Cybersecurity K.I.S.S. And so that’s where I’m headed for low-cost, low-tech solutions for the automation network at the radio station. Like most places, we require internet connectivity to pull down paid content, news, weather and such. There’s no avoiding exposure. But I think a custom “jump box” will solve the problem. It’ll be built as an FTP device, reaching out via scripting to harvest needed files, placing them in a quarantine, running them through anti-whatever, then dropping them into an “outbox” for pickup by the automation system’s loading tools. Finally, once the key features are up and working, I’ll burn the entire boot partition to a DVD and boot from that. Reboot every 24 hours. For script storage and the anti-whatever database, a thumb drive with an external write protect switch seems obvious; maybe something like this. You get the idea. Think like a hacker. Create impenetrable physical barriers for him. Presume you’ll be infected and flush their effort before it is productive. Given the target-rich environment, I believe it’ll work like those alarm company stickers on your window. The bad guys will just move on. Finally, I am no longer a fan of unified, company-wide systems for authentication like Active Directory. The recent zerologon attack put a lot of AD users in the ditch. Essentially, one try in 256 would authenticate a
password of all zeros. A glitch in the code, it seems. These systems are robust until they aren’t and, unfortunately, can be bought and set up by anybody. De-compilers allow a view into the binaries, and any vulnerabilities will be found by bad guys. Sadly, response from software vendors to even hacks they’ve been made aware of can be slow. Understandable, I suppose, since hundreds of supposed vulnerabilities are reported for every one that is actually viable. Everybody wants to be a hero. But sorting the real problem from all the chaff reported is time consuming. Often, posting actual exploit code as a proof of concept is the only way to get a vendor’s attention. That’s what it took for the zerologon hack. And the bad guys have plenty of money to buy a version of every software product and every appliance out there, then reverse engineer it all. So it’s a losing battle. On the other hand, a machine that is unplugged is a pretty tough hacking target. And a machine that boots fresh daily from read only media is going to be pretty challenging for a hacker, too. Finally, when machines need updates, let ’em access the public internet for only the time required, then cut them off. Turns out old ideas can apply to new environments. Want to prevent a mishap? Turn off the power, disengage, disconnect.
21
Powerful Remote Control at your Fingertips
ARC Solo from Burk Technology gives you everything you need to manage your remote site including a built-in web server, JetTM Active Flowcharts and dial-up speech. It’s all in one unit so there’s nothing else to buy.
SPRING SPECIAL
And now the Spring Special with free AutoPilot® brings it home with graphical control screens, comprehensive alarm management and automated reporting.
Don’t miss out on this limited time offer. Call your favorite Burk dealer today.
Now you can buy an ARC Solo at the special price of only $2,995.00 and get AutoPilot free!
Offer valid through June 30, 2021.
www.burk.com | sales@burk.com | 978-486-0086 x700
MADE IN THE USA