Hard to hack a person. Sounds like sacrificing security to save a buck if that’s the only reason, especially considering you’re not just paying for a tool when you network it.
People are actually the easiest to hack. That’s why social engineering is such a huge security risk, why employees have minimum amount of access required to systems, why corporate laptops are so locked down, and why huge phishing assessments are done.
It’s just that we are more accustomed to monitoring people, and it also gives a focus that everyone understands that can take the blame for mistakes.
Sorry, I assumed the context was obvious, but it’s hard to hack a person standing there turning a wrench.
What’s easier to hack? That person standing there turning a wrench or a network connected wrench? Especially considering the points you made; the wrench turner probably has access to less than the network connected wrench.
God, I hope the wrench has access to less of the network than the employee.
It’s an IoT device.
You never trust IoT.
It should be on an isolated vlan dedicated to the wrenches that allows it connect to its storage server, only.
Putting the wrenches on a pvlan would further limit the scope of any breaches to a single wrench.
Any access to the wrench vlan/pvlan should be from a trusted management vlan. Any traversal of the firewall for this access should be logged.
Ultimately, this is a device being used by a company that requires per-bolt certification of torque. You can bet that every part of their process has an equivalent level of scrutiny, including certification of network security/auditing.
In fact, following sensible IoT network security mitigates all of the CVEs listed - because they need the attacker to have network access.
Sure, most of the CVEs are the stupidest “my-first-web-app” level of mistakes (csrf, xss, directory traversal) and shouldn’t exist. But it’s still an IoT device, and should always be treated as a black box of leaky security regardless of the manufacturer.
Best practice ≠ real world application. Based on my 10+ years in IT I’d be very unsurprised to find that the networked wrench has greater access than the person.
Hard to hack a person. Sounds like sacrificing security to save a buck if that’s the only reason, especially considering you’re not just paying for a tool when you network it.
People are actually the easiest to hack. That’s why social engineering is such a huge security risk, why employees have minimum amount of access required to systems, why corporate laptops are so locked down, and why huge phishing assessments are done.
It’s just that we are more accustomed to monitoring people, and it also gives a focus that everyone understands that can take the blame for mistakes.
Sorry, I assumed the context was obvious, but it’s hard to hack a person standing there turning a wrench.
What’s easier to hack? That person standing there turning a wrench or a network connected wrench? Especially considering the points you made; the wrench turner probably has access to less than the network connected wrench.
God, I hope the wrench has access to less of the network than the employee.
It’s an IoT device.
You never trust IoT.
It should be on an isolated vlan dedicated to the wrenches that allows it connect to its storage server, only.
Putting the wrenches on a pvlan would further limit the scope of any breaches to a single wrench.
Any access to the wrench vlan/pvlan should be from a trusted management vlan. Any traversal of the firewall for this access should be logged.
Ultimately, this is a device being used by a company that requires per-bolt certification of torque. You can bet that every part of their process has an equivalent level of scrutiny, including certification of network security/auditing.
In fact, following sensible IoT network security mitigates all of the CVEs listed - because they need the attacker to have network access.
Sure, most of the CVEs are the stupidest “my-first-web-app” level of mistakes (csrf, xss, directory traversal) and shouldn’t exist. But it’s still an IoT device, and should always be treated as a black box of leaky security regardless of the manufacturer.
Hahahahahaha!!! Does solarwinds123 sound familiar?
Best practice ≠ real world application. Based on my 10+ years in IT I’d be very unsurprised to find that the networked wrench has greater access than the person.