Data Centers

The Data Center contains the crown jewels for an organization. In addition to the IT equipment we think about, Data Centers are loaded with Industrial equipment (chillers, lighting, power and others) and are often frequented by contractors.  Many vectors expose a Data Center to risk, and as a result, Data Center security has long been the recipient of significant budget and attention from both physical and cyber security organizations.  

Bob Baxley, Chief Engineer at Bastille Networks discusses "Data Center" security.

Data Centers have the highest physical security for any organization, often employing mantraps, biometrics, and expanded video coverage. On the cyber side, large budgets are deployed for endpoint security and intrusion prevention for the wired infrastructure. However, there is an attack vector capable of penetrating Data Center walls and bypassing the firewalls, namely radio frequency (RF) based attacks.

THE PROBLEM

Data Centers consist of many computers, industrial equipment, and personnel, all having components that may communicate wirelessly. These wireless devices operate on a variety of wireless protocols, which are susceptible to a variety of attacks.

Security professionals need to lock down threat vectors in Data Centers. Rogue devices, data exfiltration, misconfigured equipment, personnel accountability, and insider threats are all possible via nefarious devices.

Company controlled Wi-Fi networks may be protected to some extent by existing products, but other wireless traffic is largely a blind spot. In a Data Center environment, an attacker exfiltrating data over LTE could easily go undetected because no traffic is going over the Data Center’s network. 

Data Center operators are not always aware of the wireless transceivers in the equipment they control. More equipment today is being shipped with a “radio ready” control system in addition to the Ethernet or Console control system that the Data Center intends to employ. However, we have found that the radio control system, Zigbee or Z-Wave for example, is usually default “ON” when it is shipped. In addition, default passwords (0000) are used that are simple to find from a Google search. As a result, without the knowledge of Data Center personnel who aren’t using it, the Radio Ready client is constantly beaconing for a radio controller to pair with it and give it instructions. For instance, a misconfigured ZigBee interface on a chiller could enable an attacker to interrupt Data Center operations. Knowledge of all wireless transmitters in a Data Center makes it possible to minimize the wireless attack surface. 

Data Center Security Vulnerabilities Include: 

  • Rogue Wireless Devices and Networks being used for Data Exfiltration
    • Typical exfiltration prevention techniques involve monitoring corporate networks and preventing the use of USB ports for storage. However, by utilizing cellular or other “hard to see” protocols, attackers can bypass these controls.
    • Nefarious devices such as pwn plugs and pineapples that are left in Data Centers to specifically steal data and backhaul that data out over cellular.
  • Improperly Configured Devices

    • Network infrastructure, e.g. a laptop connected to the network, has an open Bluetooth stack beaconing for a keyboard.

    • Data Center equipment can employ proprietary or industry ICS protocols for managing aspects of the equipment or environment. Security professionals have no visibility into these devices and protocols and if they are properly configured.

    • Employees and contractors who unknowingly carry a compromised cell phone, which once attached to an internal Wi-Fi network, open a 4G channel and begin beaconing out packets to the attackers abroad.

Typical security solutions have no visibility into what devices exist and operate within the radio frequency, let alone if they are doing something nefarious.

THE REQUIREMENTS FOR A DATA CENTER RADIO SECURITY SOLUTION

A Data Center radio security solution needs to:

  1. Provide visibility into the wireless networks, traffic, and devices operating in your environment
  2. Inform you of the attack surface for each of these devices
  3. Alert on active wireless attacks on those devices through your existing SIEM systems
  4. Suggest best practices for minimizing the attack surface and mitigating an attack in action

Specifically, a solution must:

  • Detect all devices operating in the wireless spectrum, to include but not limited to, Wi-Fi, cellular, Bluetooth, and the hundreds of other protocols in the Internet of Things (IoT)
  • Provide awareness of any wireless threats including active attacks, rogue networks, and misconfigured devices.

  • Have the ability to track the movement of devices, which include radios, to augment existing security measures.

  • Show the movements of devices to help enforce access policies.

  • Detect unauthorized access

  • Detect data exfiltration via wireless devices (large volume of wireless data leaving the Data Center premises over the cellular network)

  • Allow the Data Center operator to quickly detect and localize any malicious LTE or 3G modems
  • Include geofencing capabilities to understand and protect the location(s) of a customer’s servers within a colocation facility

  • Be always on

  • Detect unauthorized devices entering the Data Center

  • Detect vulnerable devices being installed

  • Detect anomalous wireless activity originating from the Data Center (independently from the protocol)

  • Detect misconfigured devices

  • Enforce company BYOD/IoT policy

  • Alert on a wireless attack surface introduced by the installation of new equipment in the Data Center, e.g. an HVAC system with Zigbee or a MouseJack vulnerable keyboard

  • Detect rogue cell towers which can send signals into your facility

What kind of organizations need this solution?

  • Fortune 2000, financial services, technology, and other companies that manage their own Data Centers

  • Data Center companies (hosting providers, etc.)

  • Cloud infrastructure providers

"