Securing security devices more relevant than ever amid threats
            	
    			      Date: 2018/05/16
    			      Source: William Pao, a&s International
    			    
             
                        
            
            	More and more, physical security has migrated to IP, which has various benefits. But on the downside, networked security devices and equipment are susceptible to malicious activities if not protected. As a result, more attention is now focused on the device's security, which should be looked at by both vendors and SIs/users.
 
That was the point raised by 
SecuriThings, a security solutions provider. “We provide a comprehensive solution for IoT device security management, integrating dedicated software agents on the IoT devices. The agents collect diagnostic data from the devices and send it to the cloud where machine-learning algorithms, coupled with big data analytics, identify malicious activity,” said Yotam Gutman, VP of marketing for SecuriThings. “SecuriThings offers this as a managed service from its Security Operations Center, which monitors clients’ devices, provides alerts in case of security incidents and advises on recommended means of remediation.”
 
Increasingly, physical security devices such as IP cameras and network video recorders are going IP, in essence becoming IoT devices which are vulnerable to hacking and intrusion, as indicated by various recent activities. Among those cited by Gutman are networked security devices that can be disrupted by POST commands with long passwords, and IP cameras that have vulnerabilities allowing users to take control of those devices.
 
More infamously, in October 2016 DDoS attacks were launched against Dyn, an Internet performance and management company based in New Hampshire. The result was a shutdown of service across various famous sites including Amazon, the Financial Times and Netflix. It was suspected that various networkable devices, including IP cameras and NVRs, were used as robotic attackers after being affected by the Mirai malware. The source code of the malware includes various default username-password pairs that, upon close examination, came from known Chinese and Taiwanese security brands.
 
Collaborative effort
 
Amidst these threats, more focus has been directed toward cybersecurity, which Gutman said should be a collaborative effort, one that requires the energy and attention of vendors, systems integrators and users alike.
 
“Vendors should use certified firmware vendors to reduce the risk of pre-installed malware being shipped to customers. They should also ensure that the devices include an encrypted authentication mechanism and enable the encryption of data transfer,” Gutman said.
 
While advanced encryption is advised, there are certain caveats, Gutman said. “Such security mechanisms should take into consideration traffic load and device capacity, as bandwidth consumption would be considerably higher when using encryption,” he said. “Encryption and authentication could ensure that only ‘safe’ devices are connected to the network but could not prevent the devices from being hacked.”
 
Gutman also made suggestions for systems integrators and users. “The best approach would be to evaluate the need for connectivity, determine which devices should be connected and how, and then design as secure an architecture as possible. Then, devices (preferably from well-known vendors) should be installed and configured properly, and an access control scheme should be set up, allowing only specific functions in the organization to connect with and view each device. Once the system is up and running, a dedicated security solution should be deployed to monitor the devices and analyse the data sent to the cloud to identify attacks. Procedures (or “playbooks”) should be prepared to ensure swift and accurate mitigation in the case of an attack,” he said. “Like IT security, it is advised to use unique, robust passwords, and refrain from using default settings/passwords, as these can easily be found by cybercriminals online.”