Cybersecurity for Rural Telecom and Broadband Sites

Greetings and welcome back.  This week, we continue our series on Cyber and Physical Security for Remote Telecom sites with our blog: Cybersecurity for Rural Telecom and Broadband Sites.  In our last blog, we discussed the availability of open network ports that are used by cybercriminals as back doors to steal data and destroy your equipment.  This week, we look at the ability of hackers to penetrate the front door of your network to wreak havoc with your operations.

To begin with, its important to realize that, whether you have a rural or urban telecom site, you’re a key target of hackers and data thieves.  Hackers get paid for disrupting your operations and data thieves get paid by stealing your customer’s data and selling it on the black market.  All the data that passes from your customers to and then from the Internet flows through your remote sites and for this reason, the bad guys put high value on your sites.

How Hackers can Attack Rural Telecom Sites

To give you an example of how hackers can target your rural sites, please look at this article of a hacker who brought-down hundreds of thousands of Deutche Telecom customers.  In this case, a hacker was paid $10,000 by a middle eastern company in order to take down the DT customer network.  The hacker modified the Mirai Botnet to attack the port 7547 – the port for Simple Online Access Protocol (SOAP) which is used to remotely manage a number of routers.  By using this port to overload the routers and then the network, the hacker was able to bring down the DT network.  The key thing here is that there are always people willing to pay to harm companies or their customers and you must consider that you are a potential attack candidate.

In making a scan of rural telecom sites via the Shodan Search Engine, I found a significant number of routers that have open ports that could be used to bring down their networks.  For obvious reasons, the names of those organizations will not be named but, it is clear that rural telecom sites are vulnerable to similar and perhaps much more destructive attacks.

How Data Thieves can Steal Data at Rural Telecom Sites

Stealing of data through a remote site is surprisingly easy.  To do so, one only need gain physical or virtual access to any remote telecom site.  From there, permissions can be created to allow selected packets of information to be duplicated and then sent to a cyber-thief’s awaiting server.  For security reasons, the particulars of this hack will not be shared but, I can say that I was able to find innumerable rural telecom site network systems online using Shodan.  Thousands of sites presented the option to remotely configure a switch at these sites and, once done, a data thief would be in control of that network site. This leaves those sites wide open to data thieves and leaves open huge liability to the telecom service provider.

What Can be Done to Protect Rural Sites?

Its imperative that the open ports of these systems be secured.  In terms of remote management, simply placing a firewall on that port is of little value.  The reason for this is that the firewall must decide to let those whom it believes to be “good guys” to have access to the units.  The problem with this is that its all-too-easy to spoof a good guy and take over the site.

What needs to be done is to completely lock down all remote management ports and to send all data from those ports into a secure location, accessible only by privileged individuals.  This is exactly what our RackGuardian product does.  It creates a stealth shield around any device that it monitors while it sends all monitoring data with respect to that device to our secure cloud portal.  The result is that you can remotely monitor and manage your critical network equipment while keeping its presence hidden from all Internet traffic.

Please think about this and give us a call if you would like assistance at your remote sites.  We would be happy to have a confidential discussion with you about your security options.

Until Next Time,

Be Well!

 

 

Secure, Unified Monitoring for All Your Network Closets

Many organizations have dozens, even hundreds of network closets, server labs and other small IT and Telecom rooms in their facility or campus.  All-too-often, these rooms have been monitored by multiple applications with a Network Management System (NMS) monitoring the SNMP devices, a Building Management System (BMS) monitoring the environmental and power conditions and a Security Management System (SMS) monitoring the entrance to these rooms.  RackGuardian is the first product built to provide Secure, Unified Monitoring for All Your Network Closets.  For the first time, you can monitor all your SNMP, Environmental, Power and Security Systems on a single, secure, cloud-based platform.

RackGuardian is a secure, cloud-based management appliance which you place in each of your network rooms.  It has a secure port from which to gather information from any SNMP, Modbus or other network device.  It also contains 4 environmental monitoring ports which can connect to temperature, humidity, water leak detection, fire alarm or other sensors. In addition, it also includes two Wiegand access control ports which can interface with most any card-access or biometric access system.  This gives you total scope monitoring capabilities for each room in which you place a RackGuardian.

