After reading about the recent surge in Linksys router port scans, I'm concerned that our home users may have vulnerable devices through which they're connecting to the enterprise network. Are port-scanning surges alone a cause for concern? Do you have any suggestions to mitigate the risk?
Any enterprise that has home users has increased information security risks. The latest findings about Linksys routers being vulnerable to remote attacks is certainly part of the equation. The last thing enterprises need is for users to connect to the corporate environment or expose confidential login credentials from a network that has been breached.
The surge in router port scanning alone isn't necessarily problematic. What matters here is whether the devices themselves are vulnerable. If you're not sure, enterprises should scan employees' IP addresses using a tool like the free SoftPerfect Network Scanner from the office. (Note: Be sure to have employees go to whatismyip.com or a similar site to determine their current IP address so you don't scan someone else.) Users can also run ShieldsUP from their home computers. Alternately, enterprises could run a deeper vulnerability scan using a tool such as Nexpose or LanGuard. If you see questionable ports that are open or related vulnerabilities, you'll know you need to dig in further.
The good news is that many of these routers are hidden behind cable and DSL modems that lessen the issue, providing at least one layer of protection between the router and the open Internet. However, the exploit could get ugly not only for your users but for your enterprise as a whole. While you won't know until you get more information, enterprises would be wise to ask employees to provide the make and model of their home networking equipment. Test it and have them upgrade (or replace) the devices if needed. I wouldn't necessarily recommend this to users, but there are third-party firmware versions enterprises can install such as OpenWrt to resolve the issue.
Ask the Expert!
Perplexed about network security? Send your network security-related questions today! (All questions are anonymous.)
Dig deeper on Network Intrusion Prevention (IPS)
Related Q&A from Kevin Beaver, Network Security
The Wi-Fi personal mode may be easy to set up and use, but is it safe enough to use in an enterprise setting? Security expert Kevin Beaver discusses ...continue reading
TCP port 445 -- a traditional Microsoft networking port -- is a common attack vector. Network security expert Kevin Beaver explains how to detect and...continue reading
When an organization has a highly outsourced IT environment, it is critical to use a SIEM system to reduce security complexity and identify threats. ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.