IT teams have understood and feared the impact of hackers and malware on computer systems for decades. Now, service providers and organizations operating their own networks are learning that the security of network devices is subject to the same risks. Exploiting a flaw in network security could bring down all or part of a network and even allow someone to spy on traffic or inject fake data.
In today’s world, where nation states are regularly suspected of hacking and espionage, it is important to know how to secure network devices. The first and most important step in securing network devices for any network operator is to plug the holes that present the most obvious risk. And that’s not even the risk of an exploit.
Network device hacking occurs regularly on all kinds of devices from network equipment vendors. In most cases, hacks fall into two categories: spoofing control traffic and hacking into network device management systems. If operators are worried about network security threats, they need to fill those holes first.
Eliminate holes to secure network devices
IP networks exchange route information using control packets sent from one device to another to advertise connectivity. Route tables are built from these exchanges, and if someone introduces a bogus route advertisement, it can create inefficient or even invalid routes.
The Border Gateway Protocol (BGP) is at the root of most of these hacks, as it is the protocol used to advertise routes on networks from different providers. BGP is a complex framework, but it allows network operators to customize the routes they advertise and the sources they accept for other routes.
To secure network devices, first use BGP (access control lists) route control to determine which route advertisements network operators can accept and post. Second, use BGP monitoring to make sure that something is not leaking in the network due to a failure to properly configure routes.
Device management hacks are an even more insidious problem because they allow an intruder to change almost anything. In fact, they can sometimes cause network operators to lose control of their own network equipment. Most routers accept strong encryption for management links, so operators should use the strongest encryption available. In addition, they should eliminate any default ID and password combinations included for device setup as soon as a device is installed. This should be done in the lab, not in the live network.
Passwords for management systems should also be changed regularly and include strong identification of the source of management packages. In general, it is not a good idea to allow a package targeting a management API to come from the Internet or one of your VPN subnets where no management system instance should be installed.
Logging is another critical step in securing network devices. All access to a management API should be logged, and every change made to the configuration of any device should also be logged in a before-and-after form, with the source of the change clearly identified with a username and IP address. It’s pretty easy to use API and reporting software to examine management access patterns to find anything out of the ordinary.
Network Element Exploits
This brings us to the last class of hacks – exploits. An exploit is a software flaw that allows maverick code to be introduced into a network device. A common source of exploits is a buffer overflow, where a particular type of message causes the buffer that contains it to overflow, writing to anything beyond that in memory. If it is code, it is possible to include malware in the data message and then trick the code to execute beyond the buffer. The wrong code can then open a hole for more serious hacking.
Network devices are as vulnerable as computer systems to exploits, and a number of widely publicized network element exploits have taken place over the past year. When exploits are discovered, vendors fix them quickly, but not everyone applies fixes quickly. Never delay in applying these fixes, because once you introduce malware into a network, it is difficult to be sure that you have removed it completely. Exploits can open the door to widespread contamination of your management systems and other devices.
Recent attention in the area of exploit attacks has been the risk of a government agency tricking a device vendor into building a backdoor that can be exploited at will. Such a move would allow the agency to break into a network and perform almost any hostile function, from snooping on information to completely disrupting the network itself. This is the question that sparked a debate about the security of Huawei network devices.
Deliberate backdoor exploits are exceptionally difficult to detect at the best of times. Reviews of a device’s source code, for example, are unlikely to find a well-constructed exploit.
It’s even worse if the exploit is a combination of hardware or firmware and software. Many network devices include custom programmable chips, and those chips could include malware that could open a hole that the device’s software would enlarge. Although discussions about preventing backdoor exploits often include code reviews, they are unlikely to work.
IT will never find a smart chip and software exploit by inspecting code or hardware. You can’t set up a cleanroom and monitor a device for aberrant behaviors, because without the explicit stimulus the exploit is designed for, no such behavior will occur.
Even if service providers designed monitoring procedures to find a problem, what would they do if they found one other than shutting down the network? The point is, if a deliberately installed backdoor in a network device seems like a credible threat, the only way to avoid it is to ban the provider. Each operator and national regulatory authority will have to decide whether they believe such a threat exists for each supplier they admit.
It’s harder than it looks. Detection difficulties aside, it’s hard to believe that vendors would build in security holes. In a politically charged world, it is even more difficult to obtain objective information about the possibility of such a backdoor flaw. Each country considers its own industries to be flawless, but most countries do not trust each other.
Yet risking an entire network is an issue that many operators simply cannot ignore. The best strategy is to deal with everything on the basis of a rigorous assessment of the underlying reality of risk, and then to reassess regularly to adapt to changing conditions or international politics.