By Scott Goldfine · May 18, 2017
Campuses must adopt physical security solutions that won’t be hacked by cyber criminals. This article, which originally ran in CS’ sister publication, Security Sales & Integration, highlights cybersecurity practices that systems integrators should adopt, as well as mistakes they should avoid. The following list of dos and don’ts will help you determine if your integrator is up to snuff or if you need to look somewhere else.
Would you leave the doors of your business, home or vehicle propped wide open in the middle of the night as a welcome invitation to hooligans or criminals?
Would you recommend your customers do the same? I didn’t think so.
Guess what, particularly as a security professional, if you’re not taking cybersecurity very seriously then in a very real but virtual sense you are leaving the door wide open for cyber criminals and mischievous hackers to infiltrate and harm your company or your clients’ organizations. If that is you, then get your head out of the mud, seek knowledge and understanding, and take action — NOW. The good news is that after a skeptical and sluggish start, the electronic security industry is by and large acknowledging the criticality of cybersecurity and its unique interrelationship with networked physical security.
Proof can be found in the third annual SSI Physical-Logical Security Assessment, the lynchpin of SSI’s annual Cybersecurity Issue.
The study shows positive trends in a number of metrics, even as it highlights just how much more work must be done to ensure dealer/integrator businesses and those of their customers are as impenetrable as possible against breach attempts.
The imperative is not for dealers or integrators to become cybersecurity experts (although no one is stopping you) or to radically change models. Rather, it is to accept this new business climate, learn some basics and, most importantly, implement and adhere to established and emerging best practices.
Doing so minimizes the chances of compromised networks as well as potential liability. At the same time, electronic security firms need to be well aware of the opportunities currently out there to expand into offering managed services such as network health monitoring, either through internal resources or partnering with an outsourced provider.
As a partner in the industry’s first Cybersecurity Congress, former member of PSA Security Network’s Cybersecurity Council and organizer of “The Security/IT Connection: Riding on Networks and Monitoring Network Security for New Revenue” keynote at last November’s Total Tech Summit in Atlanta, I have been a leading proponent of facing cyber-related threats, challenges and opportunities head-on.
That includes adopting sensible, smart policies and procedures that support effective cyber hygiene at the dealer/integrator company and customer levels, and proper vetting and product hardening at the manufacturer level.
No doubt getting started can seem daunting. To help procrastinators get going and those who have begun the journey keep their eyes on the prize, following are dos and don’ts from that Total Tech Summit session:
- Document equipment (OS, application, firm-ware) versions, maintain continuous updates
- Consult manufacturer hardening guides for configuration tips; ask if not readily available
- Change default administrative passwords
- Manage passwords and equipment administrative privileges
- Configure device user accounts to access device services
- Use managed switches
- Establish baseline device networking attributes, e.g. IP address, MAC address and SSL/ TLS version
- Close all unnecessary ports, e.g. FTP; turn off unnecessary services, e.g. DNS
- Create standalone networks for low-voltage systems when possible; use firewall and router tools to transit enterprise LAN/WAN if you must provide services in a shared environment
- Consider 802.1x (RADIUS) implementations for unmonitored (time/staff) devices to ad-dress physical network intrusion
- Discuss known vulnerabilities, e.g. with client, agree on mitigation efforts
- Don’t use default passwords on any equipment
- Don’t use old firmware versions
- Don’t trust a client’s network
- Don’t allow access to your internal network
- Don’t trust WiFi networks
- Don’t trust received storage media like USB, SD, CD, etc.
- Don’t attach your unmonitored equipment, e.g. laptop, to a client’s network
- Don’t open email attachments or web links from anyone that were unanticipated
- Don’t rely solely on signature-based spam filters
- Don’t think that you’re too small to be targeted by cybersecurity criminals