Skip to main content

Top 10 Network Security Mistakes - #2: Dude, Where's My Ware?

September 30, 2014

I can admit that I’m a flawed human in many ways. I work too much. I get distracted easily. I snore. The list goes on and on. One of my most vexing traits is a tendency to overlook the basics in favor of complicated details. It is deceptively easy to overlook dated *wares.

This is a massive problem because wares underpin all your other efforts. A flawless firewall or IPS design is useless if there is a known vulnerability in the SSH daemon on the device.

Add to that an ever-expanding matrix of wares to keep track of, and you’ve got a mess to manage: Hardwares, Firmwares and Softwares, oh my! Some solutions may even have more than one type of ware. So, how do we ensure that we don’t overlook something so potentially critical?


Generally speaking, one can’t really patch hardware. But, when you buy a physical appliance, there will come a day when it is no longer supported. That means new firmware and/or software updates will eventually cease to work correctly, which means that eventually, that device will be on dated wares.

Many organizations adopt the “if it ain’t broke, don’t fix it” mantra. That’s understandable from the pursuit of many nines standpoint, but organizations often miss that they are mortgaging their long-term stability. What happens when you can’t fix a known bug because the proper version won’t run? What if the vendor can’t RMA your old box because they don’t have them anymore? It’s going to be a long, sweaty explanation to some very unhappy people.

Push your luck at the blackjack table, not in the datacenter.


Back in my day, a lot of infrastructure devices were purpose-built (and we liked it!). Those devices had firmware that was essentially a highbred OS and a collection of low-level device drivers.

More and more, appliances are merely commodity servers running a standard OS in a pretty box. This means fewer firmware issues (exceptions include: raid cards, NICs and other specialized components), but it’s a good idea to keep tabs on what every device has under the hood. If you’re not sure, ask your vendor.

If you want to have some fun, force your sales guy to answer that question without involving his sales engineer before you sign any purchase orders.

Devices with firmware must be tracked and kept current. Outdated firmware can leave system devices and services exposed. This is a very sneaky and easily overlooked component to the overall architecture.


You can’t really avoid software.

Okay sure, you could abandon society and live off the grid while you dance your soul free at drug-ridden music festivals, but if that were the case, this blog would be the last thing on your mind (right below contributing to society and paying back your parents).

For the rest of us, hopefully not much needs to be said about keeping software up to date. This is especially true for systems where there is a web management interface. Which is pretty much everything these days (a trend with which I disagree strongly, but I’ll curb my digression here), so beware. Updates, patches and upgrades are extremely important to avoid vulnerabilities in components that may be used to construct exposed services.

Sadly, there is a balancing act in many situations. “Latest and greatest” are two words that are said together much more frequently than they should be. Latest releases may have new features and new problems. Greatest, in many cases, is a revision that is several versions back from Latest. I know many organizations that stay just ahead of the end-of-support versions. Those are typically the most stable versions.


It always falls back to the humans, doesn’t it? Until The Singularity arrives, we have to ensure we’re not the weakest ware.

Keep up on current news.

I know - you’re already information overloaded. I can’t keep up, and frankly, I don’t know how anyone does. But, don’t roll over and give up. Check Reddit, follow smart insomniacs on social media, set up special google news sections, use IFTTT to build rules that make what you care about flash your IoT lights, something, anything to keep up! Just try, okay?

Sign up on vendor mailing lists.

This is an easy win. Ask your solution vendors how to keep current. Most have mailing lists, twitter feeds or smoke signals you can keep an eye on.

Engage pro services or service providers.

If you’re already oversubscribed, reach out to your vendors or VARs and engage some resources on a regular basis to help assess your environment and maybe even do the upgrades. Sure, this isn’t free, but they will spend much less time than you will to get results, so it generally works out in the end. Plus, now when the upgrade goes sideways, you can blame someone else. Goats are nice.

Proactively set up maintenance windows and manage expectations for the organization.

Don’t let your organization put you in a box on maintenance windows. The best response to “We can’t afford downtime” is “Would you rather plan for an interruption or be surprised by one?” Because, those are pretty much the options. Plan, execute, repeat.

The Score

For those of you keeping track, this concludes installment 9 of 10 in this series. While you anxiously await #1 like an obsessive Apple fanboy, consider getting your wily wares wrangled.

Additional Posts

Related Blogs

January 25, 2017

Escape and Evasion Egressing Restricted Networks

A command kill chain consists of payload delivery, code execution on a target system, and establishing a command and control (C2) channel outside of a...

See Details

February 06, 2018

What Is SSL Web Inspection and Where Should It Occur? (Part 3)

In parts one and two of this blog series, I provided an overview of SSL web inspection, and dove deeper into how SSL inspection solutions work and met...

See Details

January 29, 2018

What Is SSL Web Inspection and Where Should It Occur? (Part 2)

Hardware will vary between vendors and even different models within a vendor’s catalog. Some models/vendors will offload complex CPU tasks (decryption...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

February 26, 2013

Continuous Monitoring and the Federal Government

“Continuous monitoring” is the latest buzz word being used throughout the federal government. And depending on with whom you talk or what you read, th...

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.