Enterprise Solutions

Align Security With the Changing Profile of Network Peripherals

Network attached peripherals are typically characterized as standalone devices that rely on network access to provide their intended services to users but are not part of the networking infrastructure itself. Historically, peripheral devices have had limited “smart” networking capabilities, and consequently haven’t been considered in terms of security risks. Even as the technology of these devices has advanced, security has not always been a priority for manufacturers.  Device installation introduces another risk. Personnel connecting peripherals may not be aware of the potential security issues. The result is that these machines are often installed or configured by end-users without the proper security controls.

Peripherals Have Become Central to Security

The first step to understanding potential vulnerabilities is a comprehensive assessment of the peripherals on your network that might pose security risks. ICSA Labs' Network Attached Peripheral Security (NAPS) enterprise assessment can verify that network attached peripherals are installed securely and are protected from exploitation. The assessment will evaluate the internal configuration of each device to verify it is configured securely and provide recommendations if needed. It will also examine the device firmware, software, and operating system for vulnerabilities.

The NAPS assessment will ensure that your networked devices meet industry accepted standards and that your organization has taken due care to address your potential security vulnerabilities.

The NAPS assessment includes:

•A private report with results of testing and recommended configuration instructions, including a review of the documentation to confirm it enables an administrator to securely administer the devices
•Confirmation that each peripheral device assessed uses a secure administrative interface
•Validation that configuration information is persistent across system crashes and restarts
•Security testing to verify that the devices assessed are protected from exploitation and do not introduce any known vulnerabilities to the network
•Functional testing to verify the devices assessed can be operated securely and as a reasonable  user would expect
•Logging to enable an administrator to properly audit security-related events