Network security vulnerability revealed in some small business routers

  • Sumo

UPnP exploit highlights overlooked network security considerations

Is my network secure?

You might think so, but odds are that like many small businesses, since your network was setup not much care has been given to its parts and how they relate to network security. Even at the time of installation, equipment right out of the box might not have been updated.

Network security is a perpetual effort

Since the day you installed your network, cyber-criminals have been looking for ways to access it. Whether it’s stealing passwords or nabbing account information there is gold to be found on your network.

If Dakota Fred has taught us anything, it’s that where there is gold there are people willing to do whatever it takes to get it.

Network components, therefore, require updates just as servers and desktops do. Internet facing equipment such as routers are of particular concern as they are the gateway in and out of your LAN.

These updates are generally one of three kinds.

  • Feature updates
  • Functional updates
  • Security updates

Feature and functional updates address usability issues and bug fixes that relate to non-security items such as the user interface and bug fixes.

Recent router exploit

Security updates are more critical. Last week, for instance, a new vulnerability was discovered that can allow attackers to access your network and data thru small business class routers with Universal Plug N Play (UPnP) enabled.

A common feature of many routers designed for home or small business use, UPnP allows devices to open ports to internet traffic with little to no user interaction. A good idea if I have ever heard one! You know, if you like gaping network security holes.

Yes, that WAS me being snarky.

Most, if not all, manufacturers have released fixes for this exploit, but most business owners are unaware of both the exploit and the update.

The point of this article, however, isn’t just to discuss this particular exploit but rather to bring to light a frequently overlooked security issue many small businesses don’t consider and provide some tips on how to address it.

Securing your small business network

Now that you are aware of this potential network security hole, what do you do about it? Here are some pointers.

  • Don’t user consumer-grade networking hardware.
    • This is especially true for internet facing equipment.
  • Consider placing a firewall behind your router.
    • Since most internet providers give you a router that only they can configure dropping a firewall in behind it gives you control over access and updates.
  • Check for new firmware regularly.
    • A good way to start is by going to the manufacturer page to see what firmware version is most recent.  Doing this on a monthly or quarterly basis is a good idea.
  • Subscribe to email update notifications for your equipment if available.
    • This is the BEST way for you to get on-time information on available updates and doesn’t require you to check on a regular basis, however not all manufacturers offer this service.
  • And last but not least, consider an outside source to manage your network.
    • An IT service provider, such as Plenary Technology, has the tools and knowledge to manage all of your network components and keep them up to date and secure.

Network security takes some common sense and diligence. Keeping routers, firewalls, wireless access points and switches up to date should part of an overall larger security initiative. Remember, people really are trying to gain access to your data.

Your turn. What challenges are you facing when it comes to keeping your network secure and how are you dealing with them?

If you’d like to learn more about how to protect your business, call us at 866-753-6279 or email us to schedule a Security Analysis for your business.

Our Security Analysis will scan your network for weaknesses that could be exploited to access your network, steal valuable company data or interrupt system usage.

You will receive a customized, comprehensive report on the status of your site’s security and our recommendations for addressing any vulnerabilities discovered.

I play with computers for a living and I'm from New Jersey. Jealous?

Posted in Technology Tagged with: , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Anti-Spam Quiz: