Abstract:Outdated network devices have known and unknown vulnerabilities that expose the network to severe risk. Unsupported, also called end-of-life, devices and software versions will not receive patches from vendors even for known vulnerabilities. Improperly secured communication protocols and services and insecure credentials increase the risk of unauthorized access and modification to the network infrastructure. When network infrastructure devices are deployed, these devices remain online for several years and are rarely rebooted, patched, or upgraded. Network infrastructure devices include routers, switches, access points, gateways, proxies, firewalls, and others. Common improperly secured protocols are Simple Network Management Protocol (SNMP), Secure Shell (SSH), Telnet, and others. Networks must not use vulnerable devices and software versions or unsecured protocols unless absolutely necessary, and, if necessary, ONLY along with supplemental mitigations to detect and prevent compromise and lateral movement.