3. Open telnet and SSH ports

Companies that use third parties to remotely access and troubleshoot systems should properly secure or close telnet and SSH ports. Without these protections in place, all a remote technician needs is a single internal IP address to get anywhere on your network without your knowledge.

It is dangerous to assume that remote technicians have limited knowledge of your IP addressing schemes, as it is possible the same technician has worked on site at your facility. Also, infrastructure equipment often shares one easily guessed password, making it simple for an insider to access unauthorized equipment.

As a standard practice, it is recommended that companies restrict third-party access via telnet or SSH to systems beyond the typical scope of their services, unless the session is recorded or actively shadowed by a member of your team. Alternatively, many organizations use intermediary systems to create a proxy for these sessions, adding the needed level of control and tracking.

4. Server console ports

Technicians frequently connect to serial console ports, very often on routers and Linux/Unix servers. To provide scalable access, companies will typically connect to serial console ports using terminal servers. However, terminal servers, by default, offer minimal security.

By gaining access to a single terminal server, an insider can access and potentially disable thousands of systems. As such, it is recommended that companies regularly review terminal server security capabilities and place security devices outside the console ports of systems hosting sensitive data (for example, financial records, customer data and human resources information).

5. Unmonitored extranet traffic

Extranets provide a convenience for companies, allowing them to open their networks to vendors, customers and partners to support real-time collaboration. Extranets (for example, IPSec, SSL, remote desktop) work reasonably well when the number of systems to be shared with outsiders is small and the authorization level on those systems can be tightly controlled. However, typical extranets, where access to many systems is required or where high-level authorization must be granted, can be problematic. Often, too much access is granted inadvertently, and activities cannot be closely monitored and controlled. As opposed to typical extranets, vendor access and control systems offer the extra layer of control needed to prevent sabotage and data theft.

While many third-party providers are trustworthy, it is risky to make that assumption. Regardless of whether employees and/or third-party providers access your network, human motivations remain the same. With any insider, there is the prospect of misuse, possibility of mistakes, and opportunity for theft. Increased awareness combined with a few protective measures can reduce the risk.

This vendor-written tech primer has been edited to eliminate product promotion, but readers should note it will likely favor the submitter's approach.