Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Newest First  |  Oldest First  |  Threaded View
ereardon
50%
50%
ereardon,
User Rank: Apprentice
7/26/2019 | 8:14:47 PM
Re: Pretty much done with darkreading
I really do enjoy the information provided here, it's good information. DarkReading does need to fund themselves and if using a slide show format to help keep themselves operational is how they succeed good for them... they keep on providing good content... I'll click through the slideshow and support them.

 
tdsan
100%
0%
tdsan,
User Rank: Ninja
7/26/2019 | 7:48:58 PM
Re: Pretty much done with darkreading
eternjohnson,

All I can say is wow to the comment you made below, these people are writing and devoting their time to material that could be used to address significant cybersecurity problems. For someone to call this site "clickbait", that just goes beyond disrespectful. If you don't like the articles and the way they are laid out, then just remove yourself from the list, but don't disrespect people like that on a security blog, this for all people.

It is amazing, people express themselves in such a way that is belittling and disparaging on a public site and they hide behind the veil of the internet, but when you walk up to them on the street, then it is a different story.

T

 

 
peternjohnson
50%
50%
peternjohnson,
User Rank: Strategist
7/26/2019 | 2:06:57 PM
Pretty much done with darkreading
Always appears that it is going to be a good article that I can read, but I never find out because it's a slideshow. No thank you. dark reading used to be a good source of relevant information.

Maybe you should put your slideshows on facebook with the rest of the clickbait.

 
JamesS94103
100%
0%
JamesS94103,
User Rank: Apprentice
7/26/2019 | 12:50:20 PM
Likely a good article ..... BUT
I'm not interested in a revinew generating slide show.  DNR
websitejk
100%
0%
websitejk,
User Rank: Strategist
7/16/2019 | 4:12:55 PM
Re: Pi not RasPi
Concur
websitejk
100%
0%
websitejk,
User Rank: Strategist
7/16/2019 | 4:04:10 PM
Re: Pi not RasPi
Concur 💯
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/14/2019 | 7:40:28 AM
Re: Network Segmentation
To BradlyRoss,

They had Network Segmentation in place, that was not the problem (review the link and the satellite layout). Their labs, production, admin, mgmt aspect of the network was in place; the problem was that they got lax and the tools the had in place reported on its existence, no one from the security team, admin or development team identified this system as being a problem especially when you have applications that are associated with internal systems (i.e. hardware - NMS, SIEM, IPS, etc).

Remember, this device was in place for 10 months on a production network (did not matter if the network was segmented, they had time to run Wireshark or tcpdump, with all of the Ph.ds and engineering staff; they could not find this device listed as a blimp on the "network radar". You have to ask yourself, NASA has numerous layers of security, why was this ignored, it took an audit team to go through the network to find this device. That is why NSA needs a NAC (Network Access Control) device along with mac address and port filtering configured on the network.



Satellite, GSS and Network Architecture

Todd
BradleyRoss
50%
50%
BradleyRoss,
User Rank: Moderator
7/13/2019 | 2:15:06 PM
Network Segmentation
I think that the only reasonable approach is to divide your network into multiple subnets with firewalls between them.  One should be the production subnet with strict physical controls over what can be attached and rules for configuration.  Another should be a development area where it is difficult to control what is attached or the software configuration.  Another network would be used for administration of the system, and still another would be used for normal users.  You may be able to have firewall rules enforce connections based on IP addresses and port numbers, but antivirus software can't be counted on to stop malicious software and access.
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 5:48:53 PM
Raspberry PI Concerns
It's not important to use a particular firewall or defensive mechanism. It is important to think about defense and use some method (or, ideally, [the] combination of methods) to protect the RasPi and the network on which it sits from criminal exploit and intrusion.

I am not so sure I agree with the ending comment made by the presenter, secuirty controls are put in place at various layers but it is knowledgebase, human interaction and device set to limit the organizations area of penetration (attack vector). However, I do think the best way of addressing this issue would be to setup a NAC (Network Access Control) system that limits what can run on the existing network. This should have been one of the first options along with:
  • Port Management/Access
  • MAC Address Control

These two methods disable the port (Port Mgmt) and MAC address policies so as not to allow unauthorized devices on the network.

Also, they should have had an NMS (Network Management System) in place to identify the systems on the network by their MAC addresses. I think this was more about incompetence and lack of attention to detail than anything else (the human factor is what we need to be focusing on). The NASA hack went on for about 10 months.

T

 
schopj
100%
0%
schopj,
User Rank: Strategist
7/12/2019 | 4:52:22 PM
Pi not RasPi
RasPi might look good on paper, but say it out loud.  Ive never heard anyone call a Pi a RasPi.  Its just a Raspberry Pi, or a Pi.  Pi 1, Pi2, etc.  

 


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18954
PUBLISHED: 2019-11-14
Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious at...
CVE-2019-3640
PUBLISHED: 2019-11-14
Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.
CVE-2019-3661
PUBLISHED: 2019-11-14
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.
CVE-2019-3662
PUBLISHED: 2019-11-14
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.
CVE-2019-3663
PUBLISHED: 2019-11-14
Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system.