Two-year-old network device flaw still affects two-thirds of devices

News by SC Staff

Around three-quarters of network devices carry at least one known security vulnerability, while two-thirds carry a two-year-old flaw.

Around three-quarters of network devices carry at least one known security vulnerability, while two-thirds carry a two-year-old flaw.

According to the Network Barometer report from services and solutions provider Dimension Data, 73 per cent of corporate network devices were carrying at least one known security vulnerability, almost double the 38 per cent recorded in 2009.

The survey of 270 businesses also revealed that a Cisco product security incident response team (PSIRT) vulnerability 109444, identified in September 2009, was found in 66 per cent of all devices.

That flaw related to denial-of-service vulnerabilities in the transmission control protocol (TCP). Cisco said: “By manipulating the state of TCP connections, an attacker could force a system that is under attack to maintain TCP connections for long periods of time, or indefinitely in some cases.

“With a sufficient number of open TCP connections, the attacker may be able to cause a system to consume internal buffer and memory resources, resulting in new TCP connections being denied access to a targeted port or an entire system.”

Neil Campbell, global general manager of security solutions at Dimension Data, said: “Given the pressure that organisations are under from regulatory bodies, consumers and their executive to protect customer information and privacy, as well as sensitive business information from both cyber criminals and competitors, it's hard to believe that they would knowingly expose themselves to this level of risk.

“The truth of the matter is that many organisations still don't have consistent and complete visibility of their technology estates. In fact, previous research not related to the Network Barometer Report carried out by Dimension Data found that clients are unaware of as much as 25 per cent of their networking devices.”

Campbell commented that while discovery processes may be falling short, if that vulnerability was taken out of the equation, the next four vulnerabilities were found in fewer than 20 per cent of all devices.

“It only takes one vulnerability to expose the entire organisation to a security breach, so organisations must do much more if they want to adequately protect themselves. This includes increasing the number of regular network scans to ensure that any vulnerability is picked up before it causes serious business continuity, compliance failure or reputational damage,” said Campbell.

“Organisations which are not ahead of the game when it comes to knowing and protecting themselves against the latest threats are playing a Russian Roulette of risk. They could be looking at a medium- to high-risk security threat like PSIRT 109444 and be at risk of a security vulnerability that falls into the extreme category.”

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events