Join us at Greenbuild Nov 19-22, 2019 in Atlanta
Click here to register for your free floor pass today
Menu
Search
Menu
Industry Insights

Connecting the DOTS - Connecting with Security

Monday, February 4, 2019 | by Rudy Montgelas
Connecting the Dots with Rudy Monteglas | How tech shapes you and your future
How secure is your identity?Selected Data Breaches chart

Security is a real issue for all of us. It’s something to be taken seriously, especially amidst the recent reports of industrial espionage.1

More than ever, I can’t stop thinking about all the personal information at risk where it’s readily accessible on the web. And, sometimes I’m concerned, particularly when I travel, that repeated credit card transactions and other information transfers expose me and my company to the possibility ofIdentity theft. It’s a threat to both my personal and “corporate” identity.
 
 
What about the need for global network security protection?

All this sounds a little scary. However, security measures are continually evolving to meet the growing demands of today’s software and networking due to the exploding number of IoT and other connected mobile devices.2These measures are essential for both the hardware infrastructure as well as the software data processing and handling. None of us would willfully trust our personal, or company’s information, to any kind of known identity theft, right? But, sometimes it can happen without our knowledge. That’s why it’s important to submit the proper credentials over anauthenticatedconnection where your data is protected from theft. These types of network connections are often identified by the letter “s” (for security) in the “https//:” header that you see at the beginning of theURLfor any secure websites that you often access. Also, it’s a good idea to “mouse over”, paying attention to the address of a link or “button” you are going to click-on. The website address is typically displayed in the bottom left of the browser, and it should match were you are expecting to go.

Encryptionis adata securitymethod whose success depends on thestrengthof encryption used.3Government and military installations often have stringent encryption requirements for data in their networks.


How about Physical Network Security?

How can security solutions be implemented into the network? Not only is it important to be concerned with thedata securityand the applications on the network, but it’s also important to protect thephysical securityof theLayer 1 infrastructureitself. It’s key to assure that the cabling and connectivity is guarded against unauthorized intrusion and improper connections. Many high-security government facilities have installed physical security throughsecure-keyedconnectivity into much of their sensitive networks. Secure-keyed fiber connections have special mechanically keyed LC connectors, by color, so that only a color matched LC plug can be plugged-into its matching color port adapter.

Secure keyed LC fiber connectors and secure metallic raceway

This physical keying of LC fiber connectors prevents unauthorized connections as well as mistakes duringMACs(Moves, Add and Changes) in the network. Often the cabling pathways and junction boxes themselves are “secured” with special locking metallic raceway. Legrand has product solutions for a wide range of security applications, from ourCord Locking System5for assuring a server’s power cord stays in place on a power distribution unit (PDU), to preventing unauthorized access in a data centerwith secure locking equipment cabinets and enclosures.

Cord Locking System | Innovation at the heart of PDUs
Legrand’s Intellicore™ software defined networking solutions provide automatic and real-timevisibilityinto the network, constantly monitoring any intrusion or changes through Intellicore’s Management Software (IMS)Audit Trail.6
Even evolving industry standards for newly emerging AV cabling such as USB-C, providing both power and data to host peripheral devices, will require new security authentication hardware handshaking to mitigate malware risks.7


Is cyber warfare the next huge security threat?

Despite all that encryption and authentication, data on the network can still get compromised due to clever, technically savvy hackers and cyber threats. The development ofmalware,to destroy an individual’s data andransomware, to hold an individual’s data hostage, has become commonplace. Ransoming and identity theft of someone’s computer’s data, might even include rogueBitcoin miningsoftware that takes advantage the user’s identity on their computer. Some large credit and consumer companies have also reported attacks, ordata breaches, on their sensitive stored customer data that have affected billions of consumers.8And, for that matter on a global scale, what about the presidential elections and Russia’s alleged involvement?9


Your own personal security and what you can do:

The following are some tips to think about that may help you protect your own confidential data in your everyday activities. In addition, other sources of information on ways to protect your data are available on-line.10
  • Always be cognizant of possible threats to your credit card security PIN and other information
(Such as at gas pumps and ATMs, that might have planted hidden cameras or other surveillance)
  • Be careful ofphishingscams in your emails.11Opening emails from unknown sources is risky
  • Know the security and safety of any network you are accessing with your PC or cellphone
  • Assure authentication and malware detection is in place for the software that you use
  • Be aware that public wireless links could be subject to identity theft when using your software
  • Always set up strong passwords for Wi-Fi and other routine connections to the Internet
  • Update your Wi-Fi/router’s firmware regularly so you have the most up to date system
(This is very important, because you do “get what you pay for”. So, buy a reputable Wi-Fi/routing device, and check to make sure software firmware updates are offered for it.
  • Test your system’s protection withShields-Up12at:https://www.grc.com/x/ne.dll?bh0bkyd2
  • You might want to consider turning off remote modem or router access (UPnP)
  • Use a password manager, likeLastPass13, that allows you to store and retrieve complex passwords that are hard to guess.
  • For sensitive accounts, Multi-Factor (MFA) or2-Factorauthentication is recommended
  • Don’t use the same password credentials for multiple sites
  • Always keep a record of your passwords in a safe and secure (but also readily accessible) place
  • Check your accounts and passwords. You can visit the URLs below to check your email address and passwords to see if they have turned up in any data breaches:
https://haveibeenpwned.com/
https://haveibeenpwned.com/Passwords
At Legrand, we have the utmost respect and concern for the security of our customers information and data.14We’ve also instilled sophisticated encryption and authentication hardware into our products, that communicate over the Internet, to assure that our network-based products are protected from threats and malicious attacks.
I hope this issue of CTD on security has been helpful. I’ve a got a feeling we are all going to see a lot more about security and how it’s importance is going to affect all of us down the road.


Brief glossary of security terms:

Hackers: Individuals or entities who illegally obtain information or maliciously disrupt computer systems over the Internet
Identity theft: An individual’s sensitive confidential or personal information stolen by hackers
Data Breach: A company or service provider’s sensitive data information about their customers is compromised or stolen by hackers over the internet
Phishing scam: An identity theft method of sending out a fake (trusted) email to obtain an individual’s personal or financial information
Malware: A software virus that is designed by hackers to wreak havoc with an individual computer
Ransomware: A method by hackers to hold a person’s personal data or information for ransom
Encryption: A method of encoding data with a “key” that only allows authorized individuals access to the information
Authentication: A “handshaking” between hardware devices or software programs allowing only connections between specifically authorized entities.
Mining: Obtaining money using Bitcoin or other means, through ransomware and Identity theft

References and further reading:

1The Big Hack: Statements from Amazon, Apple, Supermicro, and the Chinese Government, by Jordan Robertson and Michael Riley, Bloomberg Businessweek, October 4, 2018,www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
2Avaya Surge protects the Internet of Things - Using Open Network Adapter, Surge profiles IoT devices and assigns them to secure zones, By Zeus Kerravala, Network World, Feb 14, 2017
3Connecting Quantum Computing and Encryption, Connecting the Dots, Legrand, January 18, 2017,Legrand,https://www.legrand.us/ortronics/industry-insights/posts/2017/january/ctd-connecting-quantum-computing-and-encryption.aspx
4Photo of:Keyed LC connectors and adapters, Courtesy of Senko Advanced Components website:http://www.senko.com/fiberoptic/lc-connector-series.html
5Legrand Cord Locking System, US Patent No.: US 9,991,633 B2, Date of Patent: Jun. 5, 2018
6Intellicore Software Defined Networking Solutions from Legrand, Website:https://www.legrand.us/intellicore.aspx
7USB Type-C gets authentication to protect against malicious devices – USB-IF announced it will roll out a USB Type-C authentication program to protect against non-compliant USB chargers and USB malware risks, By Campbell Kwan, ZDNet, January 3rd, 2019,
8Equifax Reveals Huge Breach, By Anna Maria Andriotis and Ezequiel Minaya, The Wall Street Journal, Updated Sept. 8, 2017
92016 Presidential Campaign Hacking Fast Facts, CNN Library, Updated November 24, 2018,
https://www.cnn.com/2016/12/26/us/2016-presidential-campaign-hacking-fast-facts/index.html
10What Can You Do To Protect Your Data Online?, Forbes.com, May 7,2018,https://www.forbes.com/sites/quora/2018/05/07/what-can-you-do-to-protect-your-data-online
11Yikes! Online phishing attacks up 297% over last year, By Dalvin Brown, USA TODAY Published Oct. 24, 2018 | Updated Oct. 24, 2018,https://www.usatoday.com/story/money/2018/10/24/investigation-online-phishing-attacks-up-297-percent/1741033002/
12ShieldsUp®, is a registered trademark of Gibson Research Corporation, Laguna Hills, CA, USA, Gibson Research Corporation is owned and operated by Steve Gibson
13LastPass©, Is a trademark of LogMeIn, Inc., All Rights Reserved, 2019,
14LegrandPrivacy Policy,https://www.legrand.us/privacy.aspx