5 cyber security basics you can’t afford to ignore

The recently discovered vulnerability involving fax lines on HP multi-function devices, termed Faxploit, are a reminder of the importance of fundamental security practices.

I did something a few weeks ago I rarely do: ignore a report about a significant vulnerability. Check Point Software released a very detailed analysis about the possibility of a network being attacked via a fax line. Perhaps it was disbelief, or alert fatigue, but I remember thinking that if a bad actor could attack a network using just a fax line, it was time for me to retire and take up chicken farming. As such, I ignored it for a few days.

The following Saturday, during my weekly hike, I was listening to the Security Now podcast led by Steve Gibson, someone whose judgment I trust. He spent much of the podcast discussing the fax vulnerability in great detail. Based on his report, I was forced to stop ignoring it, and spent a good bit of that Saturday afternoon planning my response.

A quick quiz: How many of you can quickly produce an inventory of all of your HP Officejet multi-function devices, particularly the models that are known to be impacted by this vulnerability? If you are like most, I suspect you answered with a blank stare.

Asset inventory is one of a number of basic cyber security housekeeping items that are critical, and yet are overlooked or simply ignored by many organizations. The folks that learn to do these security basics consistently and well can significantly lessen their chance of a successful attack. Those who neglect these in favor of focus on more complex problems and systems will generally pay the price in terms of intrusions, data breaches, and malware attacks.

Device inventory is just one of many housekeeping tasks critical to a secure environment. Here are 5 areas to focus on.

Asset inventory

With reference to the HP fax vulnerability mentioned above, most organizations I have encountered have poor or no asset inventory practices. In their article 10 Shocking Inventory Management Statistics, Capterra reported that only 46 percent of small and medium sized businesses properly track assets. In my experience, enterprises are not much better. This problem is particular prevalent in healthcare, where organizations often have thousands of network-connected devices they must account for. Without such an inventory, any announced device vulnerability will likely result in an urgent effort to search for matching devices. Having an inventory means issues can be more quickly remediated, lessening organizational risk.

Asset inventory is also a key aspect of incident response. One of the common incident types investigated by security operation centers is a device that is either infected with malware or is sending and receiving suspicious network traffic. Without a good asset inventory, it is difficult or impossible to track such devices down for analysis and remediation.

Address assignments

Sooner or later, you will get a stream of security warnings involving a particular IP address. When this happens, you will need to know quickly what the associated device is, and where it is located. Unfortunately, many organizations do not have such lists, and the longer time required to diagnose and resolve a security issue may be the difference between a successful and unsuccessful attack. Make sure you have a list of all your static addresses, and that you can quickly look up dynamic addresses.

Attack surface

In the information security world, we refer to attack surface as the collective exposures a network has to attack. Elements of the attack surface include open firewall ports, devices sitting outside the firewall, unmanaged mobile devices, and, it seems, even fax lines. The recent SamSam ransomware attacks plaguing municipalities and healthcare institutions have all been the result of an open firewall port. You must know what exposures you have, and why they must exist. You must constantly check to make sure your attack surface has not expanded without your knowledge, often as a result of some well-intentioned technician who opens a firewall port “temporarily.”

Vendor connections

Much of the business world depends on vendor interconnections, particularly those of us in healthcare. Those connections can be your downfall if not properly secured. It is possible for malware attacks on a vendor to cross an interconnection link and infect customer networks. A number of WannaCry infections during the 2017 outbreak spread across vendor communication links. Know what links you have and how each is connected. Strive for the minimum necessary open ports for any vendor links and have your inventory at hand in case you need to disable them quickly.

Incident response procedures

Security incidents are a reality in today’s world, so we must be prepared to respond to them, 24/7. These procedures must be explicit, well tested, and within easy reach of all of your team members responsible for responding to incidents. On more than one occasion, I have encountered organizations that had all of their incident documentation and materials on systems that became inaccessible during an attack. Make sure they are stored in a way that protects them from the very attacks that require their use.

Bottom line: If our networks can be infected by something as simple as a fax line, it is imperative that we get back to basics in securing our networks and data. If we fail to do this, we will lose the battle.