How Insecure Network Devices Can Expose Data Centers to Attack
Network hardware could be the hidden weak link in data center security, exposing workloads to attack. Learn why these risks matter – and how to prevent them.
You know threat actors are trying to plant ransomware on your servers. But could they also be targeting your data center networking equipment? The answer is a likely ‘yes’.
Although data center networking hardware, like switches, tends to receive less attention than servers during discussions of cybersecurity, the reality is that network equipment can pose just as much of a risk as the rest of your IT infrastructure in exposing workloads to attack.
Here’s why network equipment could be the weakest link in data center security – and what you can do to protect it.
Data Center Cybersecurity Risks in Network Devices
In a data center, network devices are switches, routers, and other devices that manage network traffic. They are often physical devices, but they can also be software-defined networking solutions that run on conventional servers.
Like most other types of IT resources, data center networking hardware can be subject to a variety of cybersecurity risks, including:
Software vulnerabilities in the firmware installed on network devices
Software vulnerabilities in the operating systems that power network devices.
Software vulnerabilities in software-defined networking systems.
Software vulnerabilities in remote management or administration tools that engineers use to interact with networking devices.
Unauthorized physical access to network devices or the software that controls them.
Weak or publicly known login credentials, which attackers could use to access the devices.
These risks are far from theoretical. In one prominent recent example, a vulnerability in NX-OS, an operating system used on Cisco networking hardware, gave attackers potential root access to impacted devices with ability to take full control of the devices.
Network hardware, from switches to routers, poses unique risks that can make data centers vulnerable to attack (Image: Alamy)
Why Securing Network Hardware Matters
The same types of risks apply to the software and hardware associated with servers. You can also have vulnerabilities that enable root access and arbitrary code execution in any server operating system, for example. Unauthorized physical access to server consoles could result in wide-ranging damage.
However, cybersecurity risks involving network infrastructure are different because they’re easier to overlook. Most organizations that are meeting at least basic data center cybersecurity requirements have procedures in place to harden their servers against attacks and monitor for breaches that might be underway.
Read more of the latest data center security news
But network infrastructure risks are harder to identify. Security monitoring tools that can identify anomalous behavior don’t always support devices like network switches – and even if they do, they may not be configured to ingest the data they need to monitor such devices effectively.
The same is true of patch management software, which often focuses on ensuring that server-based operating systems and applications are up-to-date but does not check network switch and router software or firmware.
Network devices are also subject to some specialized risks in the realm of access credential management. Simpler devices may come preconfigured with default login credentials – like “admin” and “password” – that are publicly known and which attackers could exploit. Fortunately, enterprise-grade data center network hardware vendors typically don’t ship devices with security risks like this. But it’s still a potential issue that could affect network infrastructure and is not usually a problem on servers, which rarely come with generic login credentials.
Defending Data Center Network Infrastructure Against Attacks
Mitigating risks like the ones described above isn’t especially complicated; it simply requires extending data center security tools and procedures to cover network infrastructure.
In many cases, the tools that data center operators already have in place can fill this need. For example, Security Information and Event Management (SIEM) platforms, which analyze data and look for anomalies to detect risks or breaches, can typically analyze logs and metrics from network switches in addition to servers.
But again, security tools are not always configured by default to support network infrastructure. Data center admins must take the time to set up security tools for this purpose.
As creative attackers continue to look for weak spots in data center defenses, securing network infrastructure will become increasingly important. Servers may be the most common target for threat actors, but they’re certainly not the only viable entry point that assailants can use to break into an IT estate. As recent events show, network hardware or software can be a prime vector of attack, underscoring the need for robust defenses across all infrastructure.
About the Author
You May Also Like