Part of the identification process involves determining how the devices connect and what access privileges they have. That job is harder if you're dealing with, say, a printer that doesn’t even connect to Wi-Fi and has firmware that’s hard-coded and can’t be updated. That type of device is a target. Too often, hackers look for fringe devices like printers that use the default firmware, passwords and admin functions, so Haber says you may want to block the use of any outdated devices you find as part of the identification process. The integrity of your network and IT systems takes priority over any usefulness that an unusual fringe device might have.
4. Perform regular security audits
It’s common for larger companies to perform regular security audits. Unfortunately, it can also be common for audits to overlook fringe devices like printers, network drives and cameras.
Leon Glover, senior director of product management and project management at security vendor ThreatSTOP, says failure to do a thorough audit is one of the most common causes of breaches. He says every audit should involve an assessment of the risk of even allowing fringe devices to exist on the network. As part of that exercise, you should weigh the amount of damage an attack could cause against the benefit of using that device. If the device is extremely unusual — say, a new Ubuntu-powered smartphone — it may not have enough usefulness to merit approval
“If a fringe network device only provides limited value while increasing security risk, then it should not be allowed on the network,” Glover says. “It's very difficult to provide solid network protection, so why complicate that effort with a small number of odd devices?”
5. Put fringe devices on their own network
Another approach to preventing a catastrophic breach that starts with an attack on a one-of-a-kind device is to allow fringe devices to be used, but only on an isolated network that’s reliably secured. Tony Anscombe, a senior security evangelist at security vendor AVG Technologies, says that might be difficult — IT would have to create a completely new network for devices that may have limited utility — but it would be worth the effort because fringe devices represent an ever-increasing security risk.
To illustrate the risk created by the use of fringe devices, Anscombe points to LIFX’s line of smart LED light bulbs, which share Wi-Fi credentials from one model to the next. The “host” light bulb might connect through a main network gateway and expose a weakness that hackers could easily exploit. “Devices that we least expect to be connected have shown to create vulnerabilities,” he says, adding that those vulnerabilities “can be exploited to gain access to networks and data that would have otherwise remained safe.”
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.