By Arthur Moses Opio
Vulnerable products have what security experts call exploits. An attack can only be successful if the exploits are reachable.
The goal here is to limit data we do not trust from reaching the vulnerable device, this means exploitation won’t be possible.
In one of the articles How Using Obsolete Devices Can Be Risky, one of the risks is that the product will no longer receive security updates from its developers, increasing the likelihood that exploitable vulnerabilities will become known by attackers.
These are some of the steps we can take to reduce a possible compromise.
However, the key thing, in the long run, should not be to keep an obsolete device or software but to upgrade and move to a new one. It is important to plan a transition from the time a device is procured. This means you should know when the device will become obsolete. knowing takes away excuses that "I did not know this software or product had come to its end of life". Network/Systems administrators must know the latest information regarding the devices and what the manufacturers are saying.
Steps to Take
1. Limit Cyber Attackers Access To Obsolete Devices
Attackers are able to get to such devices via email, web browsing, file sharing, network ports, and removable media like USBs. These routes have to be cut out or blocked/disabled.
Even if the data on such computers is from a known third party source, they should be treated as “untrusted”. Also, data retrieved from storage should be treated as “untrusted” if its source was originally external.
There has been a tendency of people using flash disks from cafes in Wandegeya, that has and continues to be a source of serious viruses. To avoid flushes. Use the power of email. E.g in Google, you don’t have to download the document, all you have to do is open it in google docs, read, make changes, and print.
"True Cybersecurity is preparing for what's next not what was last " - Neil Rerup, Cybersecurity Expert
2. We Can Prevent Access To Untrusted Services From Obsolete Devices
Technical controls can be implemented to prevent access to external and untrusted services from the obsolete device. This means such a device shouldn’t be used for web browsing. The high technical level would be to create “Thin Clients” – this means allowing the device to only remotely access a server where browsing can be done. The other thing to do is to make sure that administrative rights on such machines aren’t there to avoid downloading and installing anything from the browsers.
3. Access to Removable Media Should Be Prevented
Removable media like USBs can be used to transport malicious content. Their access should be prevented. In today’s era, Smartphones, and tablets can also be used to transfer data to obsolete devices. If they are compromised attacks can be launched against obsolete devices.
A thumb drive was delivered by an Iranian double agent working for Israel. In it, there was a payload to infect the Nuclear facility with the highly destructive Stuxnet computer worm.
Read more of the story from this link So be careful when inserting a flash disk into your computer, we are better off being safe than sorry.
4. Other Things That Can Be Done
a. Wipe devices regularly to attempt to remove any resident malware
b. Treating obsolete devices as untrusted
c. Improve protecting monitoring, logging, and auditing of obsolete devices
d. Incident response
source (National Cyber Security Center)
We are better off by "SAFE" than "SORRY"