Simple Cyber Security Steps Your Organization Should Implement NOW
October’s Mirai botnet attack is a reminder that campus security practitioners must take network protection seriously.
For years now, Campus Safety has been warning our readers about the dangers of hacking, malware, ransomware and other cyber threats, and last month we were once again reminded of the vulnerabilities associated with devices connected to the internet.
On Oct. 21 there was a massive distributed denial of service (DDoS) attack that caused internet outages across America. Malware known as “Mirai” enslaved Internet of Things (IoT) devices – including about 10 percent of our nation’s IP-enabled cameras, digital video recorders (DVRs), home networking gear and other connected devices – to form a massive connected network. The devices were then used to bombard websites with requests, overloading the sites and effectively taking them offline. Amazon, Spotify and Twitter were among the sites affected by the attack.
It turns out that the Mirai botnet malware that caused the attack used default admin passwords to exploit Telnet vulnerabilities. Video surveillance equipment as well as other devices that connect to the internet usually come with factory-installed default passwords, and according to Hikvision Sales Engineer Joe Coe, this presents significant vulnerabilities.
“Often people don’t understand that when they put in ‘12345’ or ‘password’ as a password, middle school children could figure those passwords out without any social engineering,” he says.
Coe recommends that campus end users immediately change any default passwords that come pre-installed on devices that connect to the internet, including their security cameras. He also recommends that the passwords they create be strong and long.
“It’s much easier to reset a password than reconstruct your security environment or have someone do forensics once someone has access to your environment,” he warns. “[Setting strong, long passwords] isn’t convenient, but once users get used to it, it becomes second nature.”
Some device manufacturers, such as Hikvision, have avoided the default password and Telnet issues altogether by no longer delivering products that have Telnet access by default or have default passwords. Instead, a user-defined passcode must be created during device initialization. As a result, products from these manufacturers were not affected by the Oct. 21 DDoS attack.
Although some manufacturers are taking big steps to improve the cyber security profile of their products, end users can help to address this issue as well. Coe recommends campuses take the following steps with their security integrators to make their internet-connected security devices more cyber secure:
- Limit Authorization and Access to Appliances: “Only provide people with authorization for the things they need to do,” he says. “For example, Bob the receptionist may need to look at live and recorded video, but he doesn’t need to ensure the hard drives get formatted correctly.”
- Have the Ability to Audit Activity: “If your appliances don’t have the ability to provide a log entry for everything that takes place on that appliance, you are doing yourself a disservice. If you need to go back and do forensics, whether it’s for a cyber security incident or it’s just to fix something that’s broken, having those log files can be very helpful.”
- Regularly Update Your Firmware and Software: Outdated firmware makes cameras and other devices more vulnerable to hacking.
- Segment Your Network: Be certain security appliances are on a separate server. According to Dale Tesch, who is director of advanced security operations for NTT Security, “Many breaches originate in one segment of the network, where attackers find entry easiest, and then propagate to other unrelated segments of the network as the attack progresses.”
Of course, no one can be completely certain that their internet-connected devices are 100 percent secure. Hacker methods and technologies continue to evolve.
“As soon as you plug in any device into the internet, regardless of what it is, it immediately becomes potentially vulnerable,” Coe warns. That’s why he believes it’s so important for campuses to work with integrators and manufacturers who take cyber security seriously.
“Only work with vendors that have a passion for cyber security so that when you identify something that you believe is a potential risk, you can work with those folks to get it resolved quickly,” he says. “If they find something that no one else has, they are actually working toward the betterment of everyone.”
Read More Articles Like This… With A FREE Subscription
Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!