CTMS will be hosting a recycling and open house on Saturday Oct 22 at our office located at 184 Currie Hall Parkway Suite 2.
We are partnering with NeoShred to recycle and shred both documents as well as computer hard drives for individuals and small businesses to protect your sensitive information from being compromised.
The event will be held from 9AM-12PM on Saturday Oct 22. Everyone will be invited into our offices for light refreshments as well and meet the staff of CTMS. We Ask that documents be limited to 5 boxes of paper as well as 5 hard drives per person. If there are larger quantities, or for any questions, please contact Tony Malorni or Justin Smialek at (33) 541-2834.
CTMS is a full service IT firm specializing in bringing advanced technologies to the workplace while maintaining an intelligent business continuity plan.
SECURITY & Network SEGMENTATION
Let’s face it. Wi-Fi is now an integral part of any organization’s IT infrastructure, but today many companies face challenges when installing and configuring their Wi-Fi networks.
First, there is the all-important security factor. It is not just enough to install a quick Wi-Fi router and turn it on. Your IT personnel must make sure that they provide the proper segmentation of your work Wi-Fi, used by employees and connected to your main network, and your guest or customer Wi-Fi, used to provide internet connectivity for your customers.
I recently did a security audit at a company in Akron, Ohio, and found that their Wi-Fi network was in the same network segment as their secure Wi-Fi. This meant that any person within their Wi-Fi range could get an IP address in the same range as their internal network. This presented a problem because anyone with some basic knowledge of security could probe their network and potentially break in with little effort. They had their secure Wi-Fi network password protected, but because they failed to segment the networks completely, they left themselves vulnerable to hackers.
As you can see from the graphic above, anyone connecting to the public Wi-Fi would have the ability to see and communicate with anything on their private network. So servers, and other critical business devices connected to the private network would be accessible to anyone connected to the Public Wi-Fi.
A properly segmented Wi-Fi implementation should look like this:
In the aforementioned example, any computer connected to the public network would not have any access to devices behind the private network. This is the proper way to segment your private Wi-Fi network from your public one, especially if you are not going to use password protection. It should be noted that if you are going to provide an open public Wi-Fi network to your customers, your IT department should use a wireless access point that supports host isolation. Host isolation prevents computers connected to the public Wi-Fi from accessing other computers in that same network.
Data security is a topic of conversation seldom discussed at car dealerships today. Even with the large amount of technology that is required to successfully run a car dealership, owners, and administrators still behave and act as if it was the good old days when most deals were inked on pen filled multipart forms, and stored in old fashioned filling cabinets.
Most dealerships just rely on their DMS (Dealership Management Systems) to provide a false sense of security when it comes to their customers’ data. According to recent Automotive industry article, up to now dealerships have largely avoided being the target for hackers. They list four reasons for that scenario to change:
- “Big Data. Carmakers, dealerships, and their suppliers and vendors have developed extremely large databases of consumer information, ranging from customer preferences, to financial information, to driving statistics, to location-based data. These huge databases make tempting targets for hackers. They are also drawing the attention of regulators who are increasingly viewing dealerships as financial institutions in terms of the magnitude of personal consumer information collected in their finance and insurance departments.”1
- “Connected Nature of Cars. Industry studies show that by 2017 more than 60% of new vehicles will be connected in some way to the internet, making them part of the “Internet of Things.” Many automobiles have wireless connections to the internet via Bluetooth and wireless hot spots through cellular connections. In addition, cars now feature a multitude of applications that can be accessed and controlled by a driver’s smart phone, which, itself, connects to the internet. These connections may pave the way for a hacker to gain control of car’s systems and data. This is not fantasy, but fact. Researchers at the DEF CON hacker conference recently presented evidence of how they were able to hack and take control of the electronic smart steering, braking, acceleration, engine, and other functions of several types of vehicles. This follows similar research several years ago conducted by the University of Washington and the University of California-San Diego, where various functions of a car were compromised using Bluetooth, modified CDs, and other techniques.”1
- “Automotive Complexity. The volume of programming in a modern car is staggering. Programming is typically measured in “lines of code” (LOCs). For example, a pacemaker may have about 80,000 LOCs. The original space shuttle had about 400,000 LOCs. Only a handful of technologies have in excess of 100 million LOCs: the total DNA of a mouse, the code for the ill-fated Healthcare.gov website, and the software in the average high-end automobile. A study at Carnegie Mellon University showed that, on average, commercial software contains between 20 and 30 bugs for every thousand lines of code, meaning the software in an automobile could have 1 to 2 million bugs that could be exploited by a hacker.”1
- “Interconnectivity of Carmakers, Dealerships, Suppliers, Vendors. In addition to the foregoing, the systems used by carmakers in the design and manufacture of their vehicles, systems on which maintenance information is stored, systems maintained by dealers and their respective vendors and suppliers, etc. are all vulnerable to attack. This is particularly so in the context of the interconnections between and among those systems and the continuing trend to place many of those systems in the “cloud.” The interconnected network of all those systems is only as strong as its weakest link. If one system is compromised, the others may fall. Hackers routinely exploit this exact interconnected nature of complex systems to compromise a week outlying system and leverage it to gain access to far more heavily secured systems.”
Given the large increase in identity theft today, it is just a matter of time before hackers realize that the lack of security at car dealerships presents a great opportunity to steal customer data for the purpose of fraud. According to a USA today article, “credit-card data theft is exploding, increasing 50% from 2005 to 2010, according to the latest figures from the U.S. Department of Justice. Millions of card numbers are for sale. A single number might go for $10 to $50; a no-limit American Express card number for a consumer with good credit can sell for hundreds of dollars”
With potential figures like this, it will not be a surprise when hackers decide to focus their efforts into getting information from car dealerships. Here at CTMS (Computer Technology Management Services) we see examples of what kind of data is available if hackers decided to take advantage of the lax security implemented at most dealerships we see.