As RackGuardian gathers data, it continuously monitors this data with self-learning analytics.  This allows the system to eliminate nuisance alarms from traditional high-low alarm set points by using its patent-pending alarm analytics.  The self-learning analytics literally learn the normal operating parameters of each device and each data-point within each device.  By doing this, you know that,  when the RackGuardian system does send you an alarm, a statistically significant event is near.

RackGuardian pushes all its statistical data to the AlphaGuardian secure cloud server once per minute – unless an alarm is spotted, in which case it pushes this data immediately to the cloud for alarm notification.  All data pushed to the cloud is done by secure 2048 bit encryption – Military grade protection.  In addition, the data is pushed because the RackGuardian acts as a data diode, one-way communication device.  It pushes data to the cloud securely but it will NOT allow any device to connect to itself or to any of the devices that it is protecting.  In fact, once a device is connected to the RackGuardian, it becomes stealth to your network.  No one can see the device or even knows that it exists.

Having a secure, cloud system that unifies all of your devices is a strategic advantage.  When you use different systems to monitor the same rooms, you have a potential for confusion and even disaster.  RackGuardian has a heirarchical, stratified access system that allows multiple departments and multiple levels within those departments to see only the items under their control.  In this way, the facilities department can securely see the environmental and power conditions, the network manager can see their servers, switches and other SNMP devices and the security officer can see when and by whom each room is accessed.

By eliminating multiple systems with a single, unified system, RackGuardian saves money both in the short and long term.  By offering all data in a secure, cloud-based platform, you have the ability to scale from a small number of rooms in one site to thousands of sites on a national or even global scale.  RackGuardian’s power can be seen in the diagram below which slows its security, simplicity and power.

a Secured, Unified Platform for Monitoring Your Network Closets

 

Until Next Time,

 

Be Well!

 

Securing Network Closets in Healthcare Facilities

Greetings and welcome back.  In today’s blog we look at a subject that is all-too-often overlooked in hospitals, doctors offices, and other medical facilities: Securing Network Closets in Healthcare Facilities.  The fact is, healthcare records have the largest value of any type of record in the black market for Personally Identifiable Information (PII).  Because of this, healthcare facilities will always be prime targets for data thieves and network closets are one of the most poorly secured part of most healthcare facilities.

In a study of all network closets in a large university, this excellent paper published by East Tennessee State University by Nathan Timbs shows that there were, on average, more than 1 threat, hazard or vulnerability for each of the 82 network closets surveyed.  Not surprisingly, data thieves have become very accomplished at using vulnerabilities in the cyber/physical security of wiring closets to steal large quantities of valuable data.  Another excellent paper published online by Towson State University shows how easily a person can gain physical access to a network closet to place an eavesdropping device into most any network.  This device – which can be a simple switch that is converted to their own nefarious purposes – then sends data offsite to their data capture system, completing the theft process.

This process, known as a man-in-the-middle attack system, is surprisingly fast and easy to add to any network closet.  In fact, some of the largest data thefts recorded have been accomplished by cyber/physical man-in-the-middle attacks such as those discussed by these two excellent papers.   This creates a significant challenge to healthcare facilities because HIPAA requires security of all your Physical, Cyber and Operational assets as is shown in the following graphic and, network closets are definitely a key to being secure and HIPAA Compliant.

Securing Network Closets in Healthcare Facilities

 

Because of these issues, it is vital that Physical, Cyber and Operational security need to be addressed in the network closet, preferably with a single unified solution.  RackGuardian was build from the ground-up to be a system that provides full physical and cybersecurity to your network closets and all of the equipment within them.

RackGuardian does all the following:

  • Interfaces and securely manages any Wiegand-Based Access Card System
  • Interfaces and protects any SNMP-based computer, network or power system
  • Provides full physical and operational monitoring of the network closet

Please think about this and take a look at RackGuardian.  We would be happy to confidentially discuss the security of your network closets for your facility.

Until Next Time,

Be Well!

Network Closet Vulnerabilities – Cybersecurity

Greetings and welcome back!  In today’s blog we will look at the problem of cybersecurity in network closets and small server rooms.  This is of particular importance to those who fall under the requirements of HIPAA, PCI-DSS or Gramm Leach Bliley as they make no distinction in where the data is located or the size of the data room.  In fact, while larger data centers often have layers of physical and cybersecurity, smaller network closets and server rooms have little, and in some cases no meaningful physical or cybersecurity.

