(800) 567-1180

BUILDING INTEGRATION

Posts Tagged ‘IT Department’

Q and A with our director of IT: How does a DDoS attack impact my business?

A Distributed Denial of Service (DDoS) attack on Dyn took down Spotify, Twitter and other major websites on October 21, 2016. Forensic work in the wake of the attacks places some of the blame on hardware — security cameras — that were taken over by the Mirai botnet.

What does that mean for you? We sat down for a Q and A with Anthony Tatman, director of IT for ECT Services.

9845935_s

1. Most organizations will not feel the direct impact if their devices are taken over and used in a DDoS attack. Why should organizations/facility managers be concerned about attacks and device/system vulnerabilities? Are there other risks?

There are typically no direct repercussions for the end user yet but with the economic impacts these types of attacks can have on important industrial, financial and commerce sites there will be ever greater efforts to find ways of mitigating these attacks and finding ways to promote greater device security. There are lawsuits lining up for the makers of these insecure devices and the FTC is investigating the security practices of these industries. It is not hard to imagine new regulatory guidance for these types of devices which means more cost for us as consumers and potentially legal responsibility if an owner makes no attempt to secure them.

Aside from legal liability, one primary reason for concern for business leaders is that these devices are pathways into a network. If I can get to your web cam or your DVR inside your network what else can I get access into?

If you do not take proper steps in securing these devices, an individual could gain various levels of control over parts of the building management systems. It would be simple to view security and temperature control devices and information.

If you want to see examples, a group runs and showcases a small sample of non-password protected internet cameras it discovers at the following site https://www.insecam.org/en/bycountry/US/.

2. IP cameras were implicated in this attack. What other kinds of devices might be vulnerable?

Other devices used in this particular attack were DVRs and internet routers. If a product has a function that I can connect to remotely, or updates to a remote service it is potentially vulnerable. Think of the baby monitors, home security systems like Nest, the Samsung refrigerator with internal camera, faucets that I can shut off remotely from the beach and your vehicle. There are a range of estimates that by 2020 there will be 30-100 billion internet connected devices.

3. How can facility managers know devices and systems are secure? What questions are important to ask?

Easiest solution is to not connect things directly to the internet. If a device needs internet access, understand how it needs to be accessed and take steps to protect remote access channels. One example would be to require use of VPN type services. Remove or disable default accounts if possible and always change default account passwords using strong password standards. Use two factor authentication if a product or service allows.

4. How does ECT Services ensure the devices/systems it installs are secure?

This is a big question and is very dependent on the particular customer and their system requirements. Typically our systems are not directly accessible from the Internet, and many are not remotely accessible at all. In instances where remote access is required we work very closely with our customers, IT personnel and resources to design our systems to fit within a secured network framework and we work to reduce the number of ways unauthorized access could be gained. We do encourage and support our customers to structure system access in a secure manner with as minimal access as required to fulfill the systems role. Our end point devices fall into the same vulnerabilities as any other internet capable devices and many of our products do have default accounts and passwords that are changed upon system implementation.

Utilizing Existing Infrastructure

As the security, CCTV and intercom industries continue their move toward greater reliance on IP infrastructure, our customers are asking for more involvement if not outright ownership from their internal IT support groups. How the systems are designed to minimize the potential impact to corporate network resources go a long way to obtaining support from the customer IT support staff.

We are seeing greater demand for migrating away from the centralized security platforms that require dedicated panels, head-end equipment and homerun cabling. Customer requests are moving security products and control to the “edge”. Much of this interest is driven by the possibility of significant cost savings in both material and labor for a security project as well as the increased flexibility and greater functionality available when the systems are placed on the corporate network.

The potential cost savings are typically balanced against an increase in scope for the structured cabling and network infrastructure requirements to meet the needs of the edge devices. Additionally, IT groups may have additional requirements in terms of maintenance allowances and services required for the upkeep of additional devices requiring corporate network access.

Overcoming these challenges will allow the customer security staff to utilize new remote access capabilities to become more efficient and can allow combining multiple systems into a single point of monitor for a consistent application of existing security processes. Upcoming features will require the security system products to increasingly fit into existing IT support standards as we all become more reliant on the IT world.

Anthony Tatman
Security Controls Engineer