We are not talking about insider threats (kind of). There were several articles in the news about counterfeit network equipment. Why should you care? What is the security impact?
- Collaborative Current Event: Counterfeit Cisco Network Hardware Imported From China Seized
- Chinese Counterfeit Cisco Network Routers Targeted In North America
- Counterfeit Cisco Gear Showing Up In US
The threat is real. Compromised hardware of potentially hostile foreign origin sits within secure networks of the US government, military, and intelligence services. And as you now see, the FBI has been concerned about it. (Source: abovetopsecret.com)Look at the rest of the FBI slides here. So how severe is it and what can we do?
The more serious statements made in this presentation are on slide 30, where they claim about 10% of the information technology hardware that is sold globally is counterfeit and it is being sold through legitimate channels (KPMG is the cited source) for the past couple of years. In the case of Cisco, this counterfeit hardware is sold through their Cisco Gold and Silver Partners program. Other vendor vetting processes are just as flawed allowing this hardware to enter into your IT infrastructure.
Here are a few suggestions that I have been able to gleam:
- Pay attention to the failure rate of your equipment along with the batch numbers for it, and log these events. If there is a high rate of failure, this may be a symptom of a counterfeit device.
- Inspect the hardware thoroughly; any signs of defects or “sloppy construction” could be reasons to raise a flag.
- Make sure your VAR tests all equipment and provides a complete supply chain of the devices for your review.
- Join one of the many organizations that will help communicate these risks to you. You already know which ones they are, but for those who don’t, here’s a quick short list: InfraGard, ECTF, HTCIA, and ISSA. (Source: Bloginfosec.com)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment