Reacting to reports that a long-term hack of Nortel Network’s systems could result in security issues for users of the firm’s telecom hardware, AlienVault says the businesses have traditionally tended to ignore the telecoms security issue in favour of their Internet security.
The good news, the Unified Security Information and Event Management (SIEM) solutions specialist says, is that this attitude is changing - but as the Nortel incident shows, there is still a long way to go before telecoms systems have anywhere near the level of security protection that Internet systems clearly have.
According to Jaime Blasco, head of labs at AlienVault, hackers – probably from China – have been quietly spying on Nortel’s platforms for almost a decade, if an article in the Wall Street Journal is to be believed.
“And here’s the bad news: the hackers reportedly have had access to pretty much everything on Nortel’s servers - including business plans, reports, emails and other documents - after they cyberheisted senior management user credentials and then installed monitoring spyware once they were in to the systems concerned,” he said.
“The big question that Nortel’s many clients will now be asking is: how did this go on for so long? - and how does this affect them? The answer to the former question will probably never be known, but the latter question depends on the level of security defences that the clients have on their telecoms systems,” he added.
“The situation is made more complex by the fact that, when Nortel filed for bankruptcy some three years ago, its telecoms kit was – and still is - widely used. In addition, many of its assets were sold on to other communications vendors, including Avaya and Ericsson, to mention but a few,” he added.
“What this does show” says Blasco, “is that yet again we have another clue that Chinese companies are stealing and using intellectual property to dominate the market and eventually target foreign organisations. It’s also interesting to note that one Telecom industry veteran tweeted on the Internet that around 2004, it was clear to many that Huawei was copying Nortel’s telecom hardware, even its instruction manuals.”
Quite how these other vendors will react – or their clients – remains to be seen, the AlienVault researcher went on to say, but there is clearly a requirement for users of telecoms systems to review their security arrangements, assuming they have not already done so.
The problem facing users of affected systems is that their existing IT security platform probably does not fully extend to cover their telecoms hardware and software.
Coupled with the fact that a growing number of companies are now using Internet telephony systems, Blasco says that the overlap between Internet-facing systems and telecoms systems needs to be addressed.
The good news, he adds, is that there are a wealth of open source utilities available - and which can be cost-effectively deployed to defend a firm’s IT and telecoms systems, without breaking the bank.
These utilities, he explained, include OSSIM - Open Source Security Information Management - a collection of tools designed to aid network administrators in computer security, intrusion detection and prevention.
The idea behind OSSIM, says Blasco, is to provide a comprehensive collection of tools to give an administrator a view of all the security-related aspects of their system.
“OSSIM also supports a strong correlation engine, with detailed low-, mid- and high-level visualisation interfaces, as well as reporting and incident managing tools. The ability to act as an intrusion-prevention system based on correlated information from virtually any source makes it a very useful security tool,” he said.
“All this information can be filtered by networks or sensors in order to provide just the level of information needed by specific users, so allowing for a fine grained multi-user security environment. Using this approach allows IT admins to ensure the highest levels of security for their telecoms kit, as well as increase security levels on their IT systems,” he added.