Russian Targeting of Network Infrastructure
We have this in hand…
and this is why…
Russian targeting of Network Infrastructure; the National Cyber Security Centre (NCSC) has recently published an advisory relating to Russian state-sponsored targeting of Network Infrastructure. This advisory is aimed mainly at those managing enterprise-class environments, as well as communications providers (like Spectrum Internet) who manage SOHO/Residential routers and switches. As a matter of course we have reviewed all of our managed systems against the specific threats and are confident that we have appropriate measures already in place. For those interested in the technical details, the full advisory is available here
While we are confident in the measures we have in place to protect our customers and our network this is a timely opportunity to recap some of the key security measures we provide all of our connectivity customers, free of charge.
All devices that are deployed and managed by us have a secure-by-default configuration which includes:
• Fully updated firmware before deployment
• All remote management features not required are disabled (e.g. Telnet, HTTP, SNMP)
• Only encrypted remote management protocols are used
• Remote management is restricted to secure systems within our Network Operations Centre (NOC)
• All default passwords are reconfigured prior to deployment
• UPNP Protocol disabled on our routers prior to deployment
All public IP addresses provided by us are regularly scanned for known vulnerabilities. These are the same vulnerabilities the ‘bad guys’ are looking for. Where a vulnerability is identified we proactively contact the customer and work with them to eliminate the vulnerability or put in place appropriate mitigation’s.
Network Compromise Alerting
In conjunction with NCSC and their security partners we receive alerting whenever on of our IP addresses is identified as a source of malicious activity. This is typically a result of a compromised piece of kit inside a customer’s network that may be taking part in a Distributed Denial of Service (DDOS) or other such attack. The affected customer is frequently not aware that their systems have been compromised. When we receive such alerts we proactively contact our customer to assist with identifying and remediating the problem.
This is a free opt-in service provided to our customers focused on raising awareness of potential security threats. Our in-house teams are always on the lookout for potential security issues, drawing on sources such as NCSC, industry forums and manufacturers and vendors notifications. Where we feel that such issues could impact our customers we will communicate these issues to all opted-in customers and where appropriate suggest possible mitigation’s or point the customer toward appropriate resources.
Malicious Content Blocking through DNS
All customers can opt-in to our free DNS Blocking service targeted exclusively at blocking access to known malicious content. This service, developed in partnership with the Global Cyber Alliance is provided as a fully-managed solution. Delivered from our own DNS servers, and built on the QUAD 9 platform, it provides an additional layer of protection from malicious content, with no advertising and full respect for our customers’ privacy.
What else can we do? Advice to Customers.
The heightened awareness that this NCSC announcement generates will have our customers considering what they can do to protect themselves, in addition to the steps we have taken. As always our advice is make sure that the basics are covered. Whether you are a small business or a home user, paying attention to these basics is essential for cyber security:
- Keep your devices patched and up-to-date
- Always change the manufacturers default passwords
- Where appropriate run up-to-date anti-malware software
- Don’t reuse passwords between environments
- Keep an up to date backup of your data
The NCSC’s general advice for small businesses