Jump to content
Security Installer Community

Search the Community

Showing results for tags 'Firewall'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Main Public Area
    • Site News, Events, and Feedback
    • Introduce Yourself
    • Name And Shame Area
    • Product / Service News
    • Members Lounge (Public)
    • Guest Forum
    • FORUM TRADE MEMBERSHIP
    • Regulations & Standards
    • Misc Area
    • UK Security Installers by regional Police Force
    • Collectors And Vintage Security & Fire Parts
  • Global Section
    • Security Job Requests and Vacancies
    • Equipment Reviews
    • General Security & Fire Queries
    • !!..DIY Installers..!!
    • Electrics
    • Inspectorate Queries
    • UK Security Sub-Contractors
    • User Manuals
    • Security Horror Stories
    • Setting-up Business Queries
    • Trade ADT Only Engineer Forums
  • CCTV & Access Control Area
    • CCTV & Access Control
    • Trade Access Control
    • Trade CCTV Forums
  • Fire Area
    • General Fire Alarm Queries
    • Trade Fire Forum
    • Restricted Trade Fire Forum
  • Intruder Alarm Section
    • Control Panels (Public)
    • Detector Queries (Public)
    • Home / Building Automation (public)
    • Trade Only Area
  • Telecoms & I.T. Forum
    • General Telecom Queries
    • Networks
    • Computing etc
    • Mobile Devices
  • Trade Security Resources
    • Security Intruder Manufacturers
  • BSIA Commitees
    • SSS TC1
    • SSSTC
    • Regulation Drafts
  • Communal Trade`s Forums
    • Members Lounge
    • Trade Member Listings
    • Security News
    • Installers & Engineers Forum
    • Getting Approved..?
    • Rules and Regulations
    • Health & Safety
    • Basic Electronics
    • Trade Job Vacancies & Queries.
    • Equipment Wanted....
    • Engineer Manuals
    • The SWAP's Shop
  • Trade - Intruder Forums
  • Trade ACCESS & CCTV
  • Trade Fire Alarm Forums

Categories

  • Applications
  • Documents
  • Documents (Trade Members Only)
  • Engineer / Installation Manuals, Training & Application
    • Access Control
    • CCTV
    • Fire
    • Intruder Alarms
    • Training
  • User Manuals
    • Access Control
    • Fire
    • Intruder Alarms
  • Sales Brochures
    • CSL Dualcom
    • Honeywell
    • Texecom
    • Web Way One

Blogs

  • Service Engineer's Blog
  • Service Engineer's Blog
  • arfur mo's Blog
  • therealmophead's Blog
  • jb-eye's Blog
  • jb-eye's Blog NICEIC making up charges for certs
  • jameswilson's Blog
  • Smoke Screen's Blog
  • Jim's Blog
  • The Messenger
  • Electronic Security & Technology
  • digitalwitness' Blog
  • Operational Security & Management
  • The Scantronic & Menvier Tat Blog

