Security Flaw – a recommendation for some relief
This month’s PC Magazine has a great overview/tutorial regarding the Internet of Things – cameras, Alexa, thermostats, refrigerators, washers, etc. It is fairly short and after reading it there should be a general sense of alarm. Once a device (camera, refrigerator, etc.) is within your network it can start to launch attacks. Within the privacy of your LAN network protections are lax. Network probes coupled with known sniffing solutions can readily determine the type of device, its address and possible strategic value. Attacks can come in the millions since LAN communication is essentially instantaneous.
The Netgear NAS devices have one password that needs to be ‘guessed’ prior to access.
What is needed is a method to set a logon attempt threshold coupled with a timeout value prior to another round of password logon attempts. This has been the standard in server systems and most workstations for over a decade – it needs to be implemented in this critical device.
Retry count = 5, Timeout = 15 minutes.
Both of these values should be a configuration parameter. After 5 failed attempts there would be a mandatory 15 minute quiet time prior to acknowledging another logon attempt. Logon failures should throw an effort message and if desired an email message as well.
The amount of effort required should be low but the improvement in security would be immense.
Eventually the ReadyNAS will be targeted in a 'proff of concept' exploit. Hopefully this change will be accepted and implemented prior to that event.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.