Literally every industry is under cyberattack these days. With summer coming and popular events such as the Olympics, world tennis, and other high profile events scheduled, Fortinet’s Dan Cole offers some perspective on how to keep critical infrastructure safe while balancing high demands and increased user traffic.
An interview with Fortinet’s Dan Cole
I would say that, unlike most enterprises, the majority of stadium users are guests (or attendees) that require significant flux and access requirements in short bursts and for brief intervals of time. Business environments usually have a set mix of traffic types that it needs to deal with (SFDC, mail, certain business applications), and it prioritizes these for business purposes over a set schedule. Traffic variations are usually fairly minimal, and the administrators of the network usually have full control of the network devices and systems they have to maintain within the enterprise.
Stadiums or event locations, on the other hand, have to maintain the logistics and internal network of the official stadium data traffic (think kiosks, team networks, and staff access), while serving up thousands, or in the case of something like an Olympics venue, perhaps millions of concurrent data connections of mobile WiFi traffic to its attendees.
And with the recent increase in value-added services, like the delivery of food/beverages ordered online by attendees, and apps that find, hold, or scan tickets, there is also a need to provide interactions between “external” mobile user traffic and internal or cloud hosted applications. It is a mixture between a Service Provider-like network and something like what a large college campus network has to provide.
Often, the traffic traversing the stadium or event site contains payment information and other sensitive financial or personal data, whereas Service Providers and college campuses may not have to deal with that headache. A stadium network may have to both provide secure transactions environments while also offering Internet service to tens of thousands of “untrusted”, yet business-friendly wireless fans. Those fans may all have very different backgrounds with respect to cybersecurity.
Usually, addressing a set of problems within the security space starts with a good foundation, which includes some key architectural soundness within the infrastructure being developed. There are products that can help with the process of segmenting and logically segregating the various users types or classes described above.
At the same time, considering the variety of user types and classes, along with their access rights and the network paths that they take is needs to be part of the initial design and product selection process. For example, do the kiosks selling hot dogs and burgers need to be on the same network as the staff members providing maintenance for the building? Should teams and their players have their own dedicated access environment to keep their play calls and communications from prying eyes (i.e. the NFL Patriot and Cardinal scandal)? Should attendees be allowed to communicate with other attendees over wifi, or is this an app and Internet only access zone?
Once each of these network categories and use cases are clearly defined and mapped out, the technology questions can then be addressed and sent down the right path fairly quickly.
Being that hacking could literally come from any direction or threat vector – from the internal or external perimeter, to an IOT device, all the way to the cloud there is a lot of potential risk here. A sound and secure network infrastructure must look at each segment of the environment, carve out and protect vulnerable assets, and then increase additional security precautions in the areas in which an attack attempt will most likely be initiated from.
Technologies like enterprise firewalls (and their security service capabilities), wireless security products, specific application security systems, and advanced malware platforms all are great things to consider when building an end-to-end defense strategy. Of course, common sense network design and good security practices should not be overlooked. Great security starts with a great foundation, which spans from physical access all to the way to the applications and data being served. Frankly, you need a security fabric approach to really be proactive.
Per the latest security trend reports (Verizon BDIR 2016), 89% of breaches are financially or espionage motivated. Although hacking into a stadium electronic billboard, or an opposing team’s plays may sound enticing for some, for the vast majority of cybercriminals, it’s all about getting to the financial data. And unprotected and unprepared users are the primary access points into such gold mines. I think the largest risk is that someone in attendance is looking to attack or mine the rich environment they are in. Therefore, in my opinion, the fans on the stadium Wi-Fi are probably the #1 target.
Here are some specific exploit possibilities:
1) Targeting certain apps on mobile devices that allow for the (unintentionally) direct and personal access into the data stored on that device. Passwords, emails, and even credit card info is now stored on most mobile devices today.
2) Exploiting the stadium app (or apps) that everyone is accessing, and loading some sort of a malware that will then be downloaded to connected mobile devices. Think of it as a Trojan horse or backdoor agent that could provide access to a fan’s personal network when he or she returns back to their home or business after the game.
There are some mechanisms within wireless technologies that prevent wireless users from communicating with each other. You can even enforce certain security filters and firewall policies to prevent such interactions. This could help with the first potential attack.
Apps and websites can also be safeguarded from exploitation with a good WAF and Firewall solution in place, which can filter out most of the potentially bad users trying to pinpoint a web or an application’s vulnerability. Even technologies like Sandboxing and Malware inspection systems can help analyze files tbeing transmitted to and from the network to ensure that there isn’t any malicious code residing within the network waiting to target the next vulnerable host.