After reading about the recent surge in Linksys router port scans, I'm concerned that our home users may have vulnerable devices through which they're connecting to the enterprise network. Are port-scanning surges alone a cause for concern? Do you have any suggestions to mitigate the risk?
Any enterprise that has home users has increased information security risks. The latest findings about Linksys routers being vulnerable to remote attacks is certainly part of the equation. The last thing enterprises need is for users to connect to the corporate environment or expose confidential login credentials from a network that has been breached.
The surge in router port scanning alone isn't necessarily problematic. What matters here is whether the devices themselves are vulnerable. If you're not sure, enterprises should scan employees' IP addresses using a tool like the free SoftPerfect Network Scanner from the office. (Note: Be sure to have employees go to whatismyip.com or a similar site to determine their current IP address so you don't scan someone else.) Users can also run ShieldsUP from their home computers. Alternately, enterprises could run a deeper vulnerability scan using a tool such as Nexpose or LanGuard. If you see questionable ports that are open or related vulnerabilities, you'll know you need to dig in further.
The good news is that many of these routers are hidden behind cable and DSL modems that lessen the issue, providing at least one layer of protection between the router and the open Internet. However, the exploit could get ugly not only for your users but for your enterprise as a whole. While you won't know until you get more information, enterprises would be wise to ask employees to provide the make and model of their home networking equipment. Test it and have them upgrade (or replace) the devices if needed. I wouldn't necessarily recommend this to users, but there are third-party firmware versions enterprises can install such as OpenWrt to resolve the issue.
Ask the Expert!
Perplexed about network security? Send your network security-related questions today! (All questions are anonymous.)
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.