Over the last ten years, major changes have occurred in IT. With the Internet driving the pace, one of the most significant developments has been the rise of IP to become the dominant protocol.
Another key element has been the decentralisation of systems, with the perimeters of organisations rapidly disappearing. Anywhere, anytime, anyhow access is now becoming increasingly achievable.
This ´deperimeterisation´ of the network has significantly changed the security landscape. Organisations now need to move from a reliance on powerful gateway security to a recognition that applications, departments and network segments need their own security. While this challenge has been recognised and addressed by many businesses, one key area has been largely overlooked – that of machine-to-machine connections (M2M).
M2M connections are endemic and can range from all the complex communications within a modern aeroplane, through to internal Microsoft servers talking to each other.
In manufacturing, all processes are increasingly linked automatically. Lathes, for example, are driven by production scheduling systems and robots are managed by manufacturing systems. In the pharmaceutical industry, production processes are very closely monitored to ensure legal compliance
with FDA and other regulations. In finance, automated linked processes are subject to close regulation; and ATMs communicate directly with their core corporate systems. In the average organisation, servers talk to other servers all the time without manual intervention.
While these linkages provide major cost benefits, most of these internal appliances are not given the same level of security as outward facing systems. They typically rely on gateway systems for firewall and anti-virus protection. This was more than adequate in the past but not any longer, as has become increasingly clear to the many organisations who have had to build patch scheduling (or rush patching) into their timetables.
Unsecured IP connected devices are potentially vulnerable to a range of problems such as network viruses, trojans and hacking. If you have access to a network, it´s easy to find network connected IP addresses and, in the case of servers, to exploit current patch failures. A whole range of devices are at risk. Security cameras, for example, can be a problem. A recent report on ´The Register´ web site described how a couple of simple web searches threw up over a thousand unprotected surveillance cameras. These cameras were not only viewable, but also remotely manageable by any external party with a mind to do so.
Other areas at risk include VoIP servers and VoIP devices. Digital telephone switches can also be a problem. The list of ´machines´ with a potential security risk is long and includes wireless devices, video conferencing systems, data centre monitoring equipment, internal security cameras, webcams, POS devices and ATM devices. Even routers and switches are potentially vulnerable.
If the security of machinery connected to an IP network is compromised, the cost can be very expensive. Real life examples include a company where production was lost for days when robots on an IP network became infected. A pharmaceutical company had to take its systems down for two weeks, to recalibrate them to comply with Food and Drugs Administration (FDA) regulations, after needing to install urgent patches. Another organisation had company data compromised and lost because an internal server was hacked.
The financial consequences of these problems can be severe and quickly run into hundreds of thousands of pounds. There´s the cost of the lost production, the cost of analysing the problem and rectifying it, as well as the cost of securing the unprotected devices in an emergency situation. Telephone switch and router problems, though probably less expensive, can still run into tens of thousands of pounds.
Why is this vulnerability so widespread? There are a number of reasons. With gateway security being king, these devices have been hidden inside the network; and with all the major infrastructure changes taking place over recent years, securing internal devices has mostly been a low priority.
As always, cost has been a major factor. Firewalls used to cost a lot more than they do now, as well as needing considerable resources to deploy them, so the risk/return equation didn´t make any sense. Management issues have been another factor. Adding tens or hundreds of additional security devices to the IT department´s management load would have been an expensive nonsense. Finally, patching vulnerabilities has often been dealt with on a tactical basis, so the workload and expense have not always been planned or costed.
The situation has changed, however, and solutions have emerged to tackle these M2M challenges. Low-cost, easily-deployed miniature firewall/anti virus products such as Innominate´s mGuard are now available and can be installed on a server or in front of a device in minutes. They can protect key IP devices for a few hundred pounds, as well as being capable of delivering the level of reporting needed for compliance with various regulations.
These new products can also provide the sort of central configuration and sophisticated management capabilities needed to make administering them (whether in small or larger numbers) relatively stress free. Organisations are increasingly deploying this type of solution, which is capable of changing the way they cope with the increasing M2M threat to their security.