Phlashing is more than theoretical: it's been demonstrated at conferences, like London's EUSecWest security conference
in May 2008. You're correct to point out that there hasn't been a widespread outbreak in the wild. Nevertheless, enterprises should fortify devices to protect against this type of attack.
The best advice I can give you is to never connect the management interface of a device to a public network. Doing so invites trouble by making it possible for an attacker to upload non-authentic firmware. Ideally, such devices belong on their own private control network, accessible only to administrators with a legitimate need to configure the devices.
Dig deeper on Denial of Service (DoS) Attack Prevention-Detection and Analysis
Related Q&A from Mike Chapple, Enterprise Compliance
Should companies obtain U.S. security clearance to join the Enhanced Cybersecurity Services program? Mike Chapple offers his perspective.continue reading
Does a Web application security assessment termed 'compliance ready' seem too good to be true? Learn its role in an enterprise compliance program.continue reading
Learn how hiring the right PCI DSS-compliant service providers, especially payment services providers, can reduce your compliance burden.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.