We’re drawing on our security knowledge to provide a series on the fundamentals of securing devices and networks. The first item in our series was an introduction to how devices keep time, and which best practices ensure the security of this process. In this segment, we focus on why network audits are an essential element of securing a network.
Computers and devices need to be kept updated and maintained throughout their lifecycle. Neglecting software updates and leaving default passwords in place make them easy targets for intruders who can disable, or take over, vulnerable machines.
The simplest requirement for performing this kind of regular maintenance is knowing that the device exists. Ad hoc devices find their way onto large networks all the time. Sometimes through employees, either via BYOD programs or rogue devices, like routers, added to the network. Other times through third party contractors, who install networked devices like building management systems without coordinating with IT.
If a device is in a critical position, but unmanaged, ongoing lack of maintenance can result in a breakdown. As anyone who has used a computer long enough knows, malfunctions occur without help from an attacker.
An unmanaged computer or device can also be vulnerable to attack. For example, through outdated and vulnerable firmware or easily guessed default passwords. A successful attack can disable the machine, or use it as an origin point for further attacks.
In the video below, we took a look through the eye of our product to show what can happen with a malicious new addition to the network.
For more context, check out the blog post Why Are My Devices Surfing The Web?, and come back soon for more information on securing your network.