iscover
Anthony DanielShare this article on:
Management portals are a vital tool for any organisation’s IT department, yet many teams are dropping the ball when it comes to keeping them secure. Anthony Daniel from WatchGuard Technologies explores.
Management portals provide access to the inner workings of an IT infrastructure. They allow monitoring and management, and for adjustments to be made to ensure all resources are fully functional.
Concerning, however, these portals are often left open to the public internet. Usually done to allow remote access by IT teams, this also makes them tempting targets for cyber criminals.
It needs to be remembered that malicious actors are able to see whether management ports are open. This information is readily accessible for all types of devices on the internet, and cyber criminals conduct constant scans in an attempt to locate them.
Evidence of the problem is not difficult to find, and publicly exposed management portals have, at least in part, been responsible for several breaches and threats.
One example is the recent Kaseya VSA mass ransomware attack. While the root cause was unpatched vulnerabilities in the Kaseya VSA software, these vulnerabilities were only exposed via a management interface. If Kaseya customers had limited access to that management interface, attackers could not have exploited these flaws.
Popular QNAP network access storage (NAS) devices suffered the same fate, thanks to the exposure of a management portal online. Even the recent Cyclops Blink Botnet, which affected a variety of network devices, could have been easily avoided by not exposing management interfaces to the internet.
Protecting management portals
The challenge of securing management portals is made bigger because of the fact that their numbers are so large. Routers, switches and firewalls have an embedded web management portal, as do everything from smart TVs, phone systems, and printers to CCTV cameras, NAS devices, and uninterrupted power supplies (UPS).
The first step in securing them, therefore, is knowing which of the items within an IT infrastructure have management portals and the way in which they are exposed. Access should then be limited by not exposing the associated ports or URLs to the outside world.
The second step is to check for usage of weak default settings. Many devices ship with default login and password settings that are widely known. If these are not changed, it’s the equivalent of locking a door but leaving the key in it.
The challenge of remote management
With workforces – including IT teams – continuing to work remotely, there remains a requirement for remote management of centralised IT resources. This makes remote access to management portals a necessity.
Thankfully, it is possible to remotely manage IT equipment securely, without exposing management interfaces directly to the internet. By using virtual private networking (VPN) or zero trust network access solutions (ZTNA), it’s possible to set up secured, private network access to management interfaces as required.
If multi-factor authentication is also added to the mix, an organisation will have a very effective way to allow only trusted users to gain access to management portals inside its network.
The time is now
IT and security teams are under constant pressure, and it can be tempting to save time by skipping the work required to properly manage ports. Locating every management portal and setting up secured VPN/ZTNA remote access requires some effort. It’s much easier just to open a port and allow anyone to access it.
However, taking this approach exposes an organisation to significant risk. It is much better to take the time to assess the status of management portals and ensure they are secured against unauthorised access.
Taking these steps now can help an organisation avoid the potentially crippling effects of a cyber criminal gaining access to key IT resources. The benefits of remote management capabilities can be retained while security risks are removed.
Anthony Daniel is the regional director – Australia, New Zealand and Pacific Islands at WatchGuard Technologies.
Be the first to hear the latest developments in the cyber industry.