There are a large group of smaller network rooms whose only cybersecurity is an inexpensive firewall box, which is easily evaded by a hacker.  Hackers or professional cyber criminals do not like to leave a trail to follow so, once they enter a network they often look for a device in which to hide-out while they explore the network and look for targets from which to steal data.  We have found that a favorite place to hide for these criminals in inside the network card of a Rack UPS or Power Distribution Unit (PDU).  In fact, one of the most spectacular data thefts in the past couple of years was executed through the Rack PDU of a cloud service provider.  This excellent article shows how the Rack PDU’s were used as a jumping-off-point into the servers in order to steal data.

In addition to using a Rack UPS or PDU as a hiding place from which to launch an attack on the servers within that rack, these networked power units can also be used to shut down servers and even to destroy the data in the servers.  The widely-publicized Ukrainian Power Plant hack was an excellent example of how a UPS system can be used to shut down and then wreak havoc on servers.  In this case, Malware was used to program two UPS units to shut down at exactly the same time, cutting power to all critical servers and desk tops in the power plant.

If your systems are covered under security regulations, they must have backup power systems and, if they have backup power systems, they also must be protected from hackers.  It is wishful thinking to assume all cyberattacks on a server will be from the front-door.  In today’s world of increasingly sophisticated bad guys, back doors to servers – such as those offered by UPS and PDU systems – make perfect cover for a data thief.

Fortunately, RackGuardian was designed from the ground-up to both monitor your network/server room power and environment and to provide full firewall protection at the same time.  That’s because RackGuardian includes a private network port on which to query any SNMP or Modbus system securely in its own cyber-safe envelope.  The RackGuardian seals-off all units that it monitors because its second network port pushes data to the cloud but it will not accept ANY attempts to connect with it.  All of your SNMP and Modbus systems that are being monitored by RackGuardian are invisible to the outside world because there is no way to get through the RackGuardian to see them.

If you have network closets and server rooms that need to be protected, please don’t just protect the front-door of your servers, protect the back door of your UPS and PDU units and keep the bad-guys at bay!

Until Next Time,

Be Well!

 

Network Closet Security Vulnerabilities – Physical Security

Greetings and welcome back.  In this blog, we take a close look at Network Closet Security Vulnerabilities – Physical Security.  This is the first in a new series on the key types of network closet security flaws.  This is a key topic, especially for all those of you who are covered under HIPAA, PCI-DSS, FERPA, Gramm Leach Bliley and other data security regulations.  The fact is, as more data shifts to the cloud, that means that more data is transported through your network closets to the various cloud providers that you employ.  Because cloud services tend to be well-fortressed, cyber criminals are turning to the easiest way to get to that data – your network closets.

To begin with, all of the key data security regulations require you to physically secure your data.  Here are some key provisions with which we should all take time to familiarize ourselves:

HIPAA Section 164.310: “Facility Access Controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.”

PCI-DSS Requirement 9.1: Verify the existence of physical security controls for each computer room, data center, and other physical areas with systems in the cardholder data environment. Without physical access controls, such as badge systems and door controls, unauthorized persons could potentially gain access to the facility to steal, disable, disrupt, or destroy critical systems and cardholder data. 

GRAMM LEACH BLILEY: “Management should deploy adequate physical security in a layered or zoned approach at every IT operations center commensurate with the value, confidentiality, and criticality of the data stored or accessible and the identified risks.”

Its clear from these sections of security codes that you need to provide a secure card-based access system in order to be compliant with major data security regulations.  What isn’t clear is which physical security system is the best for your application.  Fortunately, our RackGuardian system is one of the only systems that supports virtually any access card on the market.  That means that, if you are already using a card access system for your main door at your facility, chances are very good that RackGuardian can support that card on a plug-and-play basis.  If, on the other hand, you need a new access card system, then we also have you covered.

In the next 2 blogs, we plan to look at cybersecurity and also backup power and environmental security for your data.  Please take a good look at RackGuardian and we believe that you will find that its the most powerful security product for data security on the market.  We welcome you to contact us with any questions about your individual security needs.

Until next time,

Be Well!