Jump to content
Security Installer Community

How secure is the stuff you're connecting to the www?


PeterJames

Recommended Posts

  • 5 months later...

Replying to the topic question .... as safe as the risk assessment, installed hardware design and it's software configuration can make it, with reference to customer requirements, solution design and level of funding they want to pay - it's always a trade off.

 

I've worked on customer sites that have had no network security and their internal network is completely using public IP addressing without a firewall in sight, technically just hanging off the internet - vs - a soho customer who's paid for the latest cutting edge network security only to be virtually taken out by their own users due to a lack of internal security policies and procedures.

 

What I'm trying to convey is hardware/software vulnerabilities are important but misconfigurations and/or lack of network user security policies and procedures have the greater potentail of  damage. :banghead:

Link to comment
Share on other sites

This video covers the issue with our "need" for IoT going forward, which is mostly consumer led.

https://www.youtube.com/watch?v=PLiE0Nr8VOE

A must watch for anyone interested in apps for there home devices.

Apply the topic of cars and planes from the video to your security systems and consider the consequences, both from a installer and user perspective.

 

Link to comment
Share on other sites

Without doubt, there'll be either known or currently unknown, unreported, undivulged or unrealised vulnerabilities and viable attack vectors in the current range of IoT connectable alarm systems - all generations, as threats never really disappear they just evolve and mutate over time.


Attack vectors against individual stand-alone installations on their own are relatively low, but only through their relative obscurity on the internet and limited ability to identify individual locations based on purely the ISP's host DNS identifiers. Meaning if you found it's presence on the internet it would be much more difficult to identify the actual physical site location without access to ISP documentation/systems. But still the potential to make the system at least unavailable from legitimate remote access would be a trivial matter that would require minimal knowledge.


Where as any alarm systems that use a manufacturer's central servers/services to aid remote connectivity by mobile phone apps for example (eg to remove the requirements for the installer/user setting up of host to dynamitic dns services) are prone at the very least to denial of service attacks if the manufacturer's central system is compromised. This could result in an alarm system becoming unaccessible to remote management/reporting all the way through to possible disruption at the individual alarm system locations i.e the building alarm could be activated if the individual systems are then compromised. As long as you still have onsite manual hardware protection i.e mechanical door locks - it'll just possibly be an inconvenience - but when electronic door locks become more available/common and these themselves become interlinked to online services or internet connected alarm systems the game is definitely on for a would-be attacker whoop! whoop! :IDEA:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.