Good afternoon, dear Habravchane.
Let's think with you what actions we are taking to protect the network from external threats?
If we are talking about a large organization, then of course a separate proxy server (sometimes not one) is allocated, on which filters are configured, a firewall, rules are written for incoming and outgoing traffic and its accounting is configured. On client machines running Windows, a constantly updated antivirus is installed, with the possibility of proactive protection, client firewalls and other "goodies".
In smaller organizations, everything is built approximately along the same lines, and on our home computers many of us have antivirus programs and firewalls (which are constantly updated and monitored). It would seem that the protection is set up, if not for one BUT, which many people forget about.
What have we missed? Network hardware! Honestly, which of you was worried about the protection of network equipment? Every year it becomes more accessible, now almost every user, every housewife who has access to the Internet, has a “box with lights” next to the system unit, in common mode, an ADSL modem. Also, many people buy Wi-Fi access points and other equipment that is controlled via a web console. Every day this equipment becomes more user-friendly, and, therefore, requires less effort to configure. Most people, after they had the Internet, never look into the network equipment settings. And in vain.
Attacks on MIPS devices have appeared quite recently, and the vast majority of network equipment is subject to them. Such attacks can pursue several goals:
- Network monitoring;
- Redirect requests;
- Forwarding and port forwarding;
- Data theft;
- Theft of WEP / WPA encryption keys;
- DNS settings spoofing;
I think no one will have to explain why such attacks are dangerous. I can only say that usually the purpose of such attacks is the user's wallet, less often his reputation.
Why attacks on network devices can be successful?
- Very often, communication service providers also provide equipment that is configured and ready to use. Most likely, the technical support service has remote access to it;
- The use of default passwords is rarely a home user who deliberately gains access to change the security settings in the home modem. Many do not even know how to do it;
- Using UPnP technology. Usually enabled by default. Allows the device to connect to other devices on the network without requiring user input, and does not require any authentication;
- Problems with the firmware. Many web forms contain XSS vulnerabilities, as well as allow forging cross-site CSRF requests;
- The complexity of the firmware upgrade. A rare user will be engaged in updating the firmware of the device, if it already works normally;
')
How to protect yourself?
A few simple tips:
- Use strong, complex passwords to access hardware settings; never use default passwords;
- It should regularly update the firmware;
- It is advisable to disable all unused services, also limit the use of UPnP;
In conclusion, I would like to note that attacks on network devices are a very serious problem, including because of the prevalence of these same devices. Also it is necessary to take into account the fact that such devices almost never turn off - few people turning off the PC turns off all peripheral equipment, and anti-virus companies have not created any security software for such equipment.