Nov 232011
protecting our business and computer networks in the age of the internet

The Iranian nuclear program is crippled by a virus that infects their control systems while a hacker claims a Texas waterworks can be accessed with a three word password.

Any technology can be vulnerable to the bad guys – obscure systems like office CCTV networks and home automation services can be as vulnerable as the big, high profile infrastructure targets.

While there’s good reasons to connect our systems to the web, we need to ensure our networks are secure and there’s a range of things we can do to protect ourselves.

Does this need to be connected?

Not everything needs a Internet or network connection, if there’s no reason for a device or network to be connected then simply don’t plug it in.

Keep in mind though that threats don’t just come through the web, both the Iranian malware attack and the Wikileaks data breach weren’t due to hackers or Internet attacks.

Get a firewall

No server or industrial system should be connected directly to the public Internet, an additional layer of security will protect systems from unwanted visitors.

All Internet traffic should go through a firewall that is configured to only allow certain traffic through, if the router or firewall can be configured to support a Virtual Private Network (VPN), then that’s an added layer of security.

Disable unnecessary features

The less things you have running, the fewer opportunities there are for clever or determined hackers to find weaknesses.

Shut down unnecessary services running on systems – Windows servers are notorious for running superfluous features – and close Internet ports that aren’t required for normal running of your network.

Patch your systems

Computer systems are constantly being updated as new security problems and flaws are found.

Unpatched computers are a gift to malicious hackers and all systems should be current with the latest security and feature updates.

This is a lesson the Iranians learned with the Stuxnet worm that was almost certainly introduced through an unpatched system – probably one running an early version of Windows XP or even 98 – which was vulnerable to known security problems.

Have strong passwords

Passwords are a key part of a security policy, they have to be strong and robust while being different to those you use for social media and cloud computing services.

It’s also important not to share passwords and restrict key log in details and administrator privileges to those who require them for their work.

With online services like social media, cloud computing and other web tools becoming a part of business and home life, we have to take the security of our systems seriously. Hardening them against threats is a good place to start.

  2 Responses to “Avoiding industrial nightmares”

  1. whoa there! how about getting a technician to disable services on servers or desktops? end users can do far more damage by trying to fix components of the business IT without an idea of what they are doing.

    Alternatively, contact a services company and get them to check updates, check connections and disable specific services. That way, it won’t kill servers and desktops and put them in risk of business damage.

    • I totally agree Peter, the intent of the article is for managers and business owners to understand the risks and know what to ask for.

      Many small businesses don’t have the skilled staff to do what I describe and they should get qualified and competent technical help in locking their systems down.

      An area that really concerns me is how many vendors of systems like CCTV, security and point of sale networks leave critical ports open, unnecessary services running and fail to patch servers.

Leave a Reply

%d bloggers like this: