After spending millions to lock down the security of routers, switches, firewalls, and servers, did you think to check the teleconferencing system?
Let’s be realistic, no hacker is going to break into a network just to make the motorized window shades go up and down. Or to find out when a projector lamp or printer toner cartridge is due for replacement. Though the customer database and credit-card data or employee master payroll file constitute more likely targets, wreaking havoc with lighting, HVAC, and facilities management applications is no less tempting a target — at least for the recreational hacker or so-called hacker-in-training.
However the threat matrix appears, playing a strong defense is the best offense. So, who ya gonna call? It won’t be Ghostbusters. We opted for a security expert.
Phillip Mahan is director of Risk Services for the Continuous Security and Compliance practice of Williams & Garcia, an Atlanta-based technology solution provider. He has plenty to say and lots of stories to tell.
“A lot of the security breaches that I see boils down to failures of the simplest kind. I see crucial networking hardware in production with the default user name and password still in place. In corporate conference rooms and even boardrooms, I see user names and passwords for accessing the network or A/V controllers written on yellow Post-it Notes. Whether it’s an A/V room controller or a network server, these are nothing more than IP addresses that need to be protected.” Whenever the ugly Post-it breach is discovered, Mahan discreetly changes the password, removes the offending cheat sheet, then diplomatically explains the judgment lapse to his client.
Security consists of two components, the product itself and the policies put into place by the end-user organization, regardless of vertical industry. A device that incorporates the most robust access protections is wholly unsecured if the user name and password is written on a little yellow sticky not, whether or not the default has been changed.
The products themselves do pass muster, according to Josh Stene, director of Technology Management at A/V solutions manufacturer Crestron. “Products routinely conform to accepted