Hardening Physical Security Networks
Every day, organizations, large and small, public and private, are faced with attempts to compromise critical IT infrastructure. Additionally with today’s highly connected security environments, cyber criminals are making inroads through IP security devices and building maintenance systems. Safeguarding people, facilities, networks, systems, company assets, and sensitive data has become an overwhelming and daunting task. Compliance regulations designed to detect negligence and identify whether or not proper security controls are in place, add complexity to an already challenging endeavor. What’s more, companies can face civil and criminal charges for failing to protect.
With all of these challenges, comes a puzzling question we hear time and again. How can Security Teams, as well as IT and Public Safety Officials keep a pulse on their environments while assuring protection from cyber criminals? In our experience, we have found four key factors that when implemented significantly improve an organization’s security posture.
To a great extent, hardening physical security environments is a vital first step towards protection. Once a well-designed system is in place and tested, monitoring security inventory becomes an integral part of the process. Next, true collaboration and open communication between IT, Security, and Public Safety Officials is essential. Finally, cyber security platforms designed to tackle social engineering challenges must be deployed and managed.
At Vunetrix, we believe education is the key to helping all organizations improve their security posture. Towards that end, we have designed a four-part blog series to discuss each key factor in depth. In part one of this four-part series, we’ll discuss today’s highly connected environments and how hardening security environments is a vital first step in protection against cyber-attacks.
Today’s Highly Connected Environments
Today, we are able to do things we never thought possible. Building cost-effective, best-in-class, physical security solutions that inter-operate with existing systems is an option. Open-protocols allow security solutions such as video surveillance, access control, incident response, and notification the ability to be integrated and utilized to provide unprecedented protection.
The biggest downside to highly connected environments is complexity. There are more connected devices which contribute to additional vulnerabilities and points of attack. Now more than ever, organizations need to bring focus to hardening their physical security environments and reducing vulnerabilities.
Hardening Physical Security Environments
In most cases, physical security solutions have been networked and deployed without cyber security controls in place. Furthermore, organizations are not likely to rip and replace their entire security inventory. To that regard, it’s critical to understand the vulnerabilities inside a security network and identify which measures can be put into place to gap holes and prevent security breaches. The most important aspect to hardening a network is identifying the gaps and reducing the number of pathways for unauthorized access. Here are the top 10 recommended practices every organization ought to implement per Department of Homeland Security.
Top 10 Best Practices for Cyber Security Controls
(edited for physical security and readability)
1) Maintain an Accurate Inventory of Security Devices, Application, and Building Systems and Eliminate Any Exposure of this Equipment to External Networks
Never allow any security device or application on the security network to connect directly to a machine on the business network or on the Internet. Although some security devices and applications may not directly face the Internet, a connection still exists if those systems are connected to a part of the network, especially the corporate network. Organizations may not understand that this connection exists, and a persistent cyber-criminal can find these pathways and use them to access and exploit security systems. Organizations are encouraged to conduct thorough assessments to determine where vulnerabilities exist. Any channels between devices on the security network and equipment on other networks should be eliminated to reduce network vulnerabilities.
2) Implement Network Segmentation and Apply Firewalls
Network segmentation involves classifying and categorizing IT assets, data, and personnel into specific groups, and then restricting access to these groups. Access to network areas can be restricted by isolating them entirely from one another, which is optimal in the case of building management and security systems
A firewall is a software program or hardware device that filters inbound and outbound traffic between different parts of a network or between a network and the Internet. For connections that face the Internet, a firewall can be set up to filter incoming and outgoing information. By reducing the number of pathways into and within your networks and by implementing security protocols on the pathways that do exist, it is much more difficult for a threat to enter your system and gain access to other areas.
3) Use Secure Remote Access Methods
The ability to remotely connect to a network is extremely convenient, but a secure access method, such as a Virtual Private Network (VPN), should be used if remote access is required. A VPN allows users to be able to remotely access internal resources like cameras, servers, applications, etc as if directly connected to the network. This remote access can further be hardened by identifying specific IP (Internet Protocol) addresses that can access it and/or specific U.S. only addresses.
4) Establish Role-Based Access Controls and Implement System Logging
Role-based access control grants or denies access to network resources based on job functions.
