Mastering Cybersecurity Day 02: Network Device Security (Routers)

Welcome to Vigilantes Cyber Aquilae! Today, we delve into the essential devices that form the backbone of any network infrastructure: routers, switches, and firewalls. These devices act as gatekeepers, ensuring seamless traffic flow while defending against potential cyber threats. Each device plays a crucial role in network security, but they also represent tempting targets for attackers. As we embark on this journey, we’ll focus on the frontline role of routers—the critical gatekeepers between your internal network and the outside world.

We’ll cover strategies to secure these critical devices, highlight potential vulnerabilities, and explore best practices for mitigation. Today, we delve into the essential devices that form the backbone of any network infrastructure: routers, switches, and firewalls. These devices act as gatekeepers, ensuring seamless traffic flow while defending against potential cyber threats. Each device plays a crucial role in network security, but they also represent tempting targets for attackers. As we embark on this journey, we’ll focus on the frontline role of routers—the critical gatekeepers between your internal network and the outside world.

What is a Router?

A router is a networking device that forwards data packets between computer networks. Routers direct traffic between networks by determining the best path for data to travel from its source to its destination. They operate at the Network Layer (Layer 3) of the OSI model, using IP addresses to make routing decisions.

Key Functions of a Router:

1. Packet Forwarding: Routers examine the destination IP address in data packets and determine the most efficient route to send the packet along its way.
2. Network Segmentation: Routers separate different networks, allowing devices within different network segments to communicate securely and efficiently.
3. Traffic Management: Routers prioritize traffic, prevent congestion, and ensure that data flows smoothly across the network.
4. Security Enforcement: Routers act as the first line of defense against external threats by controlling what data is allowed into or out of the network.

Types of Routers

Here are the main types of routers, categorized by their specific functions and use cases:

1. Home Routers

• Purpose: Designed for residential use and small offices.
• Functionality: Provides basic internet connectivity for multiple devices, usually featuring a built-in firewall, DHCP server, and wireless access point.
• Usage: Ideal for home networks with moderate internet needs.

2. Wireless Routers

• Purpose: Enables wireless connectivity (Wi-Fi) for multiple devices.
• Functionality: Equipped with wireless access points to allow devices to connect to the network without physical cables.
• Usage: Common in homes, small offices, and businesses with Wi-Fi needs.

3. Wired Routers

• Purpose: Provides internet and network connectivity through physical cables.
• Functionality: Equipped with Ethernet ports for wired connections, ensuring stable and high-speed internet.
• Usage: Used in offices, data centers, and enterprises requiring consistent, high-speed connections.

4. Core Routers

• Purpose: Manages traffic within the core of large-scale networks like ISPs or major data centers.
• Functionality: Designed for high throughput, low latency, and reliability, handling vast amounts of traffic across multiple network links.
• Usage: Backbone networks in large organizations or service provider infrastructures.

5. Edge Routers

• Purpose: Acts as a gateway between an internal network and external networks, like the internet.
• Functionality: Routes data between internal and external networks while handling inbound and outbound traffic and implementing security measures.
• Usage: Used at the boundary of a network, connecting to the internet or another organization's network.

6. Distribution Routers

• Purpose: Connects multiple local networks or segments in large enterprise environments.
• Functionality: Routes traffic between different LANs or sub-networks, managing the data flow and optimizing network performance.
• Usage: Common in enterprise networks where traffic aggregation and segmentation are required.

7. Access Routers

• Purpose: Provides network connectivity for end-user devices in local area networks (LAN).
• Functionality: Connects devices like computers and printers to the wider network, serving as a gateway between end-user devices and higher-level routers.
• Usage: Found in environments like offices, campuses, and smaller LAN setups.

8. Virtual Routers

• Purpose: Software-based routers running on virtual machines or cloud platforms.
• Functionality: Offers the same features as physical routers, but with greater flexibility, scalability, and cost-effectiveness.
• Usage: Common in cloud computing, virtualized data centers, and environments requiring agile, scalable networking solutions.

9. Modular Routers

• Purpose: Allows for network customization and expansion.
• Functionality: Features interchangeable interface cards for adding new features or increasing capacity.
• Usage: Common in large enterprise and data center environments that require flexible, scalable solutions.

10. SOHO (Small Office/Home Office) Routers

• Purpose: Tailored for small business environments and home offices.
• Functionality: Provides a balance of affordability, features, and performance suitable for smaller networks.
• Usage: Ideal for small offices that need basic internet connectivity and security features.

11. Branch Routers

• Purpose: Used in branch offices to connect to the main office network over WAN.
• Functionality: Manages traffic between remote office locations and the central network, typically through VPNs or other secure connections.
• Usage: Found in organizations with multiple branches or remote locations that need secure connectivity.

12. Industrial Routers

• Purpose: Used in rugged environments, such as factories, transportation, and utilities.
• Functionality: Designed to withstand harsh conditions like extreme temperatures, dust, and vibrations.
• Usage: Deployed in industries where reliable network performance is critical in challenging environments.

Each type of router is designed for specific environments, from home networks to enterprise-level operations, offering tailored solutions to meet various networking demands.

Router Security: Why It's Crucial

Introduction

In our increasingly connected world, routers serve as the gatekeepers of our digital lives. They're the unsung heroes that direct traffic between our devices and the vast expanse of the internet. However, with this critical role comes significant responsibility and risk. This article delves into why router security is not just important, but crucial in today's cybersecurity landscape.

The Digital Frontier's First Line of Defense

1. Gateway to Your Network

Routers act as the primary entry and exit points for network traffic. They're the first devices to encounter incoming data and the last to handle outgoing information. This strategic position makes them:

• The first line of defense against external threats
• A critical control point for enforcing security policies
• A prime target for attackers seeking to compromise a network

2. Visibility and Control

Secure routers provide:

• Insight into network traffic patterns
• Ability to detect and block suspicious activities
• Control over what enters and leaves your network

Example: A properly configured router can detect and prevent a DDoS attack before it overwhelms your internal network.

The High Stakes of Router Compromise

1. Data Interception

An unsecured router can lead to:

• Man-in-the-Middle (MitM) attacks
• Eavesdropping on sensitive communications
• Theft of personal and financial information

Real-world impact: In 2018, the VPNFilter malware infected over 500,000 routers worldwide, capable of intercepting all network traffic passing through them.

2. Network Infiltration

A compromised router can serve as a beachhead for further attacks:

• Allowing attackers to bypass firewalls and other security measures
• Providing a launching point for lateral movement within the network
• Enabling the deployment of malware to connected devices

The Mirai botnet, which caused widespread internet outages in 2016, primarily spread by exploiting unsecured IoT devices and routers.

3. Resource Hijacking

Unsecured routers can be co-opted for malicious purposes:

• Participation in botnets for DDoS attacks
• Cryptocurrency mining
• Hosting illegal content

The Cyclops Blink malware, discovered in 2022, hijacked ASUS routers to create a botnet for cyber espionage.

The Ripple Effect: Beyond Individual Networks

1. Internet Infrastructure Impact

Router security affects more than just individual networks:

• ISP routers play a crucial role in global internet stability
• Compromised core routers can lead to widespread outages or traffic misdirection

In 2008, a misconfigured router in Pakistan inadvertently caused a global YouTube outage by incorrectly advertising routes.

2. National Security Implications

Router security has become a matter of national security:

• State-sponsored actors target routers for cyber espionage
• Critical infrastructure relies on secure routing for operations

In 2018, the US and UK governments issued a joint warning about Russian state-sponsored cyber actors targeting network infrastructure devices, including routers.

The Evolving Threat Landscape

1. IoT Explosion

The proliferation of IoT devices has:

• Increased the number of potential entry points for attackers
• Made router security more complex and critical than ever

Statistic: By 2025, it's estimated there will be over 75 billion IoT devices worldwide, each relying on routers for connectivity.

2. Sophisticated Attack Vectors

Modern threats to router security include:

• Zero-day exploits targeting router firmware
• DNS hijacking attacks
• AI-powered adaptive malware

Example: The Slingshot APT, discovered in 2018, used sophisticated techniques to compromise routers and persist undetected for years.

The Business Case for Router Security

1. Financial Implications

Neglecting router security can lead to:

• Direct financial losses from data breaches
• Costs associated with incident response and recovery
• Potential legal liabilities and regulatory fines

Case study: The Equifax data breach in 2017, which exposed data of 147 million people, was partially attributed to a failure to patch a known vulnerability in network devices.

2. Reputation and Trust

Router security breaches can severely impact:

• Customer trust and loyalty
• Brand reputation
• Business partnerships and collaborations

The 2013 Target data breach, which was initiated through a compromised HVAC system router, led to a significant drop in the company's stock price and the resignation of its CEO.

Common Router Vulnerabilities: Understanding Risks and How to Mitigate Them

Routers serve as the gateway to our networks, managing data flow and communication between devices. However, if not properly secured, they can become a primary target for cybercriminals. Understanding these vulnerabilities and how to address them is critical for maintaining a secure network. Here's a breakdown of common router vulnerabilities, real-world examples, and practical solutions to mitigate these risks.

Default Credentials Routers often come with default usernames and passwords like "admin/admin" or "root/password," which attackers can easily exploit. The infamous Mirai botnet attack in 2016 targeted IoT devices with default credentials, compromising hundreds of thousands of systems.

Mitigation:

• Immediately change default login details to a strong, unique password.
• Where available, enable two-factor authentication (2FA) to add an extra layer of protection.

Outdated Firmware Router manufacturers release firmware updates to patch security vulnerabilities and enhance functionality. Failing to update can expose routers to known exploits, as seen in the VPNFilter malware in 2018, which infected over 500,000 devices by targeting outdated firmware.

Mitigation:

• Enable automatic updates if the router supports this feature.
• Regularly check the manufacturer’s site for new firmware and apply updates promptly.

Insecure Admin Interfaces and Remote Access Many routers allow remote management, which is convenient but risky if not secured. Attackers can exploit unsecured interfaces using outdated protocols like Telnet or by bypassing weak security configurations, as seen in multiple router breaches, including those involving Netgear in 2014.

Mitigation:

• Disable remote administration unless absolutely necessary.
• Use HTTPS for web interface access and secure protocols like SSH for remote management.
• Implement IP access restrictions for added security.

Weak Encryption Protocols Outdated encryption protocols like WEP or early versions of WPA are susceptible to attacks, allowing intruders to intercept data. The KRACK vulnerability in 2017 exploited weaknesses in WPA2, demonstrating the risks of using outdated encryption methods.

Mitigation:

• Always use WPA3 encryption, the latest standard for securing Wi-Fi networks.
• If WPA3 is unavailable, use WPA2 with AES encryption and regularly update your passwords.

DNS Manipulation Attackers can hijack a router’s DNS settings, redirecting users to malicious websites for data theft or phishing attacks, as seen with DNSChanger malware in 2011.

Mitigation:

• Use secure DNS services, such as DNS over HTTPS (DoH).
• Regularly monitor and verify DNS settings on the router.

Unpatched Vulnerabilities Routers with unpatched software are prime targets for exploitation. The Cisco CDPwn vulnerabilities in 2019 showed how failing to apply patches could allow attackers to execute remote code and take control of the router.

Mitigation:

• Keep your router firmware up to date.
• Subscribe to manufacturer alerts and apply security patches immediately after they are released.

Unnecessary Services (UPnP, Ports) Services like Universal Plug and Play (UPnP) and open ports may be enabled by default, increasing a router's attack surface. In 2020, vulnerabilities in UPnP exposed routers to external threats, bypassing firewalls to compromise internal devices.

Mitigation:

• Disable unnecessary services like UPnP or port forwarding unless required for specific functions.
• Use a firewall to control and limit access to services.

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Poor input validation in router web interfaces can lead to XSS or CSRF attacks, enabling attackers to execute unauthorized commands. Several router brands, including D-Link, have faced such vulnerabilities.

Mitigation:

• Regularly update router firmware to fix these security flaws.
• Limit access to the router’s admin interface and avoid staying logged in for prolonged periods.

Insufficient Wi-Fi Security Weak Wi-Fi security, such as open networks or poorly configured settings, makes it easier for attackers to access the network. Once connected, they can launch attacks on other devices.

Mitigation:

• Use strong Wi-Fi passwords and WPA3 encryption.
• Disable WPS (Wi-Fi Protected Setup) and set up guest networks to isolate less secure devices.

Backdoors and Malicious Firmware In some cases, routers—especially cheaper models—may come with hardcoded backdoors or be vulnerable to malicious firmware installations. Attackers can use these flaws to gain persistent control over a router and the entire network.

Mitigation:

• Only purchase routers from reputable manufacturers.
• Regularly check for and apply firmware updates that patch backdoor vulnerabilities.

Lack of Firewall Configuration Many routers have built-in firewalls, but these are often left disabled or improperly configured, exposing the network to external threats.

Mitigation:

• Enable and configure the router’s firewall to block unwanted traffic and limit network access.

Router vulnerabilities can lead to severe consequences, including data theft, botnet participation, and full network compromise. Securing your router involves a combination of firmware updates, disabling unnecessary services, using strong encryption, and regular audits of security settings. By addressing these vulnerabilities, you ensure that your network is protected from a wide array of cyber threats.

Staying proactive is key to mitigating risks—securing routers not only protects your network but also safeguards your sensitive data from malicious attackers.

Router Security Best Practices

Securing your router is essential for protecting your network. Below are detailed best practices to ensure your router is configured securely:

Key Functions of Routers:

1. Packet Forwarding: Routers examine the destination IP address of incoming packets and determine the best path to forward them.
2. Network Segmentation: They separate broadcast domains, improving network performance and security.
3. Protocol Translation: Routers can translate between different network protocols if necessary.
4. Traffic Management: They can prioritize certain types of traffic (Quality of Service - QoS).

Detailed Explanation of Router Security Features

Routers play a critical role in network security, often serving as the first line of defense against external threats. Here's how routers contribute to network security and best practices for securing them:

Change Default Credentials

Most routers come with default administrative credentials (e.g., "admin" for both username and password). These defaults are publicly known and often listed in online forums, making it easy for attackers to gain unauthorized access.

How to Change Default Credentials:

• Log in to your router's web interface (usually accessible via a browser by typing the router’s IP address, such as 192.168.1.1).
• Navigate to the Admin or Security settings.
• Change the username (if possible) and create a strong password that combines uppercase, lowercase, numbers, and special characters.

Enable Strong Encryption for Wireless Networks

Wireless routers should always use strong encryption methods to secure communication between devices and the router.

How to Secure Wireless Networks:

• Use WPA3 encryption if available. If not, use WPA2-PSK (Wi-Fi Protected Access 2 - Pre-Shared Key).
• Avoid using WEP (Wired Equivalent Privacy) as it is outdated and easily cracked.
• Set a strong, unique passphrase for your wireless network.

Disable Remote Management

Allowing remote management of your router over the internet can expose it to potential threats. Unless absolutely necessary, disable remote access.

How to Disable Remote Management:

• Log into your router’s interface.
• Navigate to the Remote Management settings.
• Disable remote access entirely or limit it to a trusted IP range.

Two-Factor Authentication (2FA)

For enhanced security, routers can be configured to require two-factor authentication (2FA) for administrative access. This ensures that even if a password is compromised, an additional authentication step is required.

How to Enable 2FA:

• Integrate your router with an external 2FA provider or authentication server (such as RADIUS or TACACS+).
• Configure the router to require the second authentication factor upon login.

Access Control Lists (ACLs)

Access Control Lists (ACLs) are one of the most powerful and versatile security features in routers. They act as packet filters, controlling network traffic by either permitting or denying packets based on specified criteria.

Types of ACLs:

1. Standard ACLs: Filter based on source IP address only.
2. Extended ACLs: Filter based on source and destination IP addresses, protocols, and port numbers.
3. Named ACLs: Can be either standard or extended, but use names instead of numbers for identification.

Key Functions:

• ACLs filter traffic based on predefined rules, allowing or denying packets based on source/destination IP addresses, ports, or protocols
• QoS (Quality of Service) marking
• NAT (Network Address Translation) triggering
• VPN (Virtual Private Network) traffic selection

 Implementation Example (Cisco IOS):

How to Configure ACLs:

• Step 1: Access your router's configuration interface (usually via a web browser or command-line interface).
• Step 2: Identify the interface where ACLs will be applied. For example, apply ACLs on the WAN interface to control traffic entering or leaving the network.
• Step 3: Define an ACL rule based on your security requirements. For example, to block a specific IP address:

• Step 4: Apply the ACL to the relevant interface:

 Best Practices:

• Use ACLs to limit inbound and outbound traffic based on IP address ranges and protocols.
• Apply the principle of least privilege—only allow the minimum traffic necessary for operations.
• Regularly review and update ACLs to adapt to changing network needs.
• Place more specific rules before general ones
• Use named ACLs for better readability.
• Regularly audit and optimize ACLs.
• Use the implicit "deny all" at the end of each ACL

Secure Protocols: SSH vs. Telnet

Securing remote management access is vital to preventing unauthorized users from intercepting network configurations. SSH (Secure Shell) encrypts all communications, making it the preferred method over Telnet, which transmits data, including passwords, in plaintext.

