[Info-vax] VMS and the Internet of Things (IoT)
Kerry Main
kemain.nospam at gmail.com
Sun Nov 6 15:23:19 EST 2016
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> Of johnwallace4--- via Info-vax
> Sent: 06-Nov-16 2:19 PM
> To: info-vax at rbnsn.com
> Cc: johnwallace4 at yahoo.co.uk
> Subject: Re: [Info-vax] VMS and the Internet of Things (IoT)
>
> On Sunday, 6 November 2016 16:25:03 UTC, Kerry Main wrote:
> > > -----Original Message-----
> > > From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On
> Behalf Of Bob
> > > Koehler via Info-vax
> > > Sent: 14-Sep-16 9:45 AM
> > > To: info-vax at rbnsn.com
> > > Cc: Bob Koehler <koehler at eisner.nospam.decuserve.org>
> > > Subject: Re: [Info-vax] VMS and the Internet of Things
(IoT)
> > >
> > [snip..]
> >
> > Another interesting article .. a company's data was being
stolen
> via a
> > soda machine that had been installed internally.
> >
> > http://bit.ly/2eshdNP
> > "What had happened, Coffey said, was that the company had a
> new soft
> > drink vending machine installed and because the machine had
> both a
> > credit card reader and was able to automatically order
> replenishment,
> > it was connected to the company network. What nobody
> thought about was
> > that the soda machine, like most IoT devices, had no
security.
> >
> > When the security staff discovered that data was being stolen
> from the
> > company, they learned that data was first being copied from
> the
> > company servers to the soda machine enabling the hackers to
> transfer
> > the data to their own servers.
> >
> > This happened because there was no coordination when the
> soda machine
> > was attached to the network and nobody realized that the
> machine
> > should be put outside of the company firewall, separate from
> corporate
> > network. And, of course, nobody was monitoring the data
> transfers from
> > the soda machine because it was, after all, just a soda
machine"
> >
> >
> > Regards,
> >
> > Kerry Main
> > Kerry dot main at starkgaming dot com
>
> Psst, Kerry.
>
> Don't tell anybody, but modern networked photocopiers (which
> also scan and print, ie multi-function printers aka MFP) have
been
> offering a variant on this theme for over a decade, not least
> because they frequently and "legitimately" have both internal
> LAN access (so people can print and scan things) and external
> network access (so the machine can be remotely managed and
> otherwise phone home as required).
>
> The original concern was stuff stored on the hard drive in the
> MFP, stuff which could be accessed by the trusty photocopier
> repair people who come with their own laptops and without any
> security checks (they did at one secure UK site I'm familar
with,
> and when someone suggested to both IT and corporate security
> that there might be various levels of weakness here, the
> response wasn't encouraging).
>
Yep - my first experience with things like smart printers was
during a HP project, we had to develop a specific strategy for
flipping MFP printers from one companies AD to another companies
AD as part of a large IT divestiture project. Company A sold a
major division to a separate Company B (a company A competitor
unfortunately, so no AD trust) and we had to flip almost 60 sites
across NA from Company A to Company B. And of course it had to be
done so that users could still walk up to the printers, enter
their code and/or their access card so they could still print,
scan, fax as they did before. Lot more complicated when printers
are controlled by AD/LDAP controls - think about every desktop
and server file/group/ACL needing to be re-acled to new AD in
parallel with all this printer stuff going on.
The article made a good point about ensuring devices like MFP,
soda machines and other IoT devices installed internally should
NOT be on the internal LAN's, but rather dedicated protected,
heavy firewall type VLAN's with pretty tight fw rules applied.
[snip..]
>
> Interesting times.
>
Yep .. reminds me of old Sun marketing slogan "..the network is
the system"
Lots of truth today in that statement.... I wonder where Andrew
is these days?
:-)
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
More information about the Info-vax
mailing list