Skip to main content

Risk of Obsolete Devices - Measures To Reduce The Likelihood of Compromise

obsolete device

Photo by Howard Bouchevereau on Unsplash

By Arthur Moses Opio

Vulnerable products have what security experts call exploits. An attack can only be successful if the exploits are reachable. 
The goal here is to limit data we do not trust from reaching the vulnerable device, this means exploitation won’t be possible. 

In one of the articles How Using Obsolete Devices Can Be Risky, one of the risks is that the product will no longer receive security updates from its developers, increasing the likelihood that exploitable vulnerabilities will become known by attackers.

These are some of the steps we can take to reduce a possible compromise.

However, the key thing, in the long run, should not be to keep an obsolete device or software but to upgrade and move to a new one. It is important to plan a transition from the time a device is procured. This means you should know when the device will become obsolete. knowing takes away excuses that "I did not know this software or product had come to its end of life".  Network/Systems administrators must know the latest information regarding the devices and what the manufacturers are saying. 

Steps to Take

1.    Limit Cyber Attackers Access To Obsolete Devices

Attackers are able to get to such devices via email, web browsing, file sharing, network ports, and removable media like USBs. These routes have to be cut out or blocked/disabled.
Even if the data on such computers is from a known third party source, they should be treated as “untrusted”. Also, data retrieved from storage should be treated as “untrusted” if its source was originally external. 
There has been a tendency of people using flash disks from cafes in Wandegeya, that has and continues to be a source of serious viruses. To avoid flushes. Use the power of email. E.g in Google, you don’t have to download the document, all you have to do is open it in google docs, read, make changes, and print.

"True Cybersecurity is preparing for what's next not what was last " - Neil Rerup, Cybersecurity Expert

2.    We Can Prevent Access To Untrusted Services From Obsolete Devices

Technical controls can be implemented to prevent access to external and untrusted services from the obsolete device. This means such a device shouldn’t be used for web browsing. The high technical level would be to create “Thin Clients” – this means allowing the device to only remotely access a server where browsing can be done. The other thing to do is to make sure that administrative rights on such machines aren’t there to avoid downloading and installing anything from the browsers.

3.    Access to Removable Media Should Be Prevented


Removable media like USBs can be used to transport malicious content. Their access should be prevented. In today’s era, Smartphones, and tablets can also be used to transfer data to obsolete devices. If they are compromised attacks can be launched against obsolete devices.  

A thumb drive was delivered by an Iranian double agent working for Israel. In it, there was a payload to infect the Nuclear facility with the highly destructive Stuxnet computer worm.
Read more of the story from this link So be careful when inserting a flash disk into your computer, we are better off being safe than sorry. 

4.    Other Things That Can Be Done


      a.    Wipe devices regularly to attempt to remove any resident malware
      b.    Treating obsolete devices as untrusted
      c.    Improve protecting monitoring, logging, and auditing of obsolete devices
      d.    Incident response

source (National Cyber Security Center)

We are better off by "SAFE" than "SORRY"

 

 

© 2020 All rights reserved - Directorate for ICT Support (DICTS) - Makerere University

Available Office Time: 8:00am - 5:00pm (Monday - Friday)

Service Desk - https://support.mak.ac.ug

Email: helpme@dicts.mak.ac.ug
Phone: 0414 531343/437
Hours: 9:00am - 5:00pm