Last Updated on July 14, 2016
During a recent network vulnerability scan at a customer site, I found an IP-based door access control system sitting out on the public internet. Worse yet, the default login credentials for the device had never been changed.
Any attackers probing this company’s network for vulnerabilities could quickly have taken control of their doors and card readers. They could program doors to unlock and remain open at a convenient time of night, or tell the system to accept bogus cards as valid. Or they could just have a little fun locking the employees out.
I also recently found the IP-based HVAC control system for a large organization sitting unprotected on the internet with the default credentials still in place. Like with the door controller, it was probably configured that way for the convenience of the vendor responsible for monitoring the system. Unfortunately, such setups are equally convenient for hackers.
Putting an unprotected device out on an open port advertises that it’s on your network to exploit. This gives hackers a lot more information to work with than just the blank wall of a VPN. It invites them to keep trying until they get in.
Even with today’s complex and diffuse network perimeters, ports still matter. If you leave your front door hanging wide open, someone will eventually walk in—and start spreading malware or exfiltrating data.
This is why it’s critical to keep network-connected devices behind a VPN or some other form of router or firewall. At least that way a hacker won’t know immediately what’s there to be probed. Hackers expect to find VPNs on the edges of networks, and if they don’t have credentials to get in, they usually move on. Whatever’s behind the VPN is protected from attacks mounted from the outside, at least.
To find out about open doors on your network, and to reduce your cyber attack surface, contact Pivot Point Security.
For more information on this topic:
- From the SANS Technology Institute
- Attack surface reduction
- ￼Insight on what constitutes your cyber attack surface
- How the Internet of Things can open up new vulnerabilities