Eugenio Marongiu - Fotolia
What is the issue with Network Address Translation - Port Mapping Protocol (NAT-PMP) implementations that are causing device vulnerabilities? How can we test to see if devices on our network are vulnerable and, if we find some, how can they be fixed?
The vulnerabilities in these Internet-connected devices, primarily SOHO-class routers and networking products, are no doubt a serious concern for small and large businesses alike; small businesses because such systems are typically implemented without an inkling of thought put into the security ramifications, and large businesses because of the mobile workforce that is no doubt utilizing such devices, which, in turn, can introduce risks into the enterprise network environment.
The NAT-PMP security vulnerability is one that organizations small and large need to be testing for where possible and including in their security standards and policies. That said, it's one thing to create standards and policies; however for larger organizations, it can be next to impossible to "test" the security of each device that employees may be using from home and other remote facilities.
It would be wise to step back and look at these NAT-PMP security vulnerabilities and their potential to create business risk, and determine what the best approach might be for your organization. It could be as simple as educating users or as complex as setting up a vulnerability testing system whereby your users go to a website you have configured to work in conjunction with a tool such as Rapid7's Nexpose or GFI Software's LanGuard to test to see if their devices are vulnerable.
If anything, this underscores the need for a layered network security and defense, including inspection of remote network traffic, strong authentication including NAC-type capabilities, as well as data loss prevention and related endpoint security controls.
Ask the Expert:
Perplexed about network security? Send Kevin Beaver your questions today. (All questions are anonymous.)
What is NAT? Do you know if it's happening on your network? Learn more here
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading