* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/)
* Taking Needed Steps to Pr...

# Taking Needed Steps to Protect Network Connected Devices

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2015%2F07%2Ftaking-needed-steps-to-protect-network-connected-devices%2F)  
[](https://twitter.com/share?text=Taking+Needed+Steps+to+Protect+Network+Connected+Devices&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2015%2F07%2Ftaking-needed-steps-to-protect-network-connected-devices%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2015%2F07%2Ftaking-needed-steps-to-protect-network-connected-devices%2F&title=Taking+Needed+Steps+to+Protect+Network+Connected+Devices&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2015/07/taking-needed-steps-to-protect-network-connected-devices/&ts=markdown)  
\[\](mailto:?subject=Taking Needed Steps to Protect Network Connected Devices)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
Jul 13, 2015  
4 minutes  
[Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown)  
[Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown)  
[Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)  
[Internet of Things](https://www.paloaltonetworks.com/blog/tag/internet-of-things/?ts=markdown)  
[Vulnerabilities](https://www.paloaltonetworks.com/blog/tag/vulnerabilities/?ts=markdown)

The U.S. Food \& Drug Administration (FDA) is responsible for the oversight of food and medical products sold in the United States. As such, when it finds previously unknown safety concerns, the FDA takes measures to let the public know. Perusing the list of safety communications issued by the FDA, one typically sees product recalls on a range of issues, such as improper labelling, lack of FDA approvals, and manufacturing defects.

On May 13, 2015, the FDA issued a safety communication of a different sort. [Vulnerabilities of Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems: FDA Safety Communication](http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm) identified a medical device that is responsible for the delivery of anesthetic or therapeutic drugs as being vulnerable to reprogramming by an unauthorized third party. There are a number of attack vectors present, as outlined in [ISCA-15-125-01B](https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01B), with the most serious error being an open telnet port on TCP/23. As if telnet itself wasn't already inherently insecure (which it is), the issue with this particular device is that it provides unauthenticated users with root privileges. Other flags include exploitable vulnerabilities, unprotected keys, cleartext credential storage, and hardcoded accounts.

The Internet of Things introduces a number of challenges for product manufacturers. Many are being pressured to develop network interfaces to their products; doing so greatly simplifies connectivity by doing away with the slew of custom connectors and protocols that litter the market. But these products are not necessarily being developed with security in mind. Many are embedding network stacks into the firmware of their products [with poorly implemented security features and packages with unpatched vulnerabilities](https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin).

The users of such products face an entirely different challenge. Most end users are not in a position to closely scrutinize how exploitable every device on their network is. Even after running a port scan to look for the open ports, most security teams aren't staffed to test for vulnerabilities on every device that shows up on their network.

If one cannot trust the security of the device (and by default, one never should), steps must be taken to minimize exposure to risk through other means. That's why network segmentation is a critical measure to make sure that unnecessary levels of access to applications and networks are not permitted.

At the most basic level, network segmentation can greatly reduce the attack surface area. As a general rule, separating the medical device network from the LAN is a forgone conclusion, but one that many organizations may overlook. That's because traditional network segmentation with port-based firewalls is often messy work. Setting up the VLANs is the easy part, but the ineffective port-based policy is not capable of scrutinizing what's happening in application traffic. Modifying the policy every time there's a change in the segmentation is a nightmare, and ultimately drives many organizations back to a flat network.

If you think about it, network segmentation itself is not all that useful if it's not doing a good job controlling traffic that passes from one segment to another. That's what makes the Palo Alto Networks Next-Generation Firewall particularly well suited for this purpose, for it uses applications tied to users and groups to define policy of the traffic passing from one network segment to another. In addition, the use of threat prevention to stop exploits and known/unknown malware establishes protection to stop malicious traffic.

Network segmentation is but one part of a strategy to deal with the Internet of Things using the Palo Alto Networks Security Platform. Through the adoption of additional layers of security, including endpoint protection and the use of global threat intelligence, your security team can build a network that is capable of adopting network connected devices by leveraging prevention measures to reduce risk. Learn more about the platform [here](https://www.paloaltonetworks.com/products/platforms.html?ts=markdown).

*** ** * ** ***

## Related Blogs

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Welcoming the APAC WildFire Cloud](https://www.paloaltonetworks.com/blog/2017/09/welcoming-apac-wildfire-cloud/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Stamp out Credential Abuse with Okta and Palo Alto Networks](https://www.paloaltonetworks.com/blog/2017/06/stamp-credential-abuse-okta-palo-alto-networks/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### 5 Key Considerations When Implementing User-Based Access Controls](https://www.paloaltonetworks.com/blog/2017/01/5-key-considerations-implementing-user-based-access-controls/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### There's No "I" in Secure Network: User-Based Access Policy is a Team Effort](https://www.paloaltonetworks.com/blog/2017/01/theres-no-secure-network-user-based-access-policy-team-effort/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Don't Let Your Users Unknowingly Be the Weak Link in Your Security Infrastructure](https://www.paloaltonetworks.com/blog/2017/01/dont-let-users-unknowingly-weak-link-security-infrastructure/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Prevent Cyberattacks By Securing These Remote Access Tools](https://www.paloaltonetworks.com/blog/2016/11/prevent-cyberattacks-securing-remote-access-tools/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language