Is open source software safe to deploy? Damien Choizit has written a thoughtful opinion piece in Software Development Times in the aftermath of the Heartbleed OpenSSL debacle. He writes, “the question on everyone’s mind is, ‘What does this mean for open-source software development?’ The truth of the matter is, Heartbleed wasn’t the real problem. Rather, it was with how we currently view and deploy open-source and outsourced code.” Choizit goes on to blame, not the OpenSSL team, but the mindless OEM and ODM development teams who blindly use open source software with the assumption that it must be solid. At Quadros Systems we have long been skeptical of the lemming-like move to open source without a commensurate look at what is really in the code. The lure of “free” software has blinded many to some of the inherent risks. 1. Does the ready availability of open source software and the ability by malicioius hackers to study it make it more prone to trapdoors and backdoors? 2. Do developers assume that because it is open source, thousands of others must have already checked out the code, so it must be safe? In this new era of “the Internet of Everything” your embedded device may be more vulnerable than ever. ...
Are security issues lurking in your embedded device?
s embedded and machine to machine (M2M) devices evolve, new issues are rapidly emerging that affect both legacy systems and those being planned. Network security is one of those. Malicious attacks on Supervisory Control and Data Acquisition (SCADA) and other industrial control and smart grid networks are a major concern. Recently the Industrial Control Systems Cyber Security team noted that there are now several new, publicly available exploit tools that specifically target Internet accessible industrial control system and programmable logic controllers (PLCs). Targeted systems include those from Rockwell Automation, GE, and Schneider Electric. And this is just the beginning of an evolving threat with malicious hacking to industrial espionage, and even cyber-terrorism. According to a new study from VDC Research security is the now the number three concern for M2M OEMs after cost and performance. There is now an exposed soft underbelly in many deployed M2M systems that is vulnerable to hacking, denial of service (DoS) or other unwanted intrusion. Most of these systems were not designed to withstand the kinds of sophisticated cyber-attacks we are seeing today. According to VDC most engineers did not even considered security in their prior designs. Even today embedded engineers are looking to add connectivity without factoring in the potential security risks. Many of these systems are home-grown and do not have the benefit of a commercial real-time operating system or proven security software. Quadros Systems has been actively supplying security for M2M and embedded systems for many years. Our SSL/TLS package provides application level security to HTTP and FTP protocols. And our IPsec/Internet Key Exchange (IKE) package offers encryption security at the IP layer. Last week we announced our most recent solution to address the network security: an embedded firewall. We have partnered with Icon Labs to offer three stage protection to customers using the RTXC Quadnet Ethernet-TCP/IP stack: static filtering, rules-based filtering and threshold filtering. Floodgate Packet Filter has been used to provide security for industrial control applications, small footprint industrial firewall appliances and MCU based control devices. It provides Stateful Packet Inspection (SPI) and rules based filtering to protect embedded devices from real-world cyber-attacks. Rules-based filtering utilizes white-listing and black-listing to define system criteria such as port number, protocol, or source IP address for protection. Floodgate also features Stateful Packet Inspection (SPI) that provides dynamic packet filtering based on the state of the connection to a device. The combined solution will add a layer of protection against threats such as packet floods, request storms, port scans, malformed IP packets and corrupted Ethernet frames. It is designed to meet ANSI/ISA/IEC/TS 62443 standards for cyber security. The system is designed explicitly for use in embedded devices with limited memory and processor speeds that require secure network implementation certified to standards such as the ISASP 99 which is measured by the Wurldtech Achilles® Test Platform. Get more details on network security options from Quadros Systems: Embedded Firewall Application Security (SSL/TLS) IP layer Security Achilles Test Suite Consulting Services ...
Are you well-positioned for the Internet of Things?
Kaivan Karimi of Freescale has written an excellent overview of the Internet of Things (IoT): “Will the Internet of Things (IoT) turn your smart phone into the center of the universe?” We agree with his assessment that the smart phone may be one of the many hubs or gateways used to query or analyze Big Data from sensing and other smart devices but it is much more likely that Wi-Fi and Weightless will win out as the networks of choice for IoT over the LTE network (or its successors). Wireless network operators are clearly positioning themselves as key players in the evolving IoT space as are Internet ISPs and cable providers. And Verizon is well positioned in telematics, as well. But The IoT future is much larger than connecting consumer appliances and personal information devices. And it is larger than telematics. Karimi says that rolling out IoT is like rolling out the largest control data network in the world: Home Automation, Education, Supply Chain, Auto Safety, Security, Goods Tracking, Farms, Energy Management, Transportation, Health, Lighting–these are only some of the sub-networks that will form the massive IoT. Chris Rezendez from INEX Advisors writes in the March 12 Issue of the Boston Business Journal, “IoT, M2M connected device solutions are about as broad as you can imagine. All form factor, configuration and functional footprint of unattended, headless, embedded and discrete devices with some combination of sensing, processing and communications.” Quadros Systems has been active in smart devices and intelligent gateways for many years. Our customers are already building out early IoT networks on factory floors, in smart buildings, in hospitals and clinics. And we have new developments underway for network security and enhanced wireless connectivity. As Rezendez writes, “The people and organizations that heard the gun go off months, or years ago who are hard at work on the nth generation of their solution, expanding into their phase II markets, and simply going about the business of building out IoT and M2M markets.” Find out more about how Quadros Systems can help position you for success in this active and growing market space. ...