Why Should You Maintain An Inventory Of All Your Authorized And Unauthorized Devices?

By Adil Shakar

Nature of the Vulnerability

Several rogue nation-states and groups today employ systems to scan the address spaces continuously of organizations they target. They wait and attack any new and unprotected systems that are attached to the network, including test systems. Anything such as a laptop or a PDA, not up to date with patches could be their target. It is easy for any attacker anywhere in the world to find and exploit such systems via the Internet.

Once the attackers have gained internal access, they could quickly find and compromise other such improperly secured computer systems on the network. The local nighttime window is the most favored by the attackers to install backdoors into systems before they are hardened the next day.

With advancement of new technology, organizations allow employees to Bring Your Own Devices or BYOD to workplaces, where they are connected to the network of the organization. Many of these devices may already be compromised, and they can be used as a relay point to inflict damage to the organization.

Effect on the Organization

If compromised and exploited, such vulnerability could result in:

Unauthorized disclosure of data

Sensitive data, relating to purchase, accounts, inventory, Intellectual Property, resources, marketing and sales may be revealed.

Unauthorized modification to the system, its data, or both

Attackers may permanently lock an exploited system to its compromised state, thereby assuring a permanent entry point into the organization every time the system is used. Without a proper inventory control of the hardware and software devices used on the network, an organization will have no way of knowing the entry point of the attackers.

Denial of service, access to data, or both to authorized users

Similar to locking up an exploited system, attackers may disallow authorized users from accessing service and data. Passwords may be changed and an authorized user may find he is unable to login into his bank account or a CEO unable to access the latest sales projections for the upcoming AGM.

How to Mitigate the Threat?

Set up operational rules to make sure users in the organization are running only approved and licensed software on their machines. This has an additional benefit of tracking both under-utilized and over-deployed software licenses, since both issues are financially important to the organization.

Use appropriate software to provide constant automation for asset inventory discovery that will provide New MAC and New Host found alerts, whenever a new device is plugged into the network. Encouraging the use of a standard naming convention for all the hosts on the network makes it easy to detect the one standing out.

Separate virtual local area networks or VLANs may be created for untrusted devices such as BYOD systems.

Use automated tools to notify about an unauthorized asset plugged into the network, within two minutes and achieve isolation within five minutes.