Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Newest First  |  Oldest First  |  Threaded View
ereardon
50%
50%
ereardon,
User Rank: Apprentice
7/26/2019 | 8:14:47 PM
Re: Pretty much done with darkreading
I really do enjoy the information provided here, it's good information. DarkReading does need to fund themselves and if using a slide show format to help keep themselves operational is how they succeed good for them... they keep on providing good content... I'll click through the slideshow and support them.

 
tdsan
100%
0%
tdsan,
User Rank: Ninja
7/26/2019 | 7:48:58 PM
Re: Pretty much done with darkreading
eternjohnson,

All I can say is wow to the comment you made below, these people are writing and devoting their time to material that could be used to address significant cybersecurity problems. For someone to call this site "clickbait", that just goes beyond disrespectful. If you don't like the articles and the way they are laid out, then just remove yourself from the list, but don't disrespect people like that on a security blog, this for all people.

It is amazing, people express themselves in such a way that is belittling and disparaging on a public site and they hide behind the veil of the internet, but when you walk up to them on the street, then it is a different story.

T

 

 
peternjohnson
50%
50%
peternjohnson,
User Rank: Strategist
7/26/2019 | 2:06:57 PM
Pretty much done with darkreading
Always appears that it is going to be a good article that I can read, but I never find out because it's a slideshow. No thank you. dark reading used to be a good source of relevant information.

Maybe you should put your slideshows on facebook with the rest of the clickbait.

 
JamesS94103
100%
0%
JamesS94103,
User Rank: Apprentice
7/26/2019 | 12:50:20 PM
Likely a good article ..... BUT
I'm not interested in a revinew generating slide show.  DNR
websitejk
100%
0%
websitejk,
User Rank: Strategist
7/16/2019 | 4:12:55 PM
Re: Pi not RasPi
Concur
websitejk
100%
0%
websitejk,
User Rank: Strategist
7/16/2019 | 4:04:10 PM
Re: Pi not RasPi
Concur 💯
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/14/2019 | 7:40:28 AM
Re: Network Segmentation
To BradlyRoss,

They had Network Segmentation in place, that was not the problem (review the link and the satellite layout). Their labs, production, admin, mgmt aspect of the network was in place; the problem was that they got lax and the tools the had in place reported on its existence, no one from the security team, admin or development team identified this system as being a problem especially when you have applications that are associated with internal systems (i.e. hardware - NMS, SIEM, IPS, etc).

Remember, this device was in place for 10 months on a production network (did not matter if the network was segmented, they had time to run Wireshark or tcpdump, with all of the Ph.ds and engineering staff; they could not find this device listed as a blimp on the "network radar". You have to ask yourself, NASA has numerous layers of security, why was this ignored, it took an audit team to go through the network to find this device. That is why NSA needs a NAC (Network Access Control) device along with mac address and port filtering configured on the network.



Satellite, GSS and Network Architecture

Todd
BradleyRoss
50%
50%
BradleyRoss,
User Rank: Moderator
7/13/2019 | 2:15:06 PM
Network Segmentation
I think that the only reasonable approach is to divide your network into multiple subnets with firewalls between them.  One should be the production subnet with strict physical controls over what can be attached and rules for configuration.  Another should be a development area where it is difficult to control what is attached or the software configuration.  Another network would be used for administration of the system, and still another would be used for normal users.  You may be able to have firewall rules enforce connections based on IP addresses and port numbers, but antivirus software can't be counted on to stop malicious software and access.
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 5:48:53 PM
Raspberry PI Concerns
It's not important to use a particular firewall or defensive mechanism. It is important to think about defense and use some method (or, ideally, [the] combination of methods) to protect the RasPi and the network on which it sits from criminal exploit and intrusion.

I am not so sure I agree with the ending comment made by the presenter, secuirty controls are put in place at various layers but it is knowledgebase, human interaction and device set to limit the organizations area of penetration (attack vector). However, I do think the best way of addressing this issue would be to setup a NAC (Network Access Control) system that limits what can run on the existing network. This should have been one of the first options along with:
  • Port Management/Access
  • MAC Address Control

These two methods disable the port (Port Mgmt) and MAC address policies so as not to allow unauthorized devices on the network.

Also, they should have had an NMS (Network Management System) in place to identify the systems on the network by their MAC addresses. I think this was more about incompetence and lack of attention to detail than anything else (the human factor is what we need to be focusing on). The NASA hack went on for about 10 months.

T

 
schopj
100%
0%
schopj,
User Rank: Strategist
7/12/2019 | 4:52:22 PM
Pi not RasPi
RasPi might look good on paper, but say it out loud.  Ive never heard anyone call a Pi a RasPi.  Its just a Raspberry Pi, or a Pi.  Pi 1, Pi2, etc.  

 


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5735
PUBLISHED: 2020-04-08
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
CVE-2020-5736
PUBLISHED: 2020-04-08
Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
CVE-2017-18646
PUBLISHED: 2020-04-08
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017).
CVE-2020-5549
PUBLISHED: 2020-04-08
Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5550
PUBLISHED: 2020-04-08
Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier, and Enterprise Ver. 2.0.1 and earlier allows remote attackers to impersonate a registered user and log in the management console, that may result in information alteration/disclosure via unspecified vectors.