Welcome to the April blog. This month, we take a look at the security of ‘the edge’. Attacks that seek to compromise ‘the edge’ can involve targeting devices such as VPNs, firewalls, Citrix environments, servers & routers, ‘jump’ boxes, load balancers, Network Address Translators (NATs), proxies, end-points, internet-facing operational technology (OT) and out-of-band server management interfaces; especially where their management interfaces are connected directly to publicly accessible internet connectivity. This relates to our October 2024 blog and the 2025 Mobile Telecommunications Security Landscape report that discussed the need to fully understand a network’s attack surface.
The long list of physical and virtual items that can comprise the edge points to the complexity and necessity of this set of enabling connectivity. This importance has been recognised in a series of recent advisories:
From the Canadian Centre for Cyber Security, Security Considerations for Edge Devices, provides real-world edge device compromises, an overview of threats to devices, mitigations for administrators to use to reduce risk of compromise, and recommendations for manufacturers to make their products secure by design. Threats identified are:
- Misconfigurations and mismanagement of edge devices
- Vulnerability exploitation
- Denial of service and distributed denial of service attacks
- Web-based applications
- Default configuration settings
From the United Kingdom’s National Cyber Security Centre, Digital Forensics Monitoring Specifications for Products of Network Devices and Applications, that highlights necessary security logs, remote logging security and data collection features to enable network defenders to easily detect and investigate malicious activity following a cyber intrusion. From Australian Cyber Security Centre, Mitigation Strategies for Edge Devices: Executive Guidance and Mitigation Strategies for Edge Devices: Practitioner Guidance that provide a summary of mitigation strategies and best practices on securing, hardening, and managing edge devices effectively, and mitigation strategies for operational, procurement and cybersecurity staff to implement to reduce risk to edge devices. These include:
- Know the edge (a recurring theme)
- Procure secure-by-design devices
- Apply hardening guidance, updates and patches
- Implement strong authentication
- Disable unneeded features and ports (to reduce the attack surface)
- Secure management interfaces to prevent them being directly accessible from the internet
- Centralise monitoring for threat detection (see also the NCSC advisory above).
Additionally, GSMA provides a range of advice relating the edge (& much more) through its Baseline Controls document. For GSMA members, the Security Manual, FS.30, can be leveraged to learn about security threats against mobile networks that have been seen in the wild and that could impact mobile telecommunications networks and their customers. Corresponding countermeasures are also described to help GSMA members mitigate the risks. GSMA’s recently revised GSMA IoT Security Guidelines promote best practice for the secure design, development and deployment of IoT services, and providing a mechanism to evaluate security measures. A comprehensive view of GSMA security documentation can be found in the recently revised Mobile Cybersecurity Knowledge Base (MCKB).
Attacks on the edge, highlight the ongoing need to build strong security defences, including supporting infrastructure and those provided by third parties and managed service providers, and across the whole attack surface and service inventory.
If you’d like to discuss these topics or to get more closely involved, please email [email protected].