As the world connects more and more smart devices to the internet, the number of potential vulnerabilities will increase in linear fashion.
I don’t want to give ammunition to the doomsayers about the Internet of Things, as I believe that on the whole it’s going to be a major agent of change. But a colleague describes the IoT as the Internet of Threats!
Many smart devices were installed with no security protocols. They were originally expected to be used only in a closed, secure loop
Open by default?
Many smart devices that are ubiquitous throughout manufacturing and processing industries turn out to have been installed with no security protocols. They were originally commissioned with the expectation that they would only be used in a closed, secure loop. But recent cyber security breaches have taught us that even the most humble industrial (and office) equipment can be subverted for malicious purposes.
We should be looking to protect the data center from generic attacks, and the best way of doing this is not to leave the security door wide open or roll out the welcome mat.
Internet security advice is often aimed at IT. So, for data center and facility professionals, here are five basic things that will help protect your company and its reputation. Other than time and employee costs, many are “free”.
- Simplify: Complexity increases the number of attack surfaces. An easy way to reduce this is to turn off default functionality that is not being used, and disconnect equipment that is not in use.
- Strengthen: Adopt the view that published default usernames and passwords are 100 percent compromised and should be changed. Eliminate default credentials (passwords, SNMP community strings, etc). Replace them with strong passwords and, wherever possible, use different usernames and passwords for different people.
- Partition: Isolate the facility network from the enterprise network. If possible build a separate physical network for the data center and hide it behind a physical firewall to keep hackers away from mission-critical equipment.
- Update: Ensure that all devices have the latest firmware, and revisit this regularly to keep up with security patches. Do not make it easy to exploit known vulnerabilities.
- Lock down: Physically secure critical equipment, create an access control plan and be sure to use it. Some protocols used on equipment are 30 years old, developed at a time when we didn’t have security concerns. Putting equipment behind closed doors with access control goes a long way to making them secure.
I have assumed that active scanning tools (network scans, intrusion-detection and penetration logs, email scanners and antivirus software) will have been implemented by IT as part of sensible enterprise protection measures.
But if you work in the data center and are unsure about this, definitely go check.
Soeren Jensen is vice president of global data center software and managed services at Schneider Electric.
This article appeared in the November 2015 issue of DatacenterDynamics magazine