How to Configure SSH:

• Step 1: Enable SSH on your router.

Best Practices:

• Disable Telnet entirely to avoid potential eavesdropping:

• Use strong encryption keys (2048 bits or higher) when generating RSA keys for SSH.
• Regularly change administrative passwords and ensure they are strong.

Disabling Unused Services

Routers come with several services enabled by default, some of which may not be necessary for your network operations. Disabling unused services reduces the attack surface and limits entry points for attackers.

Best Practices:

• Conduct regular assessments to determine which services are needed.
• For any enabled service, ensure it is running with the latest security updates.

Strong Password Management

Weak or default passwords are a common entry point for attackers. Ensure all accounts on your router, including administrative accounts, have strong passwords.

Best Practices:

• Use complex passwords with a mix of letters, numbers, and special characters.
• Regularly rotate passwords for all accounts.
• Implement two-factor authentication (2FA) if supported by the router.

Enable Logging and Monitoring

Enable logging on your router to keep track of activities. Reviewing logs helps detect potential threats early.

How to Configure Logging:

Ensure that logs are periodically reviewed for any signs of unauthorized access or unusual activity.

Backup Configurations Regularly

Regular backups of your router's configuration are essential in case of failure or compromise.

How to Back Up Configurations:

Use the following command to back up configurations:

Save configurations regularly to an external system for safe keeping.

Network Segmentation

Segmenting the network by function or trust level improves security. You can apply different policies based on the sensitivity of traffic across segments.

How to Segment a Network:

• Use VLANs (Virtual Local Area Networks) to separate network traffic logically.
• Configure ACLs between VLANs to control communication between segments.

Network Address Translation (NAT)

NAT is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.

• Function: NAT translates private IP addresses to a public IP address, making it difficult for external attackers to map your internal network.
• Conserve public IP addresses
• Enhance security by hiding internal network structure
• Facilitate merging of networks with overlapping address spaces
• Types: Static NAT: One-to-one mapping of internal to external addresses. Dynamic NAT: Maps internal addresses to a pool of external addresses. Port Address Translation (PAT): Maps multiple internal addresses to a single external address using different ports.
• Security Benefit: NAT acts as an implicit firewall, allowing only return traffic initiated from within the internal network.

Implementation Example (Cisco IOS): 

Security Considerations:

• NAT can complicate end-to-end connectivity and certain protocols
• While NAT provides a layer of obscurity, it should not be relied upon as the sole security measure
• Proper logging of NAT translations is crucial for troubleshooting and security auditing

 Implement Network Address Translation (NAT)

NAT is essential for hiding the internal IP addresses of devices on your network, making it more difficult for attackers to target specific devices.

Virtual Private Network (VPN) Termination

Many routers can act as VPN endpoints, providing secure remote access to the internal network. VPN termination on routers allows secure remote access to internal networks and facilitates secure site-to-site connections.

• Protocols: IPsec, SSL/TLS

Types of VPNs:

1. IPsec VPNs: Provide strong security for site-to-site or remote access VPNs.
2. SSL VPNs: Typically used for remote access, often clientless.

Key Functions:

• Authenticate remote users or sites
• Provide secure access to internal resources for remote workers
• Routers establish encrypted tunnels over public networks, ensuring data confidentiality and integrity.

Security Best Practices:

• Use strong encryption algorithms (e.g., AES-256)
• Implement Perfect Forward Secrecy (PFS)
• Regularly rotate pre-shared keys
• Use certificates for authentication when possible

 Implementation Example (Cisco IOS - IPsec Site-to-Site VPN):

Firmware Management

Keeping router firmware up-to-date is crucial for security.

