Less than one month after the WannaCry ransom-ware attack, many companies and institutions were hit by Petya. The Petya attack spread very rapidly affecting many companies in a very short time-frame(1). It nearly paralyzed operations of one of Europe’s largest container terminal and has seriously disrupted the operations of companies like TNT Express(2).
While large corporations have teams dedicated to information security, most AV-installers do not have such teams available. The question is, are we still in control of our installations?
Is 100% secure possible?
In short ‘no’. Dr. Melanie Rieback, owner of Radically Open Security, explained in a recent interview of one of the Dutch newspapers: “A group of hackers with time and money get in everywhere”(3) It primarily boils down to how great the interest is in entering a network, set off against the effort needed to get in. In parallel, one should design the security in view of the value/importance of what it protects.
What does it mean for AV?
With AV-installations we should as a bare baseline make reasonable effort to secure our setups. In corporate environments, the security specifications are mostly dictated by the IT departments and usually the design must be assessed and approved by that department prior to installation. In small commercial and residential installations, it mostly comes down to the choices of the installer.In each case, we must avoid being the cause of opening up the network of our customers to those who want to do wrong. We certainly don’t want to be the cause that the private holiday snaps of your VIP customer are suddenly all over internet, because we have insecurely created a port forwarding to show that device on your phone or because we forgot to change the default password of the WiFi.
IoT, Easy Wizards and stuff you can show on your smartphone
Many of us have grown to love the use of ‘easy installation wizards’ and flashy smartphone app’s: The stuff you plug in and works without configuration. There are off course trade-offs for your ease of installation. Firstly, all these wizards are primarily designed for the DIY/retail market and installing these in residential or commercial AV setups require very little added value from the knowledge of the installers. Secondly, since more is done for you, more of the technology is moved to the ‘black box’. We get less and less influence on the security of the installation.
The largest DDOS (Denial of Service) attack of 2016, which crippled large parts of the Internet was caused by a botnet that made use of vulnerable devices like webcams, camcorders, baby monitors, and other insecure internet connected devices. Basically, easy to install stuff you can show on your phone!
The greatest concern of all is the quick rise in Internet of Things (IoT) devices. We already bring in those easy to use IoT devices into both corporate and residential environments, while the chip manufacturers of the IoT chips are still bickering on what level of security needs to be embedded on those chips.(4)
Simple steps to improve security
Again, there is no guarantee to fully securing your installations. Making it more difficult to get in, also makes it less attractive to get in. These steps are merely a guideline to some security basics, but the needed level of security measures needs to be assessed for each individual installation. When in doubt, ask an expert!
________________________________________
[1] https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html?mcubz=2
[2] http://investors.fedex.com/news-and-events/investor-news/news-release-details/2017/FedEx-Files-10-K-with-Additional-Disclosure-on-Cyber-Attack-Affecting-TNT-Express-Systems/default.aspx
[3] https://www.volkskrant.nl/tech/deze-wonder-woman-van-de-computerbeveiligingswereld-hackt-zo-je-bedrijf~a4505208/
[4] https://www.technologyreview.com/s/603015/security-experts-warn-congress-that-the-internet-of-things-could-kill-people/?set=603780
________________________________________
Niveo Professional is a manufacturer of enterprise network equipment for commercial and residential AV industry. Niveo Professional offers firewall routers like the NR10 with many capabilities to increase security of AV installations: https://www.niveoprofessional.com/product/nr10/
To learn more on how Niveo Professional and the equipment can help you build more secure installations, please check www.niveoprofessional.com or contact us at: info(at)niveoprofessional.com