Nt1310 Unit 3 Assignment 1

662 Words2 Pages

The Risk: In the first four months of 2014, the Center for Internet SecurityUS entity (CIS) observed increased defacement activity targeting printers used by state, local, tribal, and territorial (SLTT) governments. While current open source reporting identifies seemingly benign defacements of open systems, there is a chance that actors will target printers, copiers, and other embedded devices for more malicious purposes. The Threat: In the first half of 2014 (H1 2014), CIS identified malicious actors defacing an increasing number of printer webservers, belonging primarily to educational institutions. Figure 1 highlights the increased number of SLTT printer defacement notifications compared to general web server defacement notifications in …show more content…

Malicious actors conducting reconnaissance against vulnerable printers are likely to use “dorking” techniques on common search engines, as well as tools like SHODANUS entity, which identify and index a searchable record of such systems. Dorking allows users to create customized search queries to identify potentially vulnerable devices because manufacturers use well-documented practices to identify …show more content…

Advanced persistent threat (APT) actors conducting espionage are known to gain access to secure systems by compromising less secure systems, elevating privileges, and traversing the network. • Disruption: Malicious actors may seek to exploit SLTT networked printers for other malicious purposes, such as disruption of other systems. Open source reporting suggests malicious actors previously developed a botnet of printers and other embedded devices to conduct distributed denial of service (DDoS) attacks over common network protocols. The Action: CIS recommends that SLTT entities implement the following measures to secure multifunction printers, copiers, and other embedded devices: • Implement the same security policies as would be implemented on any networked system, where possible. In particular, printers should be denied access to the Internet through a firewall, intrusion prevention system, intrusion detection system or other inline filtering device. Accounts should also be secured and default passwords replaced with a strong, complex password containing letters, numbers, and special characters. • Implement IP whitelisting so that only authorized systems communicate with

More about Nt1310 Unit 3 Assignment 1

Open Document