Nettitude Blog

Remote Access Solutions | Part 2 – Security challenges around remote communications at sea | Nettitude

Posted by Nettitude on Feb 21, 2020 3:51:01 PM

By Graham Sutherland, Senior Vulnerability Researcher

Untitled design (11)

Developing and implementing secure remote access solutions can be a challenge in itself. As new threats continue to emerge and existing threats evolve, ensuring both your physical communications infrastructure and your communications operations are secure is vital to the day to day operations of your business. However, when factoring in the challenges of remote communications at sea, things can begin to get even more tricky if you don’t follow the correct procedures for establishing secure methods of remote communication.

At sea, the two main challenges are availability of resources and connectivity. These two factors have over the past decade have been the driving force for continual development of remote access solutions. Whilst today, we are in one of the best positions to defend our assets against ongoing threats, there are still an extensive set of considerations to be made when evaluating an approach or vendor offering.

Below, we will outline 9 key considerations which must be made when implementing remote access communications.

  1. General application security of the management platform front-end – an attacker who gains access to the front-end may be able to perform unauthorised operations on a ship’s systems.
  2. General application security of agent software – the agent software on the gateway must not allow unauthorised users to access its features or the services it brokers access to.
  3. User authentication (two factor auth, active directory integration, etc.) – strong user access controls help prevent password guessing attacks, credential theft and credential stuffing attacks.
  4. User enrolment and deactivation – adding new users is a security-critical activity that must be closely controlled and monitored, and user deactivation is an often-forgotten procedure when staff leave an organisation.
  5. Access control (enforcement, permission granularity, etc.) – user rights administration must be granular enough to allow for meaningful separation of user roles, and those rights must be correctly enforced by the solution as to avoid unauthorised access to functionality.
  6. Auditing and logging – while restrictive security controls are the first line of defence, auditing and logging help quickly identify accounts that have been compromised or misused. An audit trail is an invaluable piece of the puzzle in an incident response scenario.
  7. Communications between the management platform and agent, in particular resistance to man-in-the middle (MitM) attacks – security controls that validate the identity and authenticity of a user are ultimately invalidated if an attacker can steal credentials as they travel over the network or hijack legitimate user connections, so transport security (e.g. SSL/TLS) is important.
  8. On-ship communications between the agent and telemetry technologies (if applicable) – care must be taken to avoid allowing access between the general IT network on a ship and the separate network segment used by operational devices and sensors (e.g. GPS, AIS, engine management). This has, in our experience, been a key point of failure in many solutions.
  9. Ability to update the gateway device and agent software remotely without significant impediment – remote updates must be applied in a timely manner, which can be difficult on ships due to their limited internet connectivity. Software updates must also be appropriately verified for authenticity and integrity, to prevent an attacker from delivering a malicious update. It is important to ensure that each of these items are considered and assessed in order to help reduce the likelihood of security vulnerabilities which enable attackers to gain access to ships’ systems.

 

So, there you have our 9 advised considerations which should be made when implementing remote access communications. For more information on this, please view our full research report.

Topics: Cyber Security, Nettitude, News, Security Blog, Cyber Security Blog, Download Area

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

In 2018, Nettitude became part of Lloyd’s Register, an 8,000 person strong professional services organisation, with 300 years of heritage in safety and risk management. Nettitude now provides true global coverage, through a network of over 180 offices strategically placed around the globe.

Subscribe Here!

Recent Posts