Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m trying to consider how to properly vet devices that have exhibited unexplai

ID: 658100 • Letter: I

Question

I'm trying to consider how to properly vet devices that have exhibited unexplained activity for future deployment. Let's just consider my current scenario as an example, but I am interested in this from a broader standpoint.

We have two IP phones that were purchased at the same time that are behaving strangely and differently from our other otherwise identical Phones. They are not connected with our network at all at this point and all my research was done within a tightly controlled environment monitoring and blocking all network activity. They make unexpected connections in the background over SIP ports to North Korea, Nigeria and China. The manufacturer hasn't confirmed that this is expected activity, but the vendor has verified that the device was acquired directly from the manufacturer.

I've lost confidence in this hardware. Is there any way to regain confidence in it to the point where re-deploying them is a reasonable action?

I'm sure the safest action is just to dump them. Maybe my time isn't worth the effort, but ignoring the time/money issue, is there a way to be reasonably sure that the devices do not pose a threat?

I know that what is reasonable is subjective, but what steps might be taken in that direction? What scenarios need to be considered and how would they be mitigated?

Explanation / Answer

Since these are embedded devices, it's hard to say exactly as far as details. Perhaps you can have the manufacturer provide you with a method of securely wiping the phones and replacing what is on there with their latest firmware? They could also potentially provide a way to integrity check the firmware images, BIOS, etc. After performing all this, doing the same network traffic monitoring you have done will confirm whether they are still making suspicious outbound connections. If you went through those steps and the network traffic appeared clean over a reasonable period of time, then you can feel safe reintroducing them back into production.

Related Questions

I\'m totally new to drones ! I\'m looking for a drone with functional design req
Question #2989895
I\'m totally new to drones ! I\'m looking for a drone with functional design req
Question #2989910
I\'m totally new to drones ! I\'m looking for a drone with functional design req
Question #2989955
I\'m totally stuck on a few questions and have an answer but am unsure could use
Question #2579552
I\'m totally stumped on this problem on my homework and would be thankful for he
Question #8600
I\'m toying with the idea of storing some disk images in \"the cloud\", but am c
Question #653661
I\'m tring to mutiply two numbers in mips by using the multiplication algorithm,
Question #3924263
I\'m triying to figure out the theoretical yield of sodium oleate (C18H33NaO2)?
Question #723479

Navigate

Previous
I\'m trying to configure this C++ program, to when a user inputs another value o
Next
I\'m trying to construct a program using C++ in which a user constructs a weight