A critical unpatched vulnerability remains in three models of Cisco small business routers and firewalls that allows hackers to take control of the devices. If left unchecked, hackers can send an unauthenticated HTTP request and gain the highest amount of privilege on the device. They will then have complete control of the device, according to IT News.
The vulnerable devices are the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router.
In addition to this vulnerability, these three devices also contain another flaw that could result in denial of service attacks. For businesses, this means an attacker wishes to shut down a particular system so it becomes unusable and unavailable to you (a.k.a. downtime). Both denial of service attacks and full compromises of a device can spell disaster for businesses.
And unfortunately, Cisco doesn’t plan to release patches for the flaws until the third quarter of 2016, leaving their customers wide open to attacks, according to a security bulletin sent out by the company.
The security of routers and firewalls is vitally important. First, routers are an integral part of a network. They allow devices within a network to communicate with each other and allows each of them to have internet access. If your router, wired or wireless, is not configured properly or if it has security holes, a hacker can easily gain access to your internal network resources without your permission. Once inside, they can:
- Steal information
- Steal your bandwidth
- Infect the network with malware
- Perform denial of service attacks
A good router will allow you to configure the device to your specifications. It will also have:
- A built-in firewall
- Integrated threat defense
- WPA2 encryption
- Network address translation (NAT)
All of these security features help the router act as a barrier between the outside world and the internal network.
For small businesses, a firewall is the most basic yet most effective part of securing a network. Basically, a firewall is a type of perimeter defense that prevents unknown traffic from entering a network. Its job is to screen out viruses, malicious users, malicious emails, worms, and more from getting inside your network. A firewall also hides information on your local area network from the internet such as computer names, network device types, and network topology. A firewall can even come with threat detection so you know exactly when something tries to enter the network without authorization.
Firewalls come as software applications and as hardware devices. Hardware firewalls are generally more secure as well as more expensive. Most businesses, especially those that deal with sensitive information such as medical practices, lawyers, and financial institutions are required by law to have a secure hardware firewall.
If your firewall has a known vulnerability as the Cisco one does, hackers can easily take advantage of it to enter your network. It might be expensive to buy a brand new firewall but it might be worth it depending on your industry and the information stored on your network.
As you can see from the issues Cisco is having, not all routers and firewalls are created equal so you need to do your research before making a buying decision. When purchasing and setting up either of these devices, you need to hire a professional IT company. We can help you determine which devices are best for your needs and we can configure them with security as a top priority.