This limits the ability of individual users – or attackers – to reach devices or parts of the system they shouldn’t access. It is important to define the permissions based on the level of access each job function needs to perform its duties. It is also important to remove network access of former employees and contractors.
Implementing a logging capability allows for the monitoring of system activity. This gives organizations the ability to analyze the logs to find the sources of issues in the system. Monitoring network traffic also administrators to determine if a user is making unauthorized actions or if an outsider is in the system.
5) Use Only Strong Passwords, Change Default Passwords, and Consider Other Access Controls
Use strong passwords to keep your devices, applications, and systems secure and change them every 30 to 60 days. It’s also important to have different passwords for every source and account. Hackers can now use readily available software tools to automatically try millions of character combinations to attempt an unauthorized login. Passwords should have at least eight characters and include uppercase and lowercase letters, numerals, and special characters. For best results, use password phrases with spaces when possible.
Keep in mind password lists of all previous hacked passwords from data breaches exist. These lists can be used successfully to crack passwords.
See Haystack Theory.
Change all default passwords upon installation of new software or device. Be sure to change passwords on administrator accounts and all of your security inventory immediately and then every 30 to 60 days thereafter. Implement other password security features, such as an account lock-out that activates when too many incorrect passwords have been entered. Organizations should consider requiring multi-factor authentication, i.e. sending codes to pre-registered devices whenever they attempt to sign-in.
6) Maintain Awareness of Vulnerabilities and Implement Necessary Patches and Updates
Most manufacturers provide patches for identified vulnerabilities regularly. However, even after patches and updates have been released, security inventory can remain vulnerable because organizations are either unaware or choose to not implement them. Unpatched vulnerabilities are “low-hanging fruit” for cyber criminals. They can easily take advantage of these security holes and breach your security inventory. In order to protect your organization from these opportunistic attacks, a system of monitoring for and applying system patches and updates should be implemented.
7) Develop and Enforce Policies on Mobile Devices
The introduction of laptops, tablets, smartphones, and other mobile devices in the workplace presents significant security challenges. The mobile nature of these devices means they are potentially exposed to external, compromised applications and networks. It’s important to develop policies on the reasonable limits of mobile devices in your office and on your networks. These measures should be strictly enforced for all employees, as well as for contractors. Devices should also be password protected to ensure only authorized users can log-in.
8) Implement an Employee Cybersecurity Training Program
Cybersecurity is extremely important for any organization. What’s more cybersecurity requires teamwork with all members of an organization playing a part. Team members must help identify potential threats and vulnerabilities and bring them to the attention of others. Employees should receive initial and periodic cybersecurity training, helping to maintain the security of the organization as a whole.
9) Involve Executives in Cybersecurity
Even though cyber threats and cyber-attacks are on the rise, can have, organizational leaders are still often unaware of cybersecurity threats and needs. Without buy in by executives, securing funding for cybersecurity is nearly impossible. While organizations are increasingly elevating cybersecurity to the executive level by adding the role of Chief Information Security Officer, this position has yet to achieve a sufficient level of respect and acceptance. Additionally, involving executives in cybersecurity now will help them to address cybersecurity in their interactions with external stakeholders, such as if they are questioned following an incident.
10) Implement Measures for Detecting Compromises and Develop a Cybersecurity Incident Response Plan
Organizations should be actively involved in implementing measures for detecting compromises. Most cyber security experts will tell you that that experiencing a compromise is not really a question of “if,” but more of a question of “when.” When a compromise occurs, the organizations that fare the best will be those that quickly detect the issue and have a plan in place to respond.
Incident response plans are a critical component of emergency preparedness and resilience. An effective cybersecurity response plan will limit damage, increase the confidence of partners and customers, and reduce recovery time and costs. The plan should be a collaboration between all departments that would be stakeholders in a cybersecurity incident. This will ensure a cooperative and unified response that leverages all of an organization’s resources.
These are consistent with world-wide recognized cyber-hardening best practices and available in detail on the Department of Homeland Security Website.
https://www.us-cert.gov/ccubedvp/smb
https://www.us-cert.gov/ccubedvp/business