| by Shawn D. Stewart | No comments

Horror Stories – ZOMBIES!

OR I Smell Bandwidth! I Want To Eat Your Bandwidth!

It’s an age-old debate. Walkers or Runners? Brains or Flesh? Bandwidth or Backdoors? Well, the last refers to a different type of Zombie. These are the devices, either old or improperly configured, that devour your production Internet and network capacity, or just flash a bright red “OPEN” sign to the world. Alert the Zombie Response Teams and don’t forget to double-tap…the Share button, that is.

Did I Do That? – Too many companies will implement a “quick fix” or “temporary” solution that becomes permanent. Don’t lie, how many of you have an unmanaged switch dangling off your enterprise network just to give you a few extra ports? I bet that switch was only meant for a day or a single meeting and now it’s a fixture in the conference room, training room, or CEO’s office. These are just the type one of many monsters lurking below the surface.

The Call Came From INSIDE the HOUSE! – Older Voice over IP (VoIP) phone systems are an easy target for exploits, hackers, and automated bots. Cloud-based VoIP is (usually) secure, but you can never be too sure.  There is no need for the voice and data networks to communicate, and software-based phones can be channeled safely using port or protocol-based mapping. An open phone system is ripe for toll fraud and direct access from hackers.

Cold Spots In The Warehouse – When is the last time you performed a wireless site survey? Right, when you installed wireless network. Top technologies can sense rogues and warn of intrusion attempts, but none are able to identify weak coverage or outside interference very well. Performing site surveys regularly identifies problem areas before users do.

Forming an Attachment – Have guest wireless access and not throttling the bandwidth? What about weak wireless passwords that everyone knows? If you’re not monitoring or blocking access to only corporate assets, you could be surrounded by mindless zombies and not even know it. Guest usage should be capped at 1 megabit per second MAX! It is a courtesy, not a charity. Passwords should be replaced with 802.1X and multifactor authentication (MFA). Or, use an identity-based service to secure permitted device access only.

Test Your Defenses – Quarterly or annual external penetration tests are required by most regulatory compliance. The only way to know your defenses are adequate is to test them regularly. Perform inside and outside test to confirm the security in policy matches security in reality. A penetration test may show that your defenses are weak, but they give you a chance to fix them before a hacker discovers them and slips through.

Internet of Stranger Things – Every network device with access to the Internet can be a portal in and out. Nearly everything now can connect to the Internet, though I’m not sure why you want your toilet with an IP address. (LOL) Block access to and from these devices using Virtual LANs (VLANs) to keep them only communicating with their primary source. Also, be sure these devices are updated regularly.

Not a Leak – Are you still allowing YouTube and other streaming services through you network? What do you mean you don’t have the technology to block it? By default, YouTube and Facebook tries to stream HD quality. That’s 5 megabits per second! Music streaming services usually run at 300 kilobits per second. If you’re Internet connection is only 100 megabits per second, you could be losing a significant percentage to streaming.

It’s Not Old…It’s Antique! – Get rid of your old equipment! IT costs money, sorry. Old hardware and software, even with automated updates, no longer receive security patches from the manufacturer. Many contain well-known exploits a crafty pre-teen can hack into. And don’t think your firewall can save you. Nearly half of all breaches initiate from inside!

Remote Zombies – DO NOT allow corporate data on unowned mobile devices! No files, no email, no VPNs, not even a shared calendar. Hard to hear, I know, but personal devices with ANY corporate data is breach of security and could cost your company its regulatory compliance. Mobile Device Management (MDM) applications can securely separate personal device memory to better protect corporate data, but privacy issues abound. Best to not put your data where it doesn’t belong.

Surviving the Apocalypse – What is the best way to protect your bandwidth from becoming a snack? Sunflowers and lawnmowers may keep them out of the house, but knowledge of what you have is the best first step. You wouldn’t let your business license or car tags lapse. Allowing old technology to hang around can cost you more ways than just inefficiencies. You don’t want to send that notice to customer, vendors, and stockholders that a breach occurred. That’s a whole Cranberry-style zombie.

Hiding on a farm won’t save you from the technology zombies in your office. Start with a full inventory of what you have and cross-reference the model and version to the latest, safest release. If the manufacturer no longer supports that device, leave it for dead… at an electronic recycling center. Sure, you can bolt the doors and clean your own house, but be sure other mindless cretins don’t find their way in.

Want to see an article on a specific subject? Need help? Reach out. We are all in this together.

mm
Shawn D. Stewart

Mr. Stewart has 25 years of experience with hundreds of international, commercial, military, and government IT projects. He holds or has held certifications with ISC2, Cisco, Microsoft, CompTIA, ITIL, Novell and others. He also holds a BS in IT, a Minor in Professional Writing and is a published author. He is scheduled to complete his Masters in Cybersecurity in August 2021.

Leave a Reply