Vulnerability Scanning For Network Appliances

Are you shipping network appliances that haven’t been scanned for vulnerabilities?

I’m responsible for getting security vulnerabilities corrected or “remediated” at work. Keep in mind this is no small job since our network is probably one of the largest in the world.

I continue to be surprised by these network equipment manufacturers that are completely clueless about vulnerability management and the vulnerability footprint of their devices.   These devices are often shipped full of security holes from the factory.

Below I will list some very simple steps that every network appliance manufacturer can do to reduce their customer’s security headaches.

  1. Always run a vulnerability scanner against your device or appliance before you “finalize” the revision for testing. Fix the security holes then start testing.
  2. Ship your “default config” without services needed that expose or open up security holes. This is also known as “secure by default.”  This means instead of having everything the customer could possibly need already up and running, give them an easy way to turn on what they need.
  3. If your default shipping config exposes something that vulnerability scanners pick up on as a vulnerability, or even an informational exposure, Document This information. This will save your security folks work and make your company actually seem professional.
  4. Realize that the security of your appliance is your responsibility as the appliance manufacturer. Be proactive.

It is only a matter of time before some major breach occurs via some “appliance” that was shipped full of security holes from the manufacturer. How will your company reputation be damaged from the fallout?