Troubleshooting and Cyber Protection · Network Security Risks Airplane hacking News reports of aircraft hacking and takeover are based off an April, 2015 - Government Accountability

Satcom Direct, Inc ©2015 All Rights Reserved.

Troubleshooting and Cyber ProtectionJosh Wheeler

May 4, 2016


Network Security

Network Security Risks

Video



Article



Data stealing or disruption of network systems is a critical issue costing money, downtime and

possible embarrassment to a company

Methods range from social engineering attacks to theft of passwords and credentials, spam, malware

and more.



A threat is any event or action that could potentially result in the violation of a

security requirement, policy, or procedure.

Unintentional or unauthorized access or changes to data.

Interruption of services.

Damage to hardware.

Unauthorized access or damage to facilities.



Vulnerability is any condition that leaves a system open to attack.

Vulnerabilities can come in a wide variety of forms, including:

Improperly configured or installed hardware or software.

Bugs in software or operating systems.

Poorly designed networks.

Poor physical security.

Insecure passwords.



An attack is a technique that is used to exploit a vulnerability in any application

on a computer system without the authorization to do so.



Measures must be taken within all environments for data to be secure

Remote locations must follow the same policies set forth by a company

Users have a responsibility to help secure data

Being educated

Following policies

Knowledge of what you are connecting to



Example

Web browser add-ons are

inherently trusted by users and are

being targeted as vehicles for

installation of malware



Example

Secure Passwords

https://www.my1login.com/resources/password-strength-test/



Common types of network threats

Evil Twin/Rogue Access Points - Setup a fake wireless network to capture data

Spear Phishing - Increased exposure due to limited controls

Command and Control - Reduced controls allows tools to call home

Advanced Persistent Threats (APT)

Reduced Logging - Impedes forensic analysis if there is an event


Network Security RisksE V I L T W I N / R O G U E A C C E S S P O I N T S


A user unknowingly associates with a rouge or fake wireless access point which has the same

name as the legitimate access point

The intent is to capture/steal data passing through the rouge access point

Network Security RisksS P E A R P H I S H I N G


An email which appears to be from a known

individual or business but is not

Typically targets a specific organization or group

Intent is to get credit card, bank account numbers,

passwords, trade secrets, etc. typically by clicking a link

to enter information

Increased exposure due to limited controls

End user (employee) can decide to click the rouge link

Network Security RisksC O M M A N D A N D C O N T R O L M A LW A R E


Malware gets unknowingly installed

Conducts a “call-home” to fetch updated and

instructions from the Command and Control

servers

Sends back stolen information

Network Security RisksC O M M A N D A N D C O N T R O L M A LW A R E


Malware gets unknowingly installed

Conducts a “call-home” to fetch updated and

instructions from the Command and Control

servers

Sends back stolen information

Network Security RisksA D VA N C E D P E R S I S T E N T T H R E AT S ( A P T )

APT: a network attack in which a person gains

access to a network (through a variety of sources)

and resides undetected for an extended period of

time

Goal: steal data undetected vs. cause damage to the

network

Target: high-value sectors, such as national defense,

manufacturing and finance


Network Security RisksN E T W O R K L O G G I N G A N D M O N I T O R I N G


A security firm1 recently identified insufficient

logging and monitoring as #6 on a list of top

ten network security mistakes

Sufficient logging and monitoring can help

provide a quick explanation of why a

security breach occurred and who may be

involved

Almost any device which is managed on a

network can and should generate logs

1Fishnet Security

Network Security RisksN E T W O R K L O G G I N G A N D M O N I T O R I N G


Top reasons to use network monitoring

Be informed of your network status from anywhere

Plan for upgrades or changes

Diagnose problems quickly

Make sure your security systems are operating properly

1Fishnet Security


Airplane Hacking


Airplane hacking

News reports of aircraft hacking and takeover are based off an April, 2015 - Government Accountability Office

(GAO) report on aircraft network security revealed possible vulnerabilities within aircraft systems.

Advised by cybersecurity and aviation experts.

No mock-ups or system testing were carried out.

FAA’s Office of Safety has started reviewing rules for certifying the cybersecurity of all new aircraft avionics

systems.

Full report available at: http://www.gao.gov/products/GAO-15-370

Report specifically addresses commercial aviation where cabin and flightdeck networks are known to be integrated


Network Security RisksA I R P L A N E H A C K I N G


Boeing example (737-900)

Onboard Network System (ONS) securely connects

airline operations and maintenance with key airplane

data and software parts.

ONS integrates with IP-based satellite connectivity systems.

Cockpit and Cabin share a common router

Separated via a firewall


Security Compliance

Security ComplianceM U LT I P L E I N T E R N E T G AT E W AY S ( C O N N E C T I O N S )

Multiple internet connections proves

difficult without the proper setup:

No single monitoring/filtering for exiting

traffic

No guaranteed compliance policy

application

No central logging capability

Allows for multiple attack entry points


Security ComplianceC O R P O R AT E G AT E W AY

Security and compliance services delivered

by the end user’s security department and

governed by their IT security policies

Filtering

Virus, email and program scanning

Active monitoring

Prevents un-compliant access

Internet access is provided by the corporate

data center or other exit (egress) point


SD Private Network

SD Private NetworkS D T I E R I I I D ATA C E N T E R

Privately owned, secure data center for SD

customers

Allows customer’s to secure their data from the

aircraft, to the ground, to a chosen end point

Data center to internet

Data center to Corporate data center

Data center to a chosen Corporate location

Ensures your traffic travels a secure, known path

SD Private NetworkS D P R I VAT E R O U T I N G

SD operated internet gateways (PoP) worldwide

Amsterdam, New York, Florida, London

Public, private, dynamic, static, US and Europe

based IP addressing

Based on Needs

Private data routing for Ku, Ka, L-band

SD Private NetworkS E C U R E C O N N E C T I V I T Y


The reality is users connect through unsecure

locations. Including the aircraft

Free Wi-Fi could potentially be a rouge access point.

VPN connectivity is one solution to help secure data

?

SD Private NetworkS D P R I VAT E R O U T I N G


Secure connectivity

Leased line connection from SD Data Center to

Corporate HQ

Aircraft data traffic is delivered directly to your corporate

network

Bypasses the public internet

Your onboard operates completely within your corporate

compliance requirements

SD Private NetworkS D D ATA C E N T E R I S C E R T I F I E D S E C U R E


SSAE 16 SOC 1 Type 2

ISAE3402

Financial reporting assurance standards

FISMA Compliant

Protection of government information, operations and

assets against natural or man-made threats

Electronic Government Act of 2002

PCI Compliant

Security for credit, debit, and cash card transactions

HIPAA Compliant

National Security standards to protect patient data

SD Private NetworkS D D ATA C E N T E R T E S T I N G


Penetration testing (PEN testing)

Proactive, authorized evaluation of an IT infrastructure’s

security and vulnerabilities Allows for identification and

report of possible security vulnerabilities, both internal

and external.

Weekly testing is carried out by certified ethical

hackers based at the SD Data Center

Software and hardware modifications are tested for

security.

Ability to test end customer SDR configurations.

SDM O R E T H A N J U S T S AT C O M


Premier Solutions Provider:

Flight operations

Cabin services

Network security (compliance)

Network Operations Center

Hardware

Training

SD World Headquarters

SD Secure Datacenter


Documents

Troubleshooting and Cyber Protection · Network Security Risks Airplane hacking News reports of aircraft hacking and takeover are based off an April, 2015 - Government Accountability