A recent security scan at a research lab revealed a disturbing fact - a large number (about 25%) of networked devices are still vulnerable to the 3-year-old land/teardrop exploits. These included things like HP printers, PLCs (programmable logic controllers), various flavours of Microsoft operating systems (a 50% survival rate), older systems such as Digital Ultrix, RTOSs (real-time operating systems) etc. etc. Some of these devices were being used in sensitive control applications (though not safety-related systems). I suspect that this situation is not that unusual - sites may keep their webservers and other machines in the DMZ updated and fairly secure, but not have the resources to constantly update everything else as well. Some networked devices are essentially "black boxes" - the TCP stack is held in read-only memory with no update capability. Such devices may have a much longer service life at one software revision compared to traditional computers. Such devices may find their way into sensitive areas such as process control, patient monitoring, alarm systems etc. Suggestions: Sensitive networks should be placed behind a local dedicated firewall, not just a corporate or site firewall. Purchasing approval of networked devices should be subject to passing a security/vulnerability check. Existing networked devices in service be (carefully!) tested for DoS resistance. TCP stack hangs or crashes should not place control software in an unsafe state. Andrew Daviel Vancouver, Canada
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:41 PDT