Wednesday, August 7, 2019

Information security Essay Example | Topics and Well Written Essays - 3000 words

Information security - Essay Example Although this protocol allows devices to communicate with each other easily, but the network-enabled devices have a number of weaknesses in them that have make the networks exposed to attacks (Westervelt 2013). â€Å"The United States Computer Emergency Readiness Team (US-CERT) is warning about weaknesses in the Universal Plug and Play protocol† (Westervelt 2013, p. 1). The reason behind the warning is a recent research about the security flaws in universal plug and play devices which has identified some protocol vulnerabilities and configuration errors in the use of UPnP devices. According to the report, 81 million universal plug and play devices expose themselves to the internet and nearly 16 million devices of those have the tendency of allowing attackers to intrude into the systems by making the firewall ineffective (Moore 2013). In this paper, we will cover some of the main issues associated with the universal plug and play devices and the ways that can be used to overcom e the risk of hackers’ attacks. The discussion will support the statement that technology usually gets deployed in a hurry without proper consideration of the harms associated with it. 2. Weaknesses Although plug and play devices allows easy communication between devices, there also exist some major weaknesses related to network security protocol. Researchers have shown that nearly 40 to 50 million network-enabled devices face risk because of universal plug and play protocol vulnerabilities (Moore 2013). UPnP allows communication between devices, such as, printers, routers, smart TVs, media players, webcams, and network-attached storage (NAS). The three main security flaws bringing millions of users under risk of attack include programming issues in SSDP raising the risk of execution of arbitrary code, exposure of private networks to attacks because of exposure of plug and play control interface, and crashing of the service because of programming bugs in HTTP, UPnP, and SOAP (Moore 2013). Disabling the universal plug and play protocol is one way to prevent the attacks the risk of which is always associated with the use of UPnP devices. Most of the vendors usually do not have any plan of updating their vulnerable devices. Therefore, organizations need to use Metasploit modules and ScanNow UPnP tool to identify vulnerable media servers, printers, and other UPnP devices (Blevins 2013). One of the main weaknesses of universal plug and play devices is that trust on all other communicating devices which in most cases are not trustworthy. There is no software that can check whether the devices with which UPnP devices communicate are prone to attacks or not. Moreover, buffer overflows are also an issue regarding the use of UPnP devices (Schmehl 2002). An effective way to overcome this issue is the blocking of the UPnP at the Internet gateway. After doing this, link to any system outside the LAN should be blocked using the firewall in such a way that it does not access the ports 1900/UDP anymore. In case of Windows system, those ports are 2869/TCP. Along with this, UPnP on the router should also be turned off (Vaughan-Nichols 2013). As Raikow (2001, p. 1) states, â€Å"an attacker could gain complete control of an entire network of vulnerable machines with a single anonymous UDP session†. The attack not only provides the hacker with an access to all files and data stored in

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.