When an individual connects their device to the internet, they probably don’t give much thought to the fact that their device is now part of a corporate network – just to access their favorite social media platform.
For organizations though, it is important to actively manage all hardware assets so only authorized devices can access the network and unmanaged devices can be detected and prevented from gaining access.
Knowledge itself is power.Francis Bacon
Before you click away, disappointed that I’m writing something you already have in place, hear me out. You might find yourself with extra insight and a tip or two that could make the difference between a breach or detection.
The Weakest Link
Imagine a well-dressed business man walking in the office and asks the receptionist for the finance manager in the company. While dropping his name he mentions he took a train early and asks if he could make use of a meeting room while he waits for his appointment. The receptionist guides the gentlemen to an available room and offers him coffee and a complementary cookie. Thanks!
He starts hooking up his laptop to a network port and voila — access to the network. Very convenient for an employee, but in this case the business man is hired by a competitor the get the latest production plans on the new machine the company is producing. He pivots through the network, exfiltrates data to a public FTP site and leaves the offices.
This example could be a targeted attack. Luckily, it won’t take place everywhere, but BYOD, unpatched systems, new computers hooked on the network by IT are often a start in the hackers attack chain.
Manage Your Hardware Assets
Some simple measures will make sure we can manage hardware devices in the way we want. In this way you’ll have control over which devices can access your network, and which cannot.
- Make use of automated inventory tools to keep track of managed devices connecting to your network.
- Detect any unmanaged and unauthorized devices that establishes a connection.
- Maintain an active inventory overview of all hardware assets, even those that connect briefly and then disappear.
Guest and mobile devices, BYOD and devices connecting over VPN are harder to keep track off. These devices may periodically join the network and then disappear. Threat them all as unauthorized until the device or user authenticated itself to the network. Unknown devices are also at greater risk being targeted by exploits, because their software may be out of date.
The Success Factors
In order to the get to results, we have to combine proven technologies. There is a good change you already have them in place.
- IT Service Management Tools and IT Asset Managers helps us collect information about hardware assets.
- Based on 802.1x and NAC we are able to automatically identify these devices and give them the appropriate access level.
- Report and log suspicious devices and unexpected authentication request to your SIEM.
So it is up to the technology to automate this process to become fully effective.
Over To You
I hope the contrast in these guidelines help to highlight what should be done to get in control of your hardware assets. Don’t overcomplicate procedures and technical solutions. The more lightweight you keep the idea — the quicker it gets executed.
Great food for thought: Art of Deception by Kevin Mitnick. The book might be a bit dated, but still is very relevant.