Blog

Get news about our products, which events we are attending plus industry insights and commentary

Security Hardening for Cyber Appliances

Written by Sarah Chandley on Monday, 12 November 2018. Posted in Cyber

When protecting carrier scale infrastructure there are a number of good practices and steps to follow to ensure the continued safety and operability of your network. This includes ensuring your cyber security supply chain, which you are reliant on to protect your organisations infrastructure, thoroughly hardens their hardware and software against vulnerabilities.

Cyber hardening helps reduce a system’s vulnerabilities which an attacker will exploit for illegal purposes. Cyber Security vendors like Telesoft use VAPT: vulnerability assessment and penetration testing. Vulnerability assessment is a process in which hardware and software such as operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities.

A pen test is an authorised simulated attack on a computer system, performed to evaluate the security of the system…before a hacker does. The test is performed to identify potential security holes, which may include weak spots that unauthorised parties will exploit to gain access to a products features and data, as well as its strengths, enabling a full risk assessment to be completed. This should be documented and provided upon request to technical leads and purchasers for compliance, corporate security standards and policies.

The process should identify the target systems and a particular goal, then review available information and undertake various activities to attain that goal. A penetration test target may be a white box (where the tester will be given background and system information) or black box (where the tester will only be provided with basic or no information except the company name). A gray box penetration test is a combination of the two (where limited knowledge of the target is shared with the auditor).

Types of penetration testing 

There are a number Open Source penetration testing tools that are designed to be used by people with a wide range of security experience and as such are ideal for developers and functional testers who are new to penetration testing. Tools such as Nmap, Burp Suite, OWASP Zap, SQLmap and Metaspoilt are just a selection of the tools available, while some are completely open source, others require licence payments to unlock extra functionality.

Device hardening is an essential foundational component of any trustworthy system at any scale but is especially imperative at carrier scale. When you are responsible for the integrity of complex, carrier-grade network with more than 100Gbps of throughput, minimising the risk to your organisation is imperative. This important step in a products development can negate many preventable issues such as insecure system configuration that could let a remote attacker bypass the management console authentication with "crafted HTTP packets". From an IT decision makers perspective ensuring that products have been properly hardened at the proof of concept stage takes up much less resource then cleaning up after an avoidable attack.

Talk to Telesoft about our cyber security products...This email address is being protected from spambots. You need JavaScript enabled to view it.

About the Author

Sarah Chandley

Sarah Chandley

Sarah is an experienced B2B technology marketing professional, creating content for the Cyber Security, Telco and Government Infrastructure sectors. 

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.