A brave new world

Written by 
Published in Features
  • font size decrease font size decrease font size increase font size increase font size
  • Print
  • Email
“We are in a brave new world of security threats”
By Dan McDuffie, CEO Wyless
 
As you may have already seen on the news, a security vulnerability known as Heartbleed was recently identified in the popular OpenSSL cryptography library. This weakness allows stealing secure information including any sensitive data or even private keys that would normally be protected by the SSL/TLS encryption used to secure Internet traffic and it made big news primarily around web sites that could have the security hole built in, however this is a phenomenon that also has had serious implications on corporate security around access devices in the Corporate IT and Machine to Machine market and highlights the need for stringent security controls not just on Corporate owned systems but to any vendor that might have installed a solution into your our your clients’ premises that required any level of external access.   With regards to Heartbleed, any device (wired or wireless) that is connected to the corporate network and used OpenSSL in any way potentially had this vulnerability, and there are undoubtedly other similar issues lurking out there as well.
 
 
What’s the impact of this?  Essentially we are in a brave new world of security threats.  Think in terms of several scenarios:  
 
  • Many ATM Machines worldwide are connected wired and wirelessly using modems that could be hacked, and every day hundreds of millions of people bank over these networks.
  • Many corporate IT departments have secondary networks using wireless access gateways for Internet continuity or public Wifi Networks.  (For instance retail chains, restaurants, doctors offices, health clubs, etc.)
  • Both residential and corporate security systems have cellular gateways for backup or in growing cases for primary access to central monitoring stations.
  • Building control systems such as energy management devices, HVAC Systems, etc. are connected to wired or wireless gateways for out of band management or remote monitoring.
  • And in many cases of the above and other similar scenarios, disparate systems increasingly are interconnected without the knowledge of the end user, opening up the potential of a backdoor into other areas of the network.
 
How serious is this?   Let’s consider the security breach where literally tens of millions of consumer credit card numbers were compromised in last year’s hack of Target department store’s network.  Malware was installed at their Point of Sales devices, the thieves having hacked through the HVAC System’s remote management gateways.  The hacking of a simple industrial control connection somehow led to one of the largest security breaches of consumer data in history.
 
With respect to Heartbleed what is truly disturbing is that it appears that this flaw in Open SSL that was recently discovered had been undetected by over 2 years.  Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure.  The flaw makes it possible to snoop on Internet traffic even if the padlock had been closed.  Interlopers could also grab the keys for deciphering encrypted data without the website owners knowing the theft had occurred, according to security researchers.  What’s worse is that it is estimated that over two-thirds of the worlds Web servers rely on Open SSL.
 
 
So what can one do to mitigate such disasters lurking in the shadows?  First, secure the network from the obvious.   Devices on public IP addresses are the most vulnerable as these devices are directly accessible from the Internet.   Use a private network instead.  For instance, standard “private-IP” cellular connections from Wyless use a network configuration called “many-to-one” Network Address Translation (NAT) in accessing publicly accessible Internet destinations. That configuration prevents unknown entities on the internet from initiating contact with the private-addressed device. When a device has a public IP, either natively, or assigned via “one-to-one” NAT, then the firewalls by default does not filter, block, or prevent any Internet source from contacting the device. This leaves the wireless device itself as the only layer of security, and while most devices have some firewall capabilities of their own, these capabilities are frequently either left disabled by default, left with default username/password in place (and the default is easily obtainable via internet searches), or misconfigured in a way that unexpectedly permits easy access, or even installed correctly but exposed by a later patch or firmware upgrade. 
 
It is our strong recommendation that any device with public IP addressing ensure their device be “locked down” and the factory default username/password be changed to something unusual and not easily guessed.   We also recommend customers evaluate the vulnerability of their devices and reach out to their hardware vendors for any updates needed to secure them.
 
And choose a managed services provider that offers Security as a Service.  Any MSP or Carrier that is touting a public IP network should be reconsidered.   When it comes to external access to a corporate IT network, best practice security is a must.  But that’s just common sense right?  Ask Target’s HVAC vendor!
 

Full Name


Email Address


Bosch Corner

Intelligent devices – changing things for the better

Intelligent devices – changing things for the better

The Internet of Things (IoT) is changing the way we view video security, quite literally.

Extremely intelligent cameras for extremely testing conditions

Extremely intelligent cameras for extremely testing conditions

Nature is incredibly unpredictable. It only takes minutes for a wind to double in strength...

Full control

Full control

From evacuation to conferencing: Bosch supplies full security and communications solution to Krakow event center.

Event News

Next Events

BSIA Spotlight

Achieving efficiency through integration

Achieving efficiency through integration

As an important method of securing a site by controlling, monitoring and restricting the movement...

Full stop

Full stop

Renewed focus on Hostile Vehicle Mitigation following vehicular attacks in London.

Industry experts elected to BSIA Section Chair positions

Industry experts elected to BSIA Section Chair positions

At the British Security Industry Association’s Annual General Meeting on Wednesday 12th July 2017, 24 industry...

IPSA Features

The Challenges with security in university accommodation

The Challenges with security in university accommodation

By Jane Farrell, FM Development Manager, Sodexo and Chairman International Professional Security association (IPSA)

Recognising the contribution of contract security

Recognising the contribution of contract security

Following on from recent terror attacks in the UK, there has been a lot of...

Debunking Cyber Security

Debunking Cyber Security

Over the last few years companies have started to realise that cyber security is a...

MEB Media Limited

13 Princess Street,

Maidstone,Kent

ME14 1UR

United Kingdom

http://www.mebmedia.co.uk/

 

Site Map

Monthly Newsletter Signup

Full Name


Email Address