Editor’s Note: Cybersecurity is a hot topic within the telecommunications industry. NTCA has been closely following Congress’ attempts to shore up our nation’s critical infrastructure through new cybersecurity legislation, currently in draft form in the House and the Senate. It remains to be seen if this legislation will ensnare rural telcos or information technology companies that service critical infrastructure providers such as electric companies, health care providers, defense contractors or financial institutions. However, regardless of the final legislation, all rural telcos need to shore up their communications networks to meet today’s new security risks. In this guest article, Jerry Smith, senior network engineer at Farmers Telecommunications (Rainsville, Alabama), discusses the evolution of cybersecurity.
The evolution of telecommunications during my 40 years in the industry continues to astonish me. There may be no greater challenge than the security of our communications and data networks. The first data networks were pieced together with point-to-point (PTP) links, meaning an intruder had to physically access the network to cause harm or steal information. The network was considered quite secure as long as the doors were locked and we did not allow strangers to roam inside our perimeter. Even if someone gained access to a building or cables, the damage that could be done was limited and mostly contained to a small geographic area. Perpetrators likely were detected and apprehended before they finished the job.
This began to change as the world was introduced to Internet protocol (IP) networks. Utilizing IP, a business in New York can communicate with a branch office across town, in another state or in another country.
However, along with this awesome capability also came unintended consequences. No longer does a miscreant require physical access to a network to accomplish dastardly deeds. As networks grow in size and quantity, so does the number of opportunities for wrongdoers to steal data or cause harm.
Hacking began as a hobby for a few ingenious individuals and it has developed into a well-organized criminal industry, with illicit groups working together for huge profits, political objectives or terrorism plots. The hacker’s tools have become quite sophisticated, yet easily attainable through the Internet. The life of an unprotected computer—and the network it is connected to—is extremely short.
While industry best practices are available for hardening networks against known threats, new challenges—also known as zero-day events—emerge on an almost daily basis. The term zero day simply means a new anomaly that has been unleashed and is unknown to the developers of anti-virus software. Until there is a remedy the anomaly may cause tremendous damage to networks, capturing data, logging keystrokes or worse. Even more ominous is the zero-day attack that remains in stealth mode without being discovered until after networks are compromised and data is lost.
Other than staying abreast of known issues, one very effective way to guard against threats is to maintain visibility into the network and its typical operations. Network administrators can detect even slight changes in network performance such as available bandwidth or communications patterns. Historical information, easily displayed in graph form, can point out changes in network performance over time. Most routers and switches generate valuable data about their performance. Software (such as Syslog, Netflow, or SNMP) can collect and process data that allows administrators to immediately investigate network disruptions. The change may be a result of normal business, or it may be a real and present threat to the network. Understanding in detail how a network performs over time is essential to formulating practices for detecting and mitigating network interference.
Service providers should protect their users from known threats around the globe, but some providers may overlook the need to protect their users from each other. Bridged networks, which place users in a common broadcast domain, subject those customers to the misbehavior of other users. Connecting users via a residential gateway (firewall/router) prevents hazardous activity from spreading to other users. Many gateways also support services such as parental controls and content filtering. As such, while acting as a good steward on the customer’s behalf, this device also can offer another revenue stream or value-added service for the broadband provider.
When a gateway device is deployed, it should be hardened similar to core network equipment, as it is an extension of the provider’s network. Recent accounts of providers that did not secure the gateway resulted in DNS poisoning attacks with devastating results. A simple access control list (ACL) on the management portal could have rendered the device inaccessible by the attacker.
Our networks are now vulnerable to attack from almost anyone, anywhere. Unfortunately, we will never be safe from all harm. While this is a sobering thought, having this knowledge may be our best hope for protecting our networks. We cannot give up the fight, but rather must remain vigilant in our quest to secure our networks. The Internet, while filled with peril, offers innumerable opportunities for our rural communities.