How Insecure Network Devices Can Expose Data Centers to Attack

You know threat actors are trying to plant ransomware on your servers. But could they also be targeting your data center networking equipment? The answer is a likely ‘yes’.

Although data center networking hardware, like switches, tends to receive less attention than servers during discussions of cybersecurity, the reality is that network equipment can pose just as much of a risk as the rest of your IT infrastructure in exposing workloads to attack.

Here’s why network equipment could be the weakest link in data center security – and what you can do to protect it.

Data Center Cybersecurity Risks in Network Devices

In a data center, network devices are switches, routers, and other devices that manage network traffic. They are often physical devices, but they can also be software-defined networking solutions that run on conventional servers.

Like most other types of IT resources, data center networking hardware can be subject to a variety of cybersecurity risks, including:

Related:How CXL Technology is Shaping the Future of Data Centers

 These risks are far from theoretical. In one prominent recent example, a vulnerability in NX-OS, an operating system used on Cisco networking hardware, gave attackers potential root access to impacted devices with ability to take full control of the devices.

Network hardware, from switches to routers, poses unique risks that can make data centers vulnerable to attack (Image: Alamy)

Why Securing Network Hardware Matters

The same types of risks apply to the software and hardware associated with servers. You can also have vulnerabilities that enable root access and arbitrary code execution in any server operating system, for example. Unauthorized physical access to server consoles could result in wide-ranging damage.

However, cybersecurity risks involving network infrastructure are different because they’re easier to overlook. Most organizations that are meeting at least basic data center cybersecurity requirements have procedures in place to harden their servers against attacks and monitor for breaches that might be underway.

Read more of the latest data center security news

But network infrastructure risks are harder to identify. Security monitoring tools that can identify anomalous behavior don’t always support devices like network switches – and even if they do, they may not be configured to ingest the data they need to monitor such devices effectively.

Related:AMD Unveils New Epyc Server CPU in Latest AI Push

The same is true of patch management software, which often focuses on ensuring that server-based operating systems and applications are up-to-date but does not check network switch and router software or firmware.

Network devices are also subject to some specialized risks in the realm of access credential management. Simpler devices may come preconfigured with default login credentials – like “admin” and “password” – that are publicly known and which attackers could exploit. Fortunately, enterprise-grade data center network hardware vendors typically don’t ship devices with security risks like this. But it’s still a potential issue that could affect network infrastructure and is not usually a problem on servers, which rarely come with generic login credentials.

Defending Data Center Network Infrastructure Against Attacks

Mitigating risks like the ones described above isn’t especially complicated; it simply requires extending data center security tools and procedures to cover network infrastructure.

In many cases, the tools that data center operators already have in place can fill this need. For example, Security Information and Event Management (SIEM) platforms, which analyze data and look for anomalies to detect risks or breaches, can typically analyze logs and metrics from network switches in addition to servers.

Related:Protecting Data Center Networks Against Subsea Cable Disasters

But again, security tools are not always configured by default to support network infrastructure. Data center admins must take the time to set up security tools for this purpose.

As creative attackers continue to look for weak spots in data center defenses, securing network infrastructure will become increasingly important. Servers may be the most common target for threat actors, but they’re certainly not the only viable entry point that assailants can use to break into an IT estate. As recent events show, network hardware or software can be a prime vector of attack, underscoring the need for robust defenses across all infrastructure.