While the Misfortune Cookie vulnerability in routers can only be mitigated by the hardware vendors, what steps...
can my organization take to remain secure? How can we ensure other routers won't fall victim to similar attacks?
The Misfortune Cookie flaw affects the RomPager Web server that runs on millions of consumer-centric routers and gateways. Apparently, more than 200 models of these systems are affected. The exploitation involves merely sending a single cookie to the device that, in turn, effectively opens the system up for remote control. This can allow for further exploitation of devices behind the router/gateway.
I don't believe you'll be able to keep other routers from falling victim to such attacks, especially when those routers are out of your control. What you can do, however, is minimize the impact to your business in the event that such a router vulnerability is exploited by:
- Using (or requiring) VPN connections for all inbound network traffic;
- Utilizing technology such as NAC to enforce malware, personal firewall, full disk encryption and other endpoint security controls;
- Requiring users to have corporate-issued systems (i.e., laptops, tablets, phones) rather than connecting with personal systems that are likely unsecured and infected with malware;
- Using data loss prevention to monitor for sensitive information abuse; and
- Training your users on what to do and what not to do as well as providing instructions on how to test for this security flaw and how to fix it.
Once users are on your network, you have additional options -- such as segmenting them to unique network segment, analyzing their computer behavior and network traffic, and the like. You might go as far as limiting what remote users can do on the network.
Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)
Learn how to identify and prevent router, switch and firewall vulnerabilities
How to protect vulnerable routers from the Cupid flaw
Secure Wi-fi routers from backdoor attacks
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.