Search :       login

IT Shortlist Business Intelligence CAD/CAM/CAE Consultancy / Services CRM Enterprise Systems Factory / Plant Systems IT & Network Infrastructure Planning / Scheduling Process Systems Product Data Management Supply Chain Systems Time & Attendance / HR Design Engineering Production Engineering Electronics Design Plant & Manufacturing News Reference Zone Engineering Design CAD/CAM/CAE Shop Floor Systems Process Systems Enterprise Systems Lean / Agile Systems Supply Chain IT & Network Infrastructure Integration Consultancy / Services Industry Sectors Comment / Opinion Jobs Events Advertiser Services Direct Marketing services How to Advertise

Help to close back doors in printers, computers and appliances 31/03/2008   Security specialist SANS Institute has started a research project, aimed at helping companies to ensure that devices’ remote management ports are secure before connecting to a network. Alan Paller, director of research at the SANS Institute, says that hundreds of millions of devices are being placed on networks with built-in back doors. He cites printers, routers, computers, control systems, storage systems and medical devices. “Nearly every automated device has them,” says Paller. “The manufacturers of these systems never told you how vulnerable you are. One victim said ‘It’s as if the people who are supposed to help me put a big sign on my door saying, the key is under the mat by the back door, and anyone can come in and violate me and my family’.” Paller explains that these vulnerable back doors were installed to allow remote management – so they are fully functioning processors with network connections, operating systems and memory. “In addition to being able to disable the device, in many cases they provide remote back-door access to the main CPU and storage of the computer or other device. They may not be logged or monitored and therefore can be attacked repeatedly without fear of being caught.” He’s talking, for example, about BMCs (baseboard management controllers) in Intel-based PCs and servers, used as intelligent controllers for inventory, monitoring, logging and recovery control functions that are independent of the main processors, BIOS and operating system. Similar functions are provided on Unix systems and on printers and medical devices and other appliances. “These back doors have already been implicated as attackers in successful denial of service tools, and can be used to access and change the data being processed by the devices,” states Paller. “This research project is designed to develop detailed technical procurement language that organizations can use to ensure these back doors are closed and locked when the devices are delivered,” he adds. If you want to get involved you can email Alan Paller at apaller@sans.org   Author Brian Tinham     Supporting Information    http://www.sans.org/   Email this article   Bookmark this article using:   Del.icio.us digg reddit Facebook StumbleUpon   Linked Companies    The SANS Institute     Similar News Articles     Anywhere, any time is cloud computing’s strength – and weakness     IBM to bail out HP security software users     First Cyber Security warns of poisoned DNS caching issue     Cyber security initiative to address global critical infrastructures     Oracle’s cloud computing offer needs security strategy     Similar Reference Zone Articles     Network practice     Wireless world     Less is more: aligning your IT     Mobile IT: for real     Unlocking business with cyber security

Contact Us  |  About Us  |  Careers @ MCS  |  Site Map  |  Terms & Conditions  |  © Findlay Publications Ltd 2008  |  Login  |