Just how secure are the servers, routers and other high end hardware that is running the global Internet? This is a question posed in a pair of recent articles from US-CERT, the US Computer Emergency Readiness Team.
Because of the significant skills and capabilities of organized cyber-criminals, politically motivated hacker collectives, nation-state cyber armies and similar threat sources, operators of global network systems face significant threats.
In order to mitigate these threats, US-CERT recommends:
- Segmenting and segregating networks and functions.
- Limiting lateral communication pathways.
- Hardening network devices by using cybersecurity best practices.
- Using out-of-band network management methodologies.
- Validate hardware and software integrity.
A big part of the problem is associated with home and small business network routers and smart IoT devices that are lacking basic security solutions such as built in anti-malware software, proper identity and authentication mechanisms, and secure encryption. These devices are rarely replaced by when they are out of service life, and are not generally automatically patched.
- Changing default passwords
- Using longer passwords
- Avoiding passwords that are on “worst password” blacklists
- Make sure passwords are properly salted and hashed using strong encryption.
- Disabling remote administration
You can read the following articles for more information and specific instructions.