Aircraft Network Security and Compliance...3 Network Security Risks • Data theft or disruption of...
Transcript of Aircraft Network Security and Compliance...3 Network Security Risks • Data theft or disruption of...
Aircraft Network Security
and Compliance
Presented by:
John Zban
Tuesday, March 22nd | 8:00 a.m. – 9:15 a.m.
International Operators Conference | San Diego, CA | March 21 – 24, 2016
2
John Zban• MCSA, MCSE, CCNA, CET, Aero IT
– CIO, Satcom Direct
– 25 years in IT
– 10 years with Satcom Direct
– Aircraft Network Support
– Aircraft Network Engineering
– Development and Deployment of
Value Added Services, Products and
Terrestrial Infrastructure
3
Network Security Risks
• Data theft or disruption of network systems is a critical issue, costing money,
downtime and possible embarrassment to a company
• Methods range from social engineering attacks to theft of passwords and
credentials, spam, malware and more
• Measures must be taken within all environments for data to be secure
• Remote locations must follow the same policies set forth by a company
• Users have a responsibility to help secure data
– Being educated
– Following corporate policies and procedures
– Know what you are connected to
4
Network Security Risks
• Common types of network threats:
– Evil Twin/Rogue Access points
– Spear Phishing
– Command-and-Control Malware
– Advanced Persistent Threats
5
Network Security Risks
• Common types of network threats:
– Evil Twin/Rogue Access Points: often close to, or while parked at an FBO
– A user unknowingly associates with a rogue or fake wireless access point that
has the same name as the legitimate access point
• The intent is to capture/steal data passing through the rogue access point
6
Network Security Risks
• Spear Phishing
• An email which appears to be from a
known individual or business but is not:
– Typically targets a specific
organization or group (the execs
on the AC)
– Intent is to get credit card, bank
account numbers, passwords,
trade secrets, etc., typically by
clicking a link to enter information
– End user (employee) can decide to
click the rogue link
7
Network Security Risks
• Command-and-Control Malware
• Malware that is unknowingly installed and will conduct a “call-home” to fetch
updates and instructions from the Command-and-Control servers
– Will also send back stolen information
8
Network Security Risks• APT (Advanced Persistent Threats)
– An Advanced Persistent Threat is a
network attack in which a person
gains access to a network (through a
variety of sources) and resides
undetected for an extended period of
time
• The goal is typically to steal data
undetected rather than cause
damage to the network
• Typically targeted toward high-
value sectors, such as national
defense, manufacturing and
financial
1. RECONNAISSANCEAttacker leverages information from a
variety of factors to understand their
target.
2. INCURSIONAttackers break into network by using
social engineering to deliver targeted
malware to vulnerable systems and
people.
3. DISCOVERYOnce in, the attackers stay “low and
slow” to avoid detection.
They then map the organization’s
defenses from the inside and create a
battle plan and deploy multiple parallel
kill chains to ensure success.
4. CAPTUREAttackers access unprotected systems
and capture information over an
extended period.
They may also install malware to
secretly
acquire data or disrupt operations.
5. EXFILTRATIONCaptured information is sent back to
attack team’s home base for analysis
and
further exploitation fraud – or worse.
9
Multiple Networks
• Multiple Internet gateways increase your
exposure
– Having multiple Internet connections
adds to the complexity
• No single monitoring/filtering for
exiting traffic
• No guaranteed compliance
policy application
• No central logging capability
• Allows for multiple attack entry
points
10
Forced Routing
• Inmarsat Swift Broadband
– China SAS: When entering Chinese
airspace, all traffic will be transferred
to the Chinese SAS
– Russia SAS: When entering Russian
airspace, all traffic will be transferred
to the Russian SAS
Risk Mitigation
12
The Wall
• Stopping all malicious activity isn’t possible
– The wall will stop 99%
– Mitigation, mitigation, mitigation
– Monitor everything
– Sense change
– Act to remove the threat
13
What Can We Do?
• Protect your aircraft network
– Password protect your Wi-Fi network
– Know what network you are connected to
– Use strong passwords
– Use caution and common sense
– Understand that security is not convenient
14
What Can We Do?
• Be a smart computer user
– Check links in emails (hover over it)
– Be skeptical of ANY attachment
– Use caution and common sense
– Verify if you have any doubts
– Involve your IT Department; they are the
experts
15
What Can We Do?
• Careful when installing software!
– LOOK and READ each Pop Up!
– Avoid unfamiliar downloads
– Use caution and common sense
– Obey your corporate policies
16
Forced Routing Mitigation
• Talk to your service provider
– Ask about notification options
– Ask about encryption options
– Ask about private network options
– Limit transmission of highly sensitive data
– If the risk is considered too great, turn the
system off if corporate policy so requires
17
Flight Tracking Data Protection
• Talk to your service provider
• Understand tracking data sources and methodology
– Ask about service provider options
– Understand the sources of tracking data
– Choose the one that’s right for you and the
hardware on your aircraft
– Understand the BARR and how it works