by Ian Trump, Security Lead at LogicNow
Any business leader knows security is a top priority. MSPs or IT departments looking to research and provide security services and solutions should seriously consider a cyber warfare research lab - which virtually replicates a small business servers and workstations, to then “virtually” break workstations, infect servers and experiment with configuration, vulnerabilities and features. It’s an undertaking, but is invaluable in understanding all the complex layers of the modern network and provides the MSP or IT department the opportunity to plan and document security best practices.
Interactions between malware and network activity gains the edge in incident response – you can prepare for the worst! The value of providing a hands-on environment to simulate a variety of cyber attacks provides great learning opportunities at zero risk to vital business activities.
Through a recent cyber lab I ran, I discovered some interesting details about some of the latest SMB hardware. Obviously not every MSP can dedicate the resources to a study like this, but take a look at some of the insights I uncovered this time around.
Uncovering Vulnerabilities
During the research phase, it is important to replicate the environment that most small and medium business work and operate in when your doing research. It is only in this replicated environment that you can observe the consequences of dangerous configurations, hostile infections and malicious activity. The key here is to look at the mitigations against those threats and understand how easily and quickly an environment could be secured.
I’ve spent the past month assembling some “typical” SMB hardware such as:
- Cisco small and medium-sized business (SMB) RV042 firewall router
- Cisco SG300-10 as a core switch
- HP 400 network printer
- APC smart UPS 750 with management card
- Cisco wireless access point (WAP) 121
With customers and security professionals demanding more integrated solutions, security features are increasingly built into Network Printers, UPS, Wireless Access Points, Switches and, of course, actual firewalls. These features are switch “off” by default and have given rise to some interesting internal vulnerabilities -- which can result in a lockout, brick, or denial of service your own devices and network. Through building these devices and examining their security features, I’ve found that not a single device demanded a change from the default password. As a basic Payment Card Industry (PCI)-compliance requirement, all of these devices fail out of the box unless you spend some time changing defaults. These features all “work,” but what they don’t do is “work” securely.

