CVE-2023-20078: Cisco IP Phone Unauthenticated Command Injection | Aaron Fosdick posted on the topic | LinkedIn (2024)

It's not always clear to non-OT businesses why IoT security is a concern. Here is a perfect example of leveraging insecure Cisco IP phones to gain a domain account and pivot into the rest of the corporate network. (Compliments to the TrustedSec team for a solid blog post)https://lnkd.in/e8arxX6X

21

Actively exploited Cisco 0-day with maximum 10 severitygives full network control >>> lqventures.com #digitalhealth #socialmedia #digitalmarketing #mhealth #IoT #healthtech #industry40 #AI

1

Actively exploited Cisco 0-day with maximum 10 severitygives full network control >>> lqventures.com #digitalhealth #socialmedia #digitalmarketing #AI #mhealth #IoT #industry40 #healthtech

(30) Cisco ISA3000 - Industrial firewalls for IOT/OT#31_reasons_to_choose_cisco_secure_firewallCisco is a leader in securing enterprise networks. Cisco is also a leader in securing industrial networking. The Cisco Secure Firewall ISA3000 is a true industrial firewall and a foundational component of your IoT/OT security journey with the below features - Four data links, is a DIN rail mount, ruggedized appliance - Segmentation of large internal networks, and manage VPN connections- Support industrial protocols from vendors Omron, Rockwell, GE, Schneider, Siemens, and others. - Supports OT protocols including DNP3, CIP, Modbus, IEC61850, and more.- Support extreme temperature, vibration, shock, surge, and electrical noise.- Ideal DMZ firewall to connect utility substations, pipeline networks, remote control units, or street cabinets.- Cisco Secure Firewall ISA3000 integrates with Cisco Cyber Vision, Cisco ISE , Cisco XDR , Cisco Threat Response, Cisco Secure Endpoint, Cisco Secure IPS- Can be managed locally wit SDM or centerally with FMC or from cloud via CDO- It comes with ASA or FTD softwrae- Supports same license as FTD Threat Defense Threat, Malware Protection, and URL Filtering licenses

64

2 Comments

The IoT vulnerabilities strike again! These routers were lest sold in 2020. If you have one, look to upgrade in the near future. If your business needs some expertise on protecting your data & systems, contact me. Virginia Business Systems has the proactive approach you need. #iot #business #data

What is Needed for a Network to Function in Tough Environments?The new PLANET IGS-4215-16P2T2S is an Industrial-grade, DIN-rail type L2/L4 Managed Gigabit PoE+ Switch is designed to operate reliably in harsh conditions, offering a power budget of up to 320 watts with -40 to 75 degrees C temperature range.Learn more: https://lnkd.in/enkgECcJEmail: sales@planet.com.saContact: +966533226317#ShapingFutureNetworking #PLANETTechnology #PLANET #PoE #Ethernet #network #IoT #cybersecurity #smartfactory #IndustrialEthernet #DigitalTransformation #Connectivity #DataTransfer #IndustrialAutomation #Industry40 #manufacturing #Engineering #innovation #technology #businessgrowth #Networking #PersonalGrowth #ProfessionalGrowth #Community #Collaboration #NetworkinSaudi #SaudiArabia #BusinessNetworking

2

Firmware in embedded systems can be difficult or impossible to update, and this creates major security concerns for embedded devices. Historically, embedded systems were designed for life cycles of 15 years or more, and system updates were not taken into account. However, the Internet of Things (IoT) has changed the nature of embedded systems, and the number of possible attack vectors has increased exponentially.Today, the embedded systems of smart devices can be hacked to control many parts of the physical world, including critical industrial systems, medical equipment, and other devices that can directly impact people’s lives. Understanding lateral movement threats in embedded systems security with Embedded.com - https://lnkd.in/dKCX2E8G#embeddedsoftware #softwareengineer #firmwareengineer #embeddedsystems

2

Cloudpath simplifies the process of securely connecting devices to a Wi-Fi network and enforcing network access policies. It offers a seamless and automated approach to provisioning and managing the security certificates, encryption keys, and network credentials required for secure network access. This eliminates the need for manual configuration and reduces the risk of security vulnerabilities.Some key features of Cloudpath include:- Secure Device Onboarding: Cloudpath allows administrators to easily onboard and provision devices onto a network while ensuring strong security measures. It supports a variety of devices, including laptops, smartphones, tablets, and IoT devices.- Certificate-based Authentication: Cloudpath uses digital certificates to authenticate devices, providing a higher level of security compared to traditional username/password authentication methods. This helps prevent unauthorized access and protects against credential theft.- Network Policy Management: Administrators can define and enforce network access policies based on various criteria, such as user roles, device types, and time of day. This allows for granular control over network resources and helps ensure compliance with security policies.- Guest Access Management: Cloudpath simplifies the provisioning and management of guest access to a network. It enables administrators to create customized guest portals, set access durations, and implement guest-specific policies to provide a secure and controlled guest network experience.- Analytics and Reporting: The platform provides detailed analytics and reporting capabilities, offering insights into network usage, device inventory, and security events. This information helps administrators monitor the network, troubleshoot issues, and make informed decisions regarding network management and security.Cloudpath is often used in conjunction with RUCKUS Networks wireless access points and switches, but it can also integrate with other network infrastructure solutions. It aims to streamline the process of securely connecting and managing devices on a network, enhancing network security and user experience.Link to learn more:https://lnkd.in/eDtE7Xan#secure #networkonboarding #byod #1to1 #educationtechnology #networkaccess #guestaccess #analytics #reporting #insights #policymanangement #troubleshooting #networkresources #experience #security

42

Private Pre Shared Key, Identity Pre Shared Key, Multiple Pre Shared Key, whichever name your wireless vendor has given this feature, don't be confused by its purpose.For this post I'll use the term Private Pre Shared Key (PPSK). PPSK allows different users or devices to connect to the same wireless network and potentially provide different access levels.It's possible to assign different VLANs or security rules to a device depending on the PPSK it used to authenticate. A PPSK can be created for a user to connect multiple devices (laptop, phone, ipad) to a network and group them into a single security group so they can access each other and not other devices (to enable casting to a TV for example).This is also great for hotels, apartment buildings or University dorms, all places where one user may have multiple devices that need to interconnect.PPSK isn't recommended to be used for Enterprise access, and shouldn't replace 802.1x authentication if possible.Another use case is to separate devices based on their function.Mobile phones may use passphrase #1, laptops use passphrase #2, and security cameras use passphrase #3.Network segregation can be implemented by placing each device type into their own VLAN and securing them with a network firewall.In the event that a passphrase is compromised and known to people who shouldn't know it, the passphrase needs to be changed.If PPSK is used, only that compromised passphrase needs changing, meaning only a single device or group of devices needs updating, instead of every device connected to the network. PPSK is perfectly suited for IoT devices that can't authenticate using 802.1x, and can provide security connectivity to those device while keeping them separated from the rest of the network.PPSK is a great balance between improving security and not adding too much complexity to the network.Some vendors provide enhanced features and security if using a NAC solution, limiting PPSK logins to specific identified devices.Something which may benefit more security conscious organisations.Are you planning to implement PPSK in your environment?#network #wifi #junipernetworks #meraki #ubiquiti #cybersecurity #vlan

In a Connected World, Security is Paramount. Explore #IARM IoT Security Services. 💡🔐 Secure #iot#automation #manufacturing #medicaldeviceshttps://lnkd.in/gbu2aJSz