Tag Archive for: building

Building a Zero Trust Strategy: Securing Organizations In A Cloud & Mobile World

/in


Discover the impact a fragmented workforce is having on security principles. Gain a true zero trust strategy that places people as the single control point. Join us live for a 45-minute session as we share some ideas around how you can ensure you keep your risk profile low, whilst encouraging employees and customers alike to adopt innovative technologies.

Register

People – and their identities – are now the single control point across users, devices, and networks. This makes Identity the foundation of a Zero Trust strategy, ensuring only the right people have access to the right resources at the right time. The ‘Zero Trust’ security emphasizes that enterprises should have a “trusted” internal network and an “untrusted” external network.

The increasing adoption of mobile and cloud coupled with the recent pandemic showcases that we can no longer have a network perimeter-centric view of security. Instead, we need to securely enable access for the various stakeholders; including employees, partners, contractors, etc., regardless of their location, device, or network.

There is no silver bullet in achieving a ‘Zero Trust’ security architecture. Still, identity and access management is the core technology that sets the stage for the ‘zero trust’ journey. The ‘people’ become the new perimeter in this journey, with identity-forming the critical component to establishing a secure environment.

Join us live for a 45-minute session to hear from Deputy, an Okta customer who will share their journey on how to extend the power of the cloud to simplify and secure the way your employees, customers, and partners connect to technology.

Key discussion points:

  • The impact a fragmented workforce is having on security principles
  • Zero trust strategy: Understanding that people are now the single control point

Speaker

Sponsor

Source…

Building Entrance Security Can Be At Risk From The Locks On Intercom System Cabinets

/in


Many buildings, including apartment and condo complexes, are still relying upon the old 125 KHz RFID key fobs as part of their access control systems. As I wrote in an article in 2018, these are easily and quickly duplicated at kiosks in grocery and DIY stores which means there is no viable key control.

MORE FROM FORBESThe High-Tech Way To Get Copies Of Your Keys, But Is It Smarter?By Marc Weber Tobias

These low security fobs were in use at my condo complex so I convinced our Management to upgrade to the newer encrypted HID tags to prevent cloning or hacking. Entry to our facility is also controlled by a telephone intercom made by Keri Systems. This is typical technology for apartment buildings as part of most access control systems. When a visitor presses the call button, the tenant can “buzz them in” by triggering the electric strike on the front door. Keri is a significant supplier of intercoms.

Many of these systems, including ours, have a U.S. Postal Service lock that allows a mailman to control the door by activating an internal micro-switch within the panel. This “bypass lock” circumvents all of the building entry security. It is a fundamental issue that needs to be addressed nationwide because every facility can be affected. The combination of a post office lock, door override switch, and the ability to easily open many of these intercom cabinets provides an immediate security red flag. It creates the equivalent of a universal master key to every location that has an intercom system protected by a lock that may cost less than ten dollars.

In contrast, most commercial buildings utilize a KnoxBox or similar secure separate key vault to store keys or key fobs to open outside doors. They are protected by a higher-security Underwriters Laboratory-rated (UL 437) lock. These boxes are mounted into outside walls and can be extremely difficult to compromise. Unfortunately this is typically not the case with the intercom consoles because most manufacturers have chosen to supply inexpensive locks to secure their enclosures.

I analyzed the security of the cabinet lock, internal access to the…

Source…

Hacker Pleads Guilty to Building Internet-of-Things Army for Cyberattacks

/in


A young hacker has admitted to attempting to take down Sony’s Playstation Network gaming platform by hijacking “internet of things” (IoT) devices after reaching a plea deal with federal prosecutors.

Judge Landya B. McCafferty, chief judge for the U.S. District Court for the District of New Hampshire, accepted the hacker’s guilty plea on computer fraud and abuse charges during a closed door hearing, according to a Wednesday news release from the Department of Justice. Because the individual was a juvenile at the time of the offense, their identity is being withheld in accordance with the Juvenile Delinquency Act.

Officials say that the hacker conspired with others to create a “botnet” by taking control of unspecified IoT devices—items that can include video cameras, recorders, devices found in “smart homes” like appliances or anything else with an online connection.

The botnet was used to target the Playstation network on October 21, 2016, with the goal of knocking it offline for an extended period of time with a DDoS, or “distributed denial of service” attack, which hackers often use to crash website access for legitimate users by overwhelming a site with massive amounts of traffic sent from multiple sources.

'Internet of Things' Hacker Pleads Guilty
This image illustrates mobile controls for a “smart home,” which can include some of the online devices that form the “internet of things.”
AndreyPopov/Getty

The impact of the attack was not limited to Playstation because it focused on a domain name resolver, a computer used to process internet addresses, that was used by multiple entities. In addition to Sony, sites owned by Twitter, Amazon, PayPal, Netflix, Tumblr and Southern New Hampshire University were also blocked or only intermittently accessible for several hours.

The attack resulted in financial damages to all those affected, with Sony estimating a loss of $2.7 million in net revenue. In addition to the Playstation attack, officials say that the hacker and unspecified co-conspirators participated in several other attacks on computers, “specifically targeting those belonging to online gamers or gaming platforms,” between 2015 and November 2016. McCafferty is expected to issue a sentence to the guilty individual on…

Source…

Exclusive Media Invite – Hack the Building 2020

/in


COLUMBIA, Md.–(BUSINESS WIRE)–Nov 9, 2020–

The Maryland Innovation & Security Institute (MISI) and Dreamport, a partnership between MISI and United States Cyber Command (USCYBERCOM), invite media to join cybersecurity, control system and government professionals at Hack the Building, November 16-19 and streaming live on Twitch. Hack the Building is an unrivaled, hands-on live facilities critical infrastructure cybersecurity challenge featuring more than 50 teams from industry, federal labs, building automation companies, academia and government agencies – all competing to infiltrate, disrupt or take over a connected smart building and the computing systems and data inside the building.

As outlined in the official Hack the Building Handbook, the event is a virtual challenge built around a specially-designated, real-world target: A live, fully-equipped 150,000 square-foot “smart” office building near Annapolis, Maryland that teams on-site and remote are challenged to attack through its diverse IT, control systems, Internet of Things (IoT), access control, surveillance camera, building automation and other systems.

Hack the Building was created to address four core goals:

The target building is staged as belonging to “ BCR Industries,” a fictitious defense industrial base “manufacturing and engineering company” mocked-up for the competition to represent an attractive target with “sensitive U.S. government contracts.” This illustrates Hack the Building’s imperative, overarching public-private partnership focus on raising awareness of critical infrastructure protection and evolving cyber risks across interconnected computer networks, control and building systems.

“As once-isolated buildings and physical control systems converge with modern networks, it is crucial for cybersecurity, facility engineering and other disciplines to study attack and defense hands-on and learn from each other,” said Armando Seay, Director and Co-Founder of MISI and event organizer. “Hack the Building’s competition and teams yield immediate, practical cyber defense skills and knowledge – but the returns are even greater for our stakeholders charged with protecting connected offices,…

Source…