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Location

Found 1 result

  1. Summary Many specific industries in the UK are currently being targeted for online attacks in order to access the information which they hold. This information is rapidly becoming a new commodity in these changing times. The financial sector saw a 3000% increase in the volume of attacks directed specifically at them in the first quarter of 2012. [1] [2] The electronic security industry is a definite target due to the ‘low risk, high yield’ target nature of ARCs & Installers for potential attackers coupled with the lack of up to date awareness in many parts of the industry. The risk from DDoS type attacks in particular is a well founded one but also comes on the back of other concerns in respect of “information security”. Our industry is at particular risk from this threat for a number of reasons: In the first case we hold (as an industry) vast amounts of sensitive data on our clients. We are ourselves a means by which access can be granted to further information from our clients. As an example consider an attacker armed with a security firms authorisation credentials or a site password then contacting a client of the ARC whilst performing a social engineering attack. Mobile telephone numbers can lead to location data or voicemail access of end users. The other aspect to consider is that as an industry we face an increased exposure from this type of attack that can be very detrimental to business. “Electronic security” is not the same thing as information security but to end users and clients this distinction is not so clear. We operate in an environment of trust and robust security protocols. Clients would potentially steer clear of the victim of a data breach as they would be seen as ‘untrustworthy’; this can have a massive impact within the industry. [3] A small investment in time and resources now could save businesses a great deal of cost and time at a later date. Following some basic principles [4] of system management will help. In the long term a complete managed structure is the only effective solution to mitigate the increasing risk and exposure. To manage system updates, audit all of the many server and client machines, keep up to date with trends and exploits and to effectively harden the many networks, software platforms and systems is a lengthy and laborious task which businesses small and large may struggle to keep up with. [5] [6] Threats & Exposure To understand the risks and better manage them we ought to first understand who would be aiming to access data. I believe we can categorise the majority of potential attacks as coming from one of five primary sources presenting the highest risk factors for our industry: Hacktivists Whilst traditionally few ARCs or Installers are seen to have any specific political or corporate ties (which reduces exposure to this threat) the servers and bandwidth available to ARCs can be seen as a potentially lucrative target to use for attack redirection or to include within a zombie network for attacking other targets Staff / Industry competitors Whilst a lower risk it needs to be considered and accounted for. Attacks such as competitors taking up similar domain names in the hope of emails being mistakenly delivered to them needs to be monitored for and addressed. Sensitive commercial information is in itself of value to a potential attacker from this sector. Criminals Well, at least with this source it is one we are all very familiar with. It is interesting that information security and electronic security are both very similar when criminals form the source of the attack. Target hardening is effective and will cause criminals to instead opt for an easier alternative target. The reason and target of attack is financially motivated. The best defence here can be to make it labour intensive, time consuming and expensive for anyone to perform a successful attack and it will reduce the impact from this source. It must be remembered though that the criminal enterprises can have *significant* resources available to them and they are becoming wise to utilising cheap mass labour to perform the legwork which can complicate matters. Script Kiddies This is becoming a dwindling form of attack source, however, it cannot be discounted entirely. While this particular source of attack generally uses widespread and basic tools which can be protected against, there is also the opportunity for talented and determined individuals to find previously unknown 0sec (zero seconds / newly discovered) exploits, which would not be so easily detected. State sponsored This is the largest threat to our industry. The sheer numbers involved and the impunity in which attackers operate highlight the fact that the internet is now very much like the old west with very few laws and regulations and several different highly active groups (the UK is no exception). Please take a moment to consider the type of information that could be useful to a potential attacking state. Vast amounts of data is stored which can all be funnelled into pool of information for later analysis. Nation states have many Petabytes / Exabytes of data storage for just this purpose and in many cases employ very effective attack teams. They have staff dedicated to harvesting and categorising target clients (IPV4 means fairly limited numbers which they can go though quite literally one by one). In the case where a target client is not immediately exposed to any current risk their equipment and services can still be categorised. When a new ‘0sec’ exploit is then released / discovered or purchased then these categorised targets can all be revisited quickly and with ease. This is also a form of attack that will not entirely disappear in the future without significant changes, indeed there are claims that this is now the modern battlefield between nations, we need to be careful to ensure that as an industry we do not become the injured innocent bystanders. Attack Vectors For the modern ARC or Installer there are several attack vectors and points of exposure: External webservers / client interfaces Company websites Mail servers Corporate intranets USB / Removable media Precompiled VMs IP Signalling device connectivity Receiver software / firmware You must ask questions of yourselves in relation to each of the above vectors remaining honest with yourself whilst doing so. Are each of your systems adequately protected? Is the authentication procedure appropriate to the risk exposure? How do you know if you have already been infiltrated? What measures can you take to prevent exposure to each of the above? Are your staff members trained to respond to and recognise these risks? Are you opening up more data than is required to perform the task at hand? If so why? Are your contingency arrangements formed with these risks in mind? Does your backup procedure give you scope for recovering to a point prior to an attack occurring which may be discovered at a later date? The reality in our industry is that the technical expertise employed within and by third parties on behalf of ARCs and Electronic Security Installers is often quite specialised. Whilst there are very many incredibly talented individuals working in the industry, it does not follow that they are necessarily aware of all aspects which are required in order to effectively protect company assets. The Solution? There is no "one size fits all" solution that would work for all types of businesses. There are however, some good practises and recommendations that can be made. Where possible implement managed network provision from a suitable supplier. Ensure that you have the support of any ISP utilised in order to help counter DDoS types of attacks. There has been a gradual evolution of some signalling products and back office systems to utilise remote access and various forms of IP technology. Ensure that the systems you are utilising have approached the implementation of this technology with a sound understanding of the risks involved. Other products have been designed from the very start around the core principles of data security and robustness, this should be a primary consideration. With all the points raised above, the key thing is awareness. Understand the capabilities and weaknesses of each product and perform your own risk assessments. You may conclude that it is no longer appropriate to utilise some equipment or demand more robust solutions from the supplier. In either case at least you are prepared and aware. Ensure that you are able to accurately track the flow of data in and out of your business and be able to see the status of all critical equipment and networks instantly at any time (keep your fingers on the pulse). We are all in the habit of assuming the worst case scenario in order to minimise risk. This puts our industry in a good position to be able to overcome such issues as and when they arise as long as we continue to be prepared. Consider your existing networks and infrastructure carefully. What is your exposure to risk? Can action be taken to reduce or ideally, entirely negate the risk? It will become crucial in future for Installers and ARCs to communicate effectively to highlight and manage risks. We have already begun to see the efectiveness of this approach when nationwide issues occur and in future we should all take advantage of these networks to help mitigate and protect from risk.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.