If we’re going to discuss endpoint security protection, we first need to define what endpoints are. Think of endpoints as the spokes in any hub-and-spoke system. For instance, a regional airline whose hub is Memphis may have direct flights to New Orleans, Charlotte, and Jacksonville. Those three cities are endpoints.
In a data network, the endpoints are those physical devices that are the last stop in the data chain. Laptops, desktops, printers, tablets, audio-visual equipment are all endpoints if they are connected to the network. While endpoints represent the final stop on the network, they are often the target of hackers and other bad actors – such as disgruntled employees and vendors – because endpoints are very easy to exploit.
A Real-Life Endpoint Attack
In February 2019, Vishwanath Akuthota, an MBA alumnus at The College of St. Rose in Albany, New York, returned to campus for the sole purpose of destroying the college’s computers. His weapon of choice? A “USB Killer” flash drive device that looks like a USB thumb drive, but which sends high-voltage power surges into the device it is connected to, thereby damaging its hardware components.
Akuthota inserted the device into 59 Windows workstations, seven iMacs, as well as numerous monitors and digital podiums, according to his guilty plea, and destroyed them all. Akuthota was sentenced to 12 months in prison, followed by one year of supervised release, and ordered to pay the college $58,471 in restitution.
But that endpoint attack was mild compared to what could have happened.
The Stuxnet Virus
According to U.S. intelligence sources, an Iranian double agent working for Israel used a standard thumb drive – inserted into a computer endpoint – to infect Iran’s Natanz nuclear facility with the highly destructive Stuxnet computer worm.
All it took for the virus to be triggered was a user at that computer endpoint clicking on the Windows icon. Once that happened, Stuxnet quickly propagated throughout Natanz – knocking that facility offline and at least temporarily crippling Iran’s nuclear program.
Endpoint Vulnerabilities are Greater Than Just Open USB Ports
The two above examples illustrate the importance of endpoint security, as well as how open USB ports on endpoint devices can prove to be deadly to a network. However, the vulnerabilities don’t stop there. According to Rapid1, 70% of all data breaches begin on an endpoint, and “the number one attack vector for breaches remains credentials,” usually obtained through the following means:
- Social engineering the help desk
- Trying default passwords
- Guessing passwords
- Installing keylogging malware
- Phishing users
- Accessing orphaned accounts
Endpoint Security Measures
Do a Google search for “endpoint security measures,” and you’ll receive a list of 4.5 million websites that offer advice on the topic. The advice is largely the same – although we must admit that we didn’t have time to visit all 4.5 million sites – which is to install antivirus, email filtering, web filtering, and firewall services; educate employees on not clicking links in emails or opening attachments; and creating policies and procedures for the use of external media, such as external hard drives and mobile phones.
What is curiously absent in many of these recommendations is the need to not only lock open computer ports, but also secure the ports that are in use, so that a bad actor can’t unplug one device and plug in another.
The cost of this endpoint hardening tactic is minimal – especially when comparing it to the average cost of a data breach, which is now a staggering $11.45 million, according to a recent report from Ponemon Institute’s Cost of a Data Breach Study.
USB port locks, network module locks, LAN cable locks, and secure USB hubs for your attached USB devices are inexpensive devices that can prevent employees and bad actors from connecting their USB flash drives, external hard drives, and anything else you can imagine to your computers and/or your network.
Physically securing your perimeter is a surefire way to protect your endpoints not only from malicious insider attacks, but also from innocent and non-wary employees who use their office computer to charge their infected mobile phone, triggering an event that takes down the entire network.
