Why update IT equipment...IT Security
August 22, 2016
Shadow Brokers Leak Just Revealed How The NSA Broke American-Made Encryption
At times do you feel like your IT department is like "Chicken Little" predicting chaos and mayhem if additional resources are not allocated to the IT budget? You are not alone. However, there is some validity to this request. Companies (Microsoft, Cisco, etc.) associate a life cycle with equipment and software. During the life cycle the company provides support and security patches. Once equipment or software have reached their end of life support and security patches are discontinued. Continuing to utilize end of life equipment and software places your business at risk.
The end of life for Windows XP is a popular example. Windows XP was the most popular operating system at one time. Microsoft supported it for approximately 12 years. On April 8, 2014, Microsoft discontinued Windows XP. The continued use of Windows XP creates an unnecessary risk for businesses because support and security patching is no longer provided.
Another example is the Cisco PIX vulnerability. Forbes published the article, Shadow Brokers Leak Just Revealed How The NSA Broke American-Made Encryption, explaining the exploit:
"The weakness resided in Cisco’s PIX product, discontinued back in 2009, according to an analysis by London-based security researcher Mustafa Al-Bassam. The so-called BENIGNCERTAIN exploit dropped by the Shadow Brokers was not dissimilar to the infamous Heartbleed hacks of 2014: the snoop would send specially-crafted requests to a Cisco PIX server – in this case what’s known as an Internet Key Exchange (IKE) packet – that would cause the device to dump pieces of its memory. Keep doing that and eventually the hacker could get the passwords for the PIX devices. The firewall could then be hacked."
Hackers continually search for vulnerabilities so there is not a "silver bullet" solution that will protect you 100%. However, there are best practice standards that you can implement to reduce IT security risks.
- Include IT Security as part of your IT Strategic Plan
- Update servers and computers with patches regularly
- Implement IT asset life cycle policies and procedures
- Provide IT security training for employees and vendors
- Audit your network for potential vulnerabilities
Contact us today for assistance with your IT Security, firstname.lastname@example.org or 770.396.6000 Option 1.