EOL – End of Life. With hardware this can mean that when the iPhone is dropped down the toilet or the laptop is dropped down the stairs, they have reached the end of their service life. But usually it is something more subtle – hardware reaches EOL when vendors stop supporting it for cyber security patches. With operating systems and computers it is very obvious when EOL has been reached, but those network devices that provide your perimeter security can be overlooked easily .
This is the case with this D-Link vulnerability – the vendor no longer supports the device and the only thing they suggest you have to do is replace it.
D-Link NAS Device Backdoor Abused – SANS Internet Storm Center
EOL, Devices and Cyber Security
Getting an inventory of what clients depend on for their cyber security is a key part of any IT Support and Cyber Security audit I undertake. Most times devices only need patching to make them secure again and old computers are easily replaced as the user is probably fed up with them by this time. The real issues start when it comes to smartphones, especially those “Bring-your-own-device” (BYOD) devices. Organisations like BYOD as it saves them money and staff like BYOD as they can do their work and browse Facebook at the same time. But I often find that only Apple, Samsung and Google phones and tablets are recieving punctual, effective cyber security updates, with Apple being the only one that is still supporting devices 3 or 4 generations back. This is always a difficult conversation – I am never popular but it has to be faced. (There will be more on this issue of organisations and users disliking cyber security experts in this week’s article on CyberAwake.)
Your takeaway
Do you know if your organisation’s sensitive information is on an insecure device or if your network perimeter defences are flawed?
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Are you using Bring Your Own Device – BYOD – to save money? – CyberAwake