Cybersecurity

Next Article

Editorial

Device Hardening

End users demand secure systems, and want evidence appropriate steps have been taken. It is vital those implementing smart solutions implement the latest cybersecurity principles and practices.

The challenge with many systems and services isthey must be easy to access and use, but also need to protect against the rising tide of cybercrime. In the smart systems market, integrators need to ensure solutions are easy to manage and operate, but don’t create a potential entry-point for unauthorised access onto a network.

A growing number of leading manufacturers of edge devices offer featur es and functions to help. Many allow device hardening to be implemented with ease. It is always worth checking which functions the manufacturers have built into their devices to assist with hardening their products. If they haven’t included any additional cybersecurity functionality, that should be a red flag as to how seriously they take the subject.

However, cybersecurity is not all down to the manufactur er. There are additional steps –many of which are common sense and straightforward – which integrators can take to enhance device hardening and boost cybersecurity for their customers. Plan to harden Hardening can be addressed before the system is installed. A hardening plan begins with understanding the project requirements, as well as any regulation or company policies. If the specification does not list cybersecurity requir ements, enquire with the customer before bidding. It can be costly to accommodate such constraints after the project starts.

Some end users refuse to allow internet connectivity on local security networks. This gives them total control over the system, and effectively ring-fences the infrastructure from external attacks. Unfortunately, many devices require systems to have internet conne ctivity for licensing, manuals and software updates.

If there is no operational need for WAN connectivity, avoid it. If the user agrees to no external connectivity but a manufacturer can’t support that, look elsewhere!

There are two simple tasks which improve cybersecurity: updating device firmware and changing default authentication details.

Firmware upgrades are simple to carry out but are too often negl ected. Firmware changes will not only add features, but also include bug fixes and security updates, often driven by changes in the wider IT community.

Always change default passwords. An increasing number of manufacturers are implementing secure password policies which force changes on initial boot-up. If this is not a function of a product, ensure default authentication details are changed.

Create unique accounts for all users and remo ving default accounts after initial log-in. Accounts with admin privileges are the most dangerous if compromised.

Configure users and assigned roles according to ‘least privilege’ practices. This means users are only given permissions necessary to execute the functions required by their role and no others.

When changing passwords, if a secure connection can be set, use it. A lso, if there are options for anonymous connection or setting addresses remotely, disable these.

If discovery features are included, these should always be disabled once the device address configurations have been made.

With regard to additional networking services, if you are not using them, turn them off. This reduces the attack surface. Often cyberattacks will be based upon a ‘hit and hope’ approach. Th e less ports or services a hacker can hit, the better the chance of avoiding opportunist attacks.