Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Oldest First  |  Newest First  |  Threaded View
User Rank: Strategist
7/12/2019 | 4:52:22 PM
Pi not RasPi
RasPi might look good on paper, but say it out loud.  Ive never heard anyone call a Pi a RasPi.  Its just a Raspberry Pi, or a Pi.  Pi 1, Pi2, etc.  

User Rank: Ninja
7/12/2019 | 5:48:53 PM
Raspberry PI Concerns
It's not important to use a particular firewall or defensive mechanism. It is important to think about defense and use some method (or, ideally, [the] combination of methods) to protect the RasPi and the network on which it sits from criminal exploit and intrusion.

I am not so sure I agree with the ending comment made by the presenter, secuirty controls are put in place at various layers but it is knowledgebase, human interaction and device set to limit the organizations area of penetration (attack vector). However, I do think the best way of addressing this issue would be to setup a NAC (Network Access Control) system that limits what can run on the existing network. This should have been one of the first options along with:
  • Port Management/Access
  • MAC Address Control

These two methods disable the port (Port Mgmt) and MAC address policies so as not to allow unauthorized devices on the network.

Also, they should have had an NMS (Network Management System) in place to identify the systems on the network by their MAC addresses. I think this was more about incompetence and lack of attention to detail than anything else (the human factor is what we need to be focusing on). The NASA hack went on for about 10 months.


User Rank: Moderator
7/13/2019 | 2:15:06 PM
Network Segmentation
I think that the only reasonable approach is to divide your network into multiple subnets with firewalls between them.  One should be the production subnet with strict physical controls over what can be attached and rules for configuration.  Another should be a development area where it is difficult to control what is attached or the software configuration.  Another network would be used for administration of the system, and still another would be used for normal users.  You may be able to have firewall rules enforce connections based on IP addresses and port numbers, but antivirus software can't be counted on to stop malicious software and access.
User Rank: Ninja
7/14/2019 | 7:40:28 AM
Re: Network Segmentation
To BradlyRoss,

They had Network Segmentation in place, that was not the problem (review the link and the satellite layout). Their labs, production, admin, mgmt aspect of the network was in place; the problem was that they got lax and the tools the had in place reported on its existence, no one from the security team, admin or development team identified this system as being a problem especially when you have applications that are associated with internal systems (i.e. hardware - NMS, SIEM, IPS, etc).

Remember, this device was in place for 10 months on a production network (did not matter if the network was segmented, they had time to run Wireshark or tcpdump, with all of the Ph.ds and engineering staff; they could not find this device listed as a blimp on the "network radar". You have to ask yourself, NASA has numerous layers of security, why was this ignored, it took an audit team to go through the network to find this device. That is why NSA needs a NAC (Network Access Control) device along with mac address and port filtering configured on the network.

Satellite, GSS and Network Architecture

User Rank: Strategist
7/16/2019 | 4:04:10 PM
Re: Pi not RasPi
Concur 💯
User Rank: Strategist
7/16/2019 | 4:12:55 PM
Re: Pi not RasPi
User Rank: Strategist
7/26/2019 | 12:50:20 PM
Likely a good article ..... BUT
I'm not interested in a revinew generating slide show.  DNR
User Rank: Strategist
7/26/2019 | 2:06:57 PM
Pretty much done with darkreading
Always appears that it is going to be a good article that I can read, but I never find out because it's a slideshow. No thank you. dark reading used to be a good source of relevant information.

Maybe you should put your slideshows on facebook with the rest of the clickbait.

User Rank: Ninja
7/26/2019 | 7:48:58 PM
Re: Pretty much done with darkreading

All I can say is wow to the comment you made below, these people are writing and devoting their time to material that could be used to address significant cybersecurity problems. For someone to call this site "clickbait", that just goes beyond disrespectful. If you don't like the articles and the way they are laid out, then just remove yourself from the list, but don't disrespect people like that on a security blog, this for all people.

It is amazing, people express themselves in such a way that is belittling and disparaging on a public site and they hide behind the veil of the internet, but when you walk up to them on the street, then it is a different story.



User Rank: Apprentice
7/26/2019 | 8:14:47 PM
Re: Pretty much done with darkreading
I really do enjoy the information provided here, it's good information. DarkReading does need to fund themselves and if using a slide show format to help keep themselves operational is how they succeed good for them... they keep on providing good content... I'll click through the slideshow and support them.


I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file