Thursday, April 18, 2019
Information security Essay Example | Topics and Well Written Essays - 3000 words
Information security - Essay ExampleAlthough this protocol allows devices to snuff it with individually some other easily, but the network-enabled devices create a number of weaknesses in them that have make the networks exposed to attacks (Westervelt 2013). The joined States Computer Emergency Readiness Team (US-CERT) is warning about weaknesses in the Universal Plug and flirt protocol (Westervelt 2013, p. 1). The reason behind the warning is a recent research about the security flaws in universal plug and play devices which has identified whatever protocol vulnerabilities and configuration errors in the use of UPnP devices. tally to the report, 81 gazillion universal plug and play devices expose themselves to the internet and nearly 16 million devices of those have the tendency of allowing attackers to intrude into the systems by making the firewall ineffective (Moore 2013). In this paper, we will cover rough of the main issues associated with the universal plug and play d evices and the ways that can be used to overcome the encounter of hackers attacks. The discussion will support the statement that technology usually gets deployed in a hurry without strait-laced consideration of the harms associated with it. 2. Weaknesses Although plug and play devices allows easy communication between devices, there also exist some major weaknesses related to network security protocol. Researchers have shown that nearly 40 to 50 million network-enabled devices governance risk because of universal plug and play protocol vulnerabilities (Moore 2013). UPnP allows communication between devices, such as, printers, routers, smart TVs, media players, webcams, and network-attached fund (NAS). The three main security flaws bringing millions of users under risk of attack include programming issues in SSDP raising the risk of execution of arbitrary code, exposure of private networks to attacks because of exposure of plug and play view as interface, and crashing of the s ervice because of programming bugs in HTTP, UPnP, and SOAP (Moore 2013). Disabling the universal plug and play protocol is superstar way to prevent the attacks the risk of which is always associated with the use of UPnP devices. Most of the vendors usually do not have any plan of updating their vulnerable devices. Therefore, organizations need to use Metasploit modules and ScanNow UPnP tool to identify vulnerable media servers, printers, and other UPnP devices (Blevins 2013). One of the main weaknesses of universal plug and play devices is that trust on all other communication devices which in most cases are not trustworthy. There is no software that can check whether the devices with which UPnP devices communicate are prone to attacks or not. Moreover, buffer overflows are also an issue regarding the use of UPnP devices (Schmehl 2002). An effective way to overcome this issue is the blocking of the UPnP at the Internet gateway. After doing this, link to any system remote the LAN should be blocked using the firewall in such a way that it does not glide slope the ports 1900/UDP anymore. In case of Windows system, those ports are 2869/TCP. Along with this, UPnP on the router should also be turned off (Vaughan-Nichols 2013). As Raikow (2001, p. 1) states, an attacker could gain complete control of an entire network of vulnerable machines with a single unnamed UDP session. The attack not only provides the hacker with an access to all files and data stored in
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment