Eugenio Marongiu - Fotolia
What is the issue with Network Address Translation - Port Mapping Protocol (NAT-PMP) implementations that are causing device vulnerabilities? How can we test to see if devices on our network are vulnerable and, if we find some, how can they be fixed?
The vulnerabilities in these Internet-connected devices, primarily SOHO-class routers and networking products, are no doubt a serious concern for small and large businesses alike; small businesses because such systems are typically implemented without an inkling of thought put into the security ramifications, and large businesses because of the mobile workforce that is no doubt utilizing such devices, which, in turn, can introduce risks into the enterprise network environment.
The NAT-PMP security vulnerability is one that organizations small and large need to be testing for where possible and including in their security standards and policies. That said, it's one thing to create standards and policies; however for larger organizations, it can be next to impossible to "test" the security of each device that employees may be using from home and other remote facilities.
It would be wise to step back and look at these NAT-PMP security vulnerabilities and their potential to create business risk, and determine what the best approach might be for your organization. It could be as simple as educating users or as complex as setting up a vulnerability testing system whereby your users go to a website you have configured to work in conjunction with a tool such as Rapid7's Nexpose or GFI Software's LanGuard to test to see if their devices are vulnerable.
If anything, this underscores the need for a layered network security and defense, including inspection of remote network traffic, strong authentication including NAC-type capabilities, as well as data loss prevention and related endpoint security controls.
Ask the Expert:
Perplexed about network security? Send Kevin Beaver your questions today. (All questions are anonymous.)
What is NAT? Do you know if it's happening on your network? Learn more here
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.