• Importance: Firmware updates often include security patches for known vulnerabilities.
• Process: Regularly check for firmware updates from the manufacturer. Test updates in a non-production environment before deployment. Schedule updates during maintenance windows to minimize disruption. Keep a backup of the current configuration before updating.
• Example: The WannaCry ransomware attack in 2017 exploited vulnerabilities in outdated systems. Regular updates could have prevented many infections.

Routers, like any other device, rely on firmware to function. Outdated firmware can contain vulnerabilities that attackers exploit. Keeping firmware up to date is essential to maintain security.

How to Update Router Firmware:

• Step 1: Visit the vendor's website (e.g., Cisco, Juniper) and download the latest firmware version for your router model.
• Step 2: Access the router’s management interface.
• Step 3: Use the "Firmware Update" option in the router's interface to upload the new firmware.
• Step 4: After the upload is complete, reboot the router for changes to take effect.

Key Aspects:

1. Regular Updates: Keep firmware up-to-date to patch known vulnerabilities.
2. Verification: Always verify the integrity of firmware before installation.
3. Rollback Plan: Maintain the ability to revert to a previous firmware version if issues arise.

Implementation Example (Cisco IOS):

Secure Management Protocols

Use secure protocols for router management to prevent unauthorized access and eavesdropping. Secure management protocols ensure that router administration is protected from eavesdropping and unauthorized access.

Best Practices:

1.      Disable Telnet (unencrypted) and use SSH for remote management. Use strong encryption for SSH (e.g., RSA keys with 2048 bits or more)

2.      Use HTTPS instead of HTTP for web-based management interfaces.

3.      Implement TACACS+ or RADIUS for centralized authentication and authorization.

4.      Implement login rate limiting to prevent brute-force attacks

Key Protocols:

1.      SSH (Secure Shell): For secure command-line access.

2.      HTTPS: For secure web-based management.

3.      SNMPv3: For secure network monitoring and management.

Implementation Example (Cisco IOS):

SNMP Security

Simple Network Management Protocol (SNMP) is commonly used for network monitoring but can be a security risk if not properly secured.

Best Practices:

• Use SNMPv3, which provides encryption and authentication.
• If using SNMPv2, change default community strings and use ACLs to restrict SNMP access.
• Regularly rotate SNMP credentials.
• Limit SNMP access to specific management stations

Router Hardening

Implement these additional hardening measures:

1. Disable Unused Services: Turn off unnecessary services like HTTP server, CDP (Cisco Discovery Protocol), etc.
2. Enable Login Banner: Display a warning message to potential intruders.
3. Implement Logging: Configure syslog to send logs to a centralized log server for analysis.
4. Use Strong Passwords: Implement complex passwords and change them regularly.
5. Physical Security: Ensure routers are in secure locations to prevent physical tampering.

Advanced Router Security Features

Modern routers often include advanced security features:

1. Stateful Packet Inspection: Examines the state of network connections traveling across it.
2. Deep Packet Inspection (DPI): Analyzes packet contents beyond just header information.
3. Intrusion Prevention System (IPS): Some routers include basic IPS functionality to detect and prevent known attack patterns.

Router Security in Different Environments

Enterprise Networks

• Implement BGP (Border Gateway Protocol) with proper filters to control routing information exchange with other autonomous systems.
• Use MD5 authentication for routing protocol updates.

Small Business/Home Office

• Enable and properly configure the built-in firewall features.
• Use WPA3 for wireless security if the router includes Wi-Fi capabilities.

Internet Service Providers

• Implement BCP 38 (RFC 2827) to prevent IP address spoofing.
• Use RPF (Reverse Path Forwarding) checks to mitigate DDoS attacks.

Monitoring and Maintaining Router Security

1. Regular Audits: Conduct periodic security audits of router configurations.
2. Configuration Backups: Maintain backups of router configurations and implement version control.
3. Traffic Analysis: Use NetFlow or similar technologies to analyze traffic patterns for anomalies.
4. Incident Response Plan: Develop and maintain a plan for responding to router-related security incidents.

Remember, router security is not a one-time setup but an ongoing process. Stay informed about the latest threats and best practices, and regularly review and update your router security configurations.

That wraps up Day 2 on router security! Tomorrow, we’ll shift our focus to switch security—another vital component in securing a network. We'll discuss how switches manage internal traffic and the best methods to keep them protected from cyber threats.