contract was managing IT projects for the Canadian Museum of Human Rights. Currently, Ian is Security Lead at LogicNow working across all lines of the business to define, create and execute security solutions to promote a safe, secure Internet for businesses worldwide.