Solarwinds Orion Hack

The gift that keeps on giving. Earlier this week SolarWinds announced a security breach of unprecedented size and scope.  According to the WSJ,

“… cast a nearly invisible net across 18,000 companies and government agencies—security specialists are uncovering new evidence that indicates the operation is part of a broader, previously undetected cyber espionage campaign that may stretch back years”

Although this security breach occurred at a higher level than the Physical layer, it is a sobering event that should give us all pause.  The perennial security question comes to the forefront; what is the opportunity cost of not employing adequate security?

As you work to enhance security measures, or build upon an existing framework, all layers of the OSI stack need to be thoughtfully considered.

You have options for serial console access.  Like every buying decision, product/price/support will be your drivers; how do you balance the three options?

Let’s look at two potential scenarios for Out of Band Management:

• Analog (phone lines)- How is this publicly addressed infrastructure secured? Some operators simply unplug the phone line until it is needed for a connection, then have on-site personnel plug in.  Not secure, not efficient
• LTE – LTE has advantages for OOB, proving quick and readily available access (in most locations). Many people think that the “airlink” portion of LTE is sufficient for securing OOB; it’s encrypted, but can be breached on up/down link, with publicly available products

CDI products are purposely built to provide AES256 Cypher Feedback Encryption.  FIPS 140-2 validation comes standard on CDI products, providing a peace of mind and reassurance that your network backdoor is locked, chained, and secured.