With the blurring of network boundaries, network security is no longer limited to the PC. Security terminals such as mobile terminals, servers, and clouds are increasingly becoming the focus of individuals, organizations, and enterprises. Using high-quality security products to protect them can make us in a position. Relatively secure network environment. Software engineers are working hard to complete the main block of code, but his boss has to cut off a significant portion of the content, including some open source programs downloaded from the web. Replacing these programs will increase project development time. He ran to the boss's office and pleaded: "I need to use these software in the system!"
"You can't use it. It's open source and unreliable," the boss said.
The engineer nodded and the boss’s answer was unexpected. "Yes, it's open source, from the web, but we have experience. I've talked to software engineers who will review the source and target code line by line."
The boss looked up and looked at the multi-year service award in the corner. He firmly said: "You can never be sure that there is no flaw in the program."
The short scene above sounds a bit like a suspense movie, but given the security incidents that have occurred in recent years, these situations may be very real in the area of ​​cybersecurity. Most people think that software is about doing things that "do things as expected most of the time", so sometimes the potential dangers are ignored.
Software engineers who are writing code for equipment and industrial systems do not want to do repetitive work. If someone has already written the code available for a task, they don't want to write it again. They would rather download free software and open source code from the Internet to save time. Or they can extract existing code from early-documented products. Combine all of this and install it into a new installation. As long as it can perform its tasks as expected, no one wants to know or care where it comes from.
It’s been done for a long time, but now it’s changing. As many hackers and cybercriminals are feeling alive, the cybersecurity realm is becoming more and more confusing. The level of skill that the hacker responds to and what he does is very different. Some are awkward and very easy to find. Others are more subtle and can only be detected by the most famous cybersecurity experts.
Although the original intention of the engineer to streamline the project is good, the boss said yes: unsafe code may lurk in the software. Sometimes it can be found and removed, but recent cybersecurity leaks show that this threat can be well camouflaged.
Backdoor attackIn December 2015, Ars Technica published an astonishing report: On December 17, Juniper Networks issued an emergency security bulletin: in some companies' NetScreen firewalls and Security Services Gateway (SSG) operating systems (OS) , found "unauthorized code." The report said that the merchant issued an emergency patch package for the vulnerability to patch the affected device operating system, and network security experts confirmed that the unauthorized code is a backdoor.
The network security expert confirmed that the administrator password used to evade normal authentication is "<<< %s(un='%s') = %u." Security researchers investigating the garbled code believe that it may be a software source. Debug or test code that appears in the code file. Based on this, two conclusions can be drawn:
1. Deliberately set up an unauthorized back door.
2. Designed specifically to evade detection.
We seem to be entering an era where hackers carefully design vulnerabilities in software and hide them carefully. Attackers who know these hidden code features can exploit these vulnerabilities whenever they want. End users, system integrators, and device manufacturers need to be properly prepared to meet new security challenges.
What to do: end userReview device patch status. Clearly, the first thing any organization has to do is to begin evaluating the entire organization-wide network to identify vulnerabilities or potentially vulnerable network devices. Not only Juniper Networks hardware, but also other network equipment vendors should do this review. First assume that the equipment provided by all vendors is not secure.
Try to patch all network devices. After the assessment, all applicable equipment, even pre-approved non-Jobbit equipment, should be patched. There are two steps: one is to determine which devices are used in a particular critical area (such as industrial control systems), and the other is to identify those devices that need to be updated due to their long time of use.
Create a risk matrix. The information obtained in the first two steps can help determine the attack surface. The matrix should have two axes: the first is the patching function, which can't be patched due to the long time, and it is very easy to patch due to the cooperation of the suppliers. The second is functional importance, from high-critical (industrial networks that require 24/7 operation) to low-critical (small gateways for office branches). Equipment that cannot be patched in a critical operating environment should be replaced. Following this analysis will help your organization take the lead in the inevitable events of other network devices being hacked.
Make plans to change your attack surface vulnerabilities. The matrix should guide the development of the patching plan. With this information, security personnel can provide a percentage-based indicator of the risks posed by the emergence of new network loopholes. In the worst case scenario, the matrix can also provide a good action plan: new network vulnerabilities are discovered in time.
Increase network and configuration monitoring. If an organization is using Snort, FoxIT already has an intrusion detection signature to detect this attack. The configuration of all network devices should be placed under control within the organization. Regular security audits not only verify the configuration of network devices, but also evaluate the actual network configuration by testing traffic patterns.
What to do: System IntegratorCheck lab device patch status and implementation guidelines. System integrators who provide network equipment should patch any lab system and then update the implementation guide to reflect changes in network device configuration. For example, for Juniper devices, there are code signing steps when performing firmware updates. When other network equipment vendors are found to have similar problems, the implementer should be prepared accordingly.
Based on the reachability and criticality of the chart, the chart describes when it is necessary to patch the secure network. Image source: Yokogawa
Try to patch all network devices. System integrators should work with their customers and end users to patch all devices as quickly as possible. It should also be frank with customers to explain the dangers of a new generation of attacks, emphasizing the importance of long-term preparation for more patches and monitoring. Treating it as another Stuxnet type event is not very exaggerated.
System integrators can provide solutions and services to increase device monitoring. System integrators should be properly guided to inform customers of new threats and provide solutions and services to increase monitoring of security and network equipment. This also helps to encourage customers to consider services designed to determine the level of network configuration control and network patch management.
What to do: device manufacturerReview the status of development and lab device patches. Equipment manufacturers (including manufacturers of industrial control equipment) should immediately repair any development and laboratory systems. Security policies and procedures should be updated to reflect changes to network device configurations and to enhance control of devices and software migrated to the development environment.
Re-examine the development lab and office network architecture. Device manufacturers need to be more cautious in developing ways to connect their networks to other networks. Juniper may spend a lot of resources to identify the back door that appears on its device software. You can also believe that Juniper will invest in more development configuration control software and reflect on the security of its development network in order to add more auditing and monitoring.
GALOCE Canister Load cells are an integral part of a weighbridge, and must act as durable mounting hardware to facilitate the harshest of outdoor environments. Weightron offer two models of stainless steel weighbridge Load Cell,which are based on the same mechanical envelope with key design features ensure optimum performance, precision and long-term durability.
Canister Load Cell,Tank Weighing Load Cells,Tank Load Cells,Tank Scales Load Cells
GALOCE (XI'AN) M&C TECHNOLOGY CO., LTD. , https://www.galoce